Stealthy Rootkit Attacks on Cyber-Physical Microgrids

Rath, Suman; Zografopoulos, Ioannis; Konstantinou, Charalambos

doi:10.1145/3447555.3466576

Cited by 7 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rootkit attacks should represent a crucial part of reliability assessment procedures for certification laboratories, tasked with identifying and eliminating vulnerabilities in embedded control devices and designing experimental testbeds for evaluation of cyber-physical power systems [4], [7]. This paper extends our previous work-in-progress on stealthy rootkit attacks [8], and highlights a potential rootkit attack path after the installation of the malware at multiple locations within the MG. After its deployment, the rootkit aggregates system measurements to build an accurate system replica allowing the estimation of the MG states trajectories; in our case, using a neural network-based approach. We demonstrate different approaches that rootkits could utilize to conceal their presence (during the system information aggregation phase) and disguise the attack impact overcoming existing security fortifications exploiting system state estimations.…”

Section: Introductionmentioning

confidence: 70%

See 1 more Smart Citation

Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Rath¹,

Zografopoulos²,

Vergara³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Embedded controllers, sensors, actuators, advanced metering infrastructure, etc. are cornerstone components of cyber-physical energy systems such as microgrids (MGs). Harnessing their monitoring and control functionalities, sophisticated schemes enhancing MG stability can be deployed. However, the deployment of 'smart' assets increases the threat surface. Power systems possess mechanisms capable of detecting abnormal operations. Furthermore, the lack of sophistication in attack strategies can render them detectable since they blindly violate power system semantics. On the other hand, the recent increase of process-aware rootkits that can attain persistence and compromise operations in undetectable ways requires special attention. In this work, we investigate the steps followed by stealthy rootkits at the process level of control systems pre-and post-compromise. We investigate the rootkits' precompromise stage involving the deployment to multiple system locations and aggregation of system-specific information to build a neural network-based virtual data-driven model (VDDM) of the system. Then, during the weaponization phase, we demonstrate how the VDDM measurement predictions are paramount, first to orchestrate crippling attacks from multiple system standpoints, maximizing the impact, and second, impede detection blinding system operator situational awareness.

show abstract

Section: Introductionmentioning

confidence: 70%

“…In this work, we build on the concept of process level rootkit attacks hiding their presence in cyber-physical MGs [8]. Once the rootkit gains access to various MG elements (e.g., controllers, actuators, etc.…”

Section: Introductionmentioning

confidence: 99%

Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Rath¹,

Zografopoulos²,

Vergara³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…On the other hand, in the advanced persistence threat (APT) case, threat actors might prioritize system persistence, breach of privacy, and long-term system degradation instead of immediate impact, and opt for more sophisticated and stealthy attacks [98]. For instance, attackers could remain in control of the DER device while stealthily performing minute modifications to system parameters or coordinate attacks in ways that will not affect the net system behavior deceiving detection mechanisms [99], [100]. Such stealthy attacks might cause unsafe, unstable, or uneconomic operation of IBRs.…”

Section: B Der Device Levelmentioning

confidence: 99%

“…), since DER devices might be connected in user-owned home networks. Attackers may also be learning the operational patterns of DERs, that is, aggregating enough system information to identify the temporal and spatial conditions which, if satisfied, can maximize the impact of attacks on the grid [99], [101].…”

Section: B Der Device Levelmentioning

confidence: 99%

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

Zografopoulos¹,

Konstantinou²,

Hatziargyriou³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

The digitalization and decentralization of the electric power grid are key thrusts towards an economically and environmentally sustainable future. Towards this goal, distributed energy resources (DER), including rooftop solar panels, battery storage, electric vehicles, etc., are becoming ubiquitous in power systems, effectively replacing fossil-fuel based generation. Power utilities benefit from DERs as they minimize transmission costs, provide voltage support through ancillary services, and reduce operational risks via their autonomous operation. Similarly, DERs grant users and aggregators control over the power they produce and consume. Apart from their sustainability and operational objectives, the cybersecurity of DER-supported power systems is of cardinal importance. DERs are interconnected, interoperable, and support remotely controllable features, thus, their cybersecurity should be thoroughly considered. DER communication dependencies and the diversity of DER architectures (e.g., hardware/software components of embedded devices, inverters, controllable loads, etc.) widen the threat surface and aggravate the cybersecurity posture of power systems. In this work, we focus on security oversights that reside in the cyber and physical layers of DERs and can jeopardize grid operations. We analyze adversarial capabilities and objectives when manipulating DER assets, and then present how protocol and device -level vulnerabilities can materialize into cyberattacks impacting power system operations. Finally, we provide mitigation strategies to thwart adversaries and directions for future DER cybersecurity.

show abstract

“…Clearly, trustworthiness of the communication network is of paramount importance for reliable operation of the control framework present in the microgrid system. However, this may not be the case as inadequate security measures in ICT expose the microgrid to additional cyber vulnerabilities, which may be exploited by malicious actors to jeopardize reliability of the control system and disturb working of the overall vehicular body [16]. These vulnerabilities can either be at the sensor, the communication and/or the controller level.…”

Section: Introductionmentioning

confidence: 99%

Microgrids in mission-critical applications

Rath

Konstantinou

Papari

et al. 2022

Cyber Security for Microgrids

View full text Add to dashboard Cite

Similar to utility grid and other terrestrial microgrids, aircraft electric power systems (EPS) and shipboard microgrids have their own power generation, distribution, utilization and generation storage. The rapid development of power electronics technology has allowed the converters to operate at DC voltage levels required for transmission, distribution and consumption. However, the coordination among power electronic converters can lead to malicious intrusions that aim to manipulate microgrids' operation and cause deviation from their mission-critical objectives. Such manipulations may lead to disturbances during motion, thus posing serious risks to passenger lives and cargo. The disturbances can also affect operations in critical sectors like commercial transportation and defence which may directly influence the global economy and national security. This chapter overviews the industrial security measures considered for microgrids in mission-critical applications, such as those found in electric aircrafts and shipboard power systems, with further insights on vulnerable areas which can be exploited by stealthy attackers.

show abstract

Stealthy Rootkit Attacks on Cyber-Physical Microgrids

Cited by 7 publications

References 5 publications

Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

Microgrids in mission-critical applications

Contact Info

Product

Resources

About