Secure Communications in Smart Grid: Networking and Protocols

Abstract The key attributes of a smarter power grid include: pervasive interconnection of smart devices; extensive data generation and collection; and rapid reaction to events across a widely dispersed physical infrastructure. Modern telecommunications technologies are being deployed across power systems to support these monitoring and control capabilities. To enable interoperability, several new communications protocols and standards have been developed over the past 10 to 20 years. These continue to be refined, even as new systems are rolled out. This new hyper-connected communications infrastructure provides an environment rich in sub-systems and physical devices that are attractive to cyber-attackers. Indeed, as smarter grid operations become dependent on interconnectivity, the communications network itself becomes a target. Consequently, we examine cyber-attacks that specifically target communications, particularly state-of-the-art standards and protocols. We further explore approaches and technologies that aim to protect critical communications networks against intrusions, and to monitor for, and detect, intrusions that infiltrate Smart Grid systems.

[1]  G. Manimaran,et al.  Integrated Anomaly Detection for Cyber Security of the Substations , 2014, IEEE Transactions on Smart Grid.

[2]  Eric D. Knapp,et al.  Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[3]  Wei Gao,et al.  Industrial Control System Cyber Attacks , 2013, ICS-CSR.

[4]  Geert Deconinck,et al.  ICT resilience of power control systems: experimental results from the CRUTIAL testbeds , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[5]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 , 2012 .

[6]  Wolfgang Kastner,et al.  Practical Risk Assessment Using a Cumulative Smart Grid Model , 2014, SMARTGREENS.

[7]  Roger L. King,et al.  Cybersecurity risk testing of substation phasor measurement units and phasor data concentrators , 2011, CSIIRW '11.

[8]  Fabio Ricciato,et al.  A review of DoS attack models for 3G cellular networks from a system-design perspective , 2010, Comput. Commun..

[9]  S. Nandi,et al.  Stealth and semi-stealth MITM attacks, detection and defense in IPv4 networks , 2012, 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing.

[10]  K. McLaughlin,et al.  Intrusion Detection System for IEC 60870-5-104 based SCADA networks , 2013, 2013 IEEE Power & Energy Society General Meeting.

[11]  Taeshik Shon,et al.  Novel Approach for Detecting Network Anomalies for Substation Automation based on IEC 61850 , 2014, Multimedia Tools and Applications.

[12]  Karthik Pattabiraman,et al.  A Model-Based Intrusion Detection System for Smart Meters , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[13]  Y. B. Yuan,et al.  Stateful intrusion detection for IEC 60870-5-104 SCADA security , 2014, 2014 IEEE PES General Meeting | Conference & Exposition.

[14]  Thomas Morris,et al.  A testbed for SCADA control system cybersecurity research and pedagogy , 2011, CSIIRW '11.

[15]  Stuart McClure,et al.  Hacking Exposed; Network Security Secrets and Solutions , 1999 .

[16]  G. Manimaran,et al.  Cybersecurity for electric power control and automation systems , 2007, 2007 IEEE International Conference on Systems, Man and Cybernetics.

[17]  Mariusz Stawowski The Principles of Network Security Design , 2007 .

[18]  L Piètre-Cambacédès,et al.  Cybersecurity Myths on Power Control Systems: 21 Misconceptions and False Beliefs , 2011, IEEE Transactions on Power Delivery.

[19]  G. Brunello,et al.  An overview of the IEEE Standard C37.118.2 — Synchrophasor Data Transfer for Power Systems , 2014 .

[20]  Peter Maynard,et al.  Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks , 2014, ICS-CSR.

[21]  Luigi Coppolino,et al.  Exposing vulnerabilities in electric power grids: An experimental approach , 2014, Int. J. Crit. Infrastructure Prot..

[22]  Michael Robinson The SCADA Threat Landscape , 2013, ICS-CSR.

[23]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[24]  Anna Scaglione,et al.  A hybrid network IDS for protective digital relays in the power transmission grid , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[25]  John R. Williams,et al.  Data-Stream-Based Intrusion Detection System for Advanced Metering Infrastructure in Smart Grid: A Feasibility Study , 2015, IEEE Systems Journal.

[26]  Rafael Ramos Regis Barbosa,et al.  Anomaly Detection in SCADA Systems - A Network Based Approach , 2014 .

[27]  Béla Genge,et al.  A connection pattern-based approach to detect network traffic anomalies in critical infrastructures , 2014, EuroSec '14.

[28]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[29]  Mahesh Sooriyabandara,et al.  Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities , 2011, IEEE Communications Surveys & Tutorials.

[30]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[31]  Rayford B. Vaughn,et al.  Deterministic Intrusion Detection Rules for MODBUS Protocols , 2013, 2013 46th Hawaii International Conference on System Sciences.

[32]  Timothy X. Brown,et al.  Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure , 2012, 2012 IEEE Globecom Workshops.

[33]  Mohsen Jafari,et al.  An integrated security system of protecting Smart Grid against cyber attacks , 2010, 2010 Innovative Smart Grid Technologies (ISGT).

[34]  Giovanna Dondossola,et al.  A laboratory testbed for the evaluation of cyber attacks to interacting ICT infrastructures of power grid operators , 2008 .

[35]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[36]  R.E. Mackiewicz,et al.  Overview of IEC 61850 and Benefits , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[37]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[38]  Ejaz Ahmed,et al.  Poisoned GOOSE: Exploiting the GOOSE Protocol , 2014, AISC.

[39]  Carl Kriger,et al.  A Detailed Analysis of the GOOSE Message Structure in an IEC 61850 Standard-Based Substation Automation System , 2013, Int. J. Comput. Commun. Control.

[40]  Richard Bejtlich,et al.  The Practice of Network Security Monitoring: Understanding Incident Detection and Response , 2013 .

[41]  Todd E. Humphreys,et al.  Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks , 2012, Int. J. Crit. Infrastructure Prot..