Attacking Power Grid Substations: An Experiment Demonstrating How to Attack the SCADA Protocol IEC 60870-5-104

Erdodi, Laszlo; Kaliyar, Pallavi; Houmb, Siv Hilde; Akbarzadeh, Aida; Waltoft-Olsen, Andre Jung

doi:10.1145/3538969.3544475

Cited by 10 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The approach has thus far consisted of first performing 1. Cyber security attacks on respective systems to identify the attack effects and system behaviours (Erdődi et. al.…”

Section: Cyber Experiments In the Cscmentioning

confidence: 99%

Lessons Learned from Performing Cyber-Security Research on Critical Infrastructures

Simensen,

Toppe,

Jørgensen

2023

Proceeding of the 33rd European Safety and Reliability Conference

View full text Add to dashboard Cite

The last 5 years has marked a paradigm shift when it comes to focus and awareness on cyber security across industries. In Norway this has been strongly motivated by governmental influence through updated rules and regulations. One initiative addressing cyber challenges has been the 4-year cyber research program CybWin (2019-2022) which has had a holistic, practical approach to cyber security of Norwegian critical infrastructures. A cyber security centre (CSC) research infrastructure was established at the Institute for Energy Technology in Norway. The infrastructure was developed iteratively with the needs of increasingly developing cyber research requirements of CybWin, resulting in capabilities to perform controlled cyber-attack experiments on TRL9 system enclaves in Air Traffic Management and Energy grid control systems. The paper presents experiences from cyber research in the CSC in the period 2019-2022 covering technical aspects of the centre, experimental lessons learned regarding target stakeholders such as red-team and blue-team with regards to research focus and experiment fidelity. The experience from performed research indicates a strong need for access to expertise in information technology and operational technology systems and operations, cyber-attack and cyber defence competence, human factors knowledge and experimental research competence for complex systems.

show abstract

“…The approach has thus far consisted of first performing 1. Cyber security attacks on respective systems to identify the attack effects and system behaviours (Erdődi et. al.…”

Section: Cyber Experiments In the Cscmentioning

confidence: 99%

Lessons Learned from Performing Cyber-Security Research on Critical Infrastructures

Simensen,

Toppe,

Jørgensen

2023

Proceeding of the 33rd European Safety and Reliability Conference

View full text Add to dashboard Cite

show abstract

“…In this paper, we utilize the Digital Station (DS) Enclave testbed shown in Figure 3, which covers a complete IEC 61850 substation automation system, to conduct cyber-attacks on IEC 61850 by targeting the PTP. The DS Enclave testbed has been developed as part of the CybWin Project [52] and was earlier used for analysis of different types of cyber-attacks on the SCADA protocol IEC 60870-5-104, which is used for communication between the IEC 61850 substation and the dispatch (control) center [53]. As shown in Figure 3, the digital substation consists of a station bus and a process bus, which are represented in a yellow block and a red block, respectively.…”

Section: Digital Station Enclave Setupmentioning

confidence: 99%

Attacking IEC 61850 Substations by Targeting the PTP Protocol

et al. 2023

Self Cite

View full text Add to dashboard Cite

Digital substations, also referred to as modern power grid substations, utilize the IEC 61850 station and process bus in conjunction with IP-based communication. This includes communication with switch yard equipment within the substation as well as the dispatch center. IEC 61850 is a global standard developed to standardize power grid communications, covering multiple communication needs related to modern power grid substations or digital substations. Unlike the legacy communication standards, IEC 60870-5-104 and DNP3, IEC 61850 is specifically designed for IP-based communication. It comprises several communication models and supports real-time communication by introducing the process bus to replace traditional peer-to-peer communication with standard network communication between substation equipment and the switch yard. The process bus, especially Sampled Measured Values (SMV) communication, in modern power grid substations relies on extremely accurate and synchronized time to prevent equipment damage, maintain power grid system balance, and ensure safety. In IEC 61850, time synchronization is provided by the Precision Time Protocol (PTP). This paper discusses the significance and challenges of time synchronization in IEC 61850 substations, particularly those associated with PTP. It presents the results of a controlled experiment that subjects time synchronization and PTP to cyber-attacks and discusses the potential consequences of such attacks. The paper also provides recommendations for potential mitigation strategies. The contribution of this paper is to provide insights and recommendations for enhancing the security of IEC 61850-based substations against cyber-attacks targeting time synchronization. The paper also explores the potential consequences of cyber-attacks and provides recommendations for potential mitigation strategies.

show abstract

“…The DS enclave is equipped with IECTest, a specialized software conforming to the IEC/104 standard, which we utilized to emulate the operations of a control center [43]. This versatile tool allowed script-based programming, enabling the automation of specific com-mands, such as the opening and closing circuit breakers, to be executed at predetermined times within the experiment's duration.…”

Section: Testlabmentioning

confidence: 99%

“…To assess the precision and attack classification capabilities of the IDS, we selected a set of validated cyber-attacks [43] for implementation in the testbed.…”

Section: Attack Scenariosmentioning

confidence: 99%

Testing Commercial Intrusion Detection Systems for Industrial Control Systems in a Substation Hardware in the Loop Testlab

Storm,

Houmb,

Kaliyar

et al. 2023

Electronics

Self Cite

View full text Add to dashboard Cite

Industrial Control Systems (ICS) are increasingly integrated with Information Technology (IT) systems, blending Operational Technology (OT) and IT components. This evolution introduces new cyber-attack risks, necessitating specialized security measures like Intrusion Detection Systems (IDS). This paper presents our work on both developing an experimental protocol and conducting tests of various IDS types in a digital substation hardware in the loop (HIL) testbed, offering insights into their performance in realistic scenarios. Our findings reveal significant variations in IDS effectiveness against industrial-specific cyber-attacks, with IT-specific IDSs struggling to detect certain attacks and changing testlab conditions affecting the assessment of ICS-specific IDSs. The challenges faced in creating valid and reliable evaluation metrics underscore the complexities of replicating operational ICS conditions. This research enhances our understanding of IDS effectiveness in ICS settings and underscores the importance of further experimental research in HIL testlab environments.

show abstract

Attacking Power Grid Substations: An Experiment Demonstrating How to Attack the SCADA Protocol IEC 60870-5-104

Cited by 10 publications

References 12 publications

Lessons Learned from Performing Cyber-Security Research on Critical Infrastructures

Lessons Learned from Performing Cyber-Security Research on Critical Infrastructures

Attacking IEC 61850 Substations by Targeting the PTP Protocol

Testing Commercial Intrusion Detection Systems for Industrial Control Systems in a Substation Hardware in the Loop Testlab

Contact Info

Product

Resources

About