13 research outputs found
Cybersecurity in Power Grids: Challenges and Opportunities
Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids
Recommended from our members
PowerDuck: A GOOSE Data Set of Cyberattacks in Substations
Power grids worldwide are increasingly victims of cyberattacks, where
attackers can cause immense damage to critical infrastructure. The growing
digitalization and networking in power grids combined with insufficient
protection against cyberattacks further exacerbate this trend. Hence, security
engineers and researchers must counter these new risks by continuously
improving security measures. Data sets of real network traffic during
cyberattacks play a decisive role in analyzing and understanding such attacks.
Therefore, this paper presents PowerDuck, a publicly available security data
set containing network traces of GOOSE communication in a physical substation
testbed. The data set includes recordings of various scenarios with and without
the presence of attacks. Furthermore, all network packets originating from the
attacker are clearly labeled to facilitate their identification. We thus
envision PowerDuck improving and complementing existing data sets of
substations, which are often generated synthetically, thus enhancing the
security of power grids
Recommended from our members
On specification-based cyber-attack detection in smart grids
The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner
Comprehensively Analyzing the Impact of Cyberattacks on Power Grids
The increasing digitalization of power grids and especially the shift towards
IP-based communication drastically increase the susceptibility to cyberattacks,
potentially leading to blackouts and physical damage. Understanding the
involved risks, the interplay of communication and physical assets, and the
effects of cyberattacks are paramount for the uninterrupted operation of this
critical infrastructure. However, as the impact of cyberattacks cannot be
researched in real-world power grids, current efforts tend to focus on
analyzing isolated aspects at small scales, often covering only either physical
or communication assets. To fill this gap, we present WATTSON, a comprehensive
research environment that facilitates reproducing, implementing, and analyzing
cyberattacks against power grids and, in particular, their impact on both
communication and physical processes. We validate WATTSON's accuracy against a
physical testbed and show its scalability to realistic power grid sizes. We
then perform authentic cyberattacks, such as Industroyer, within the
environment and study their impact on the power grid's energy and communication
side. Besides known vulnerabilities, our results reveal the ripple effects of
susceptible communication on complex cyber-physical processes and thus lay the
foundation for effective countermeasures.Comment: 14 pages, 13 figures, accepted at EuroS&P 202