An integrated testbed for locally monitoring SCADA systems in smart grids

A testbed for evaluating if and how process-aware monitoring may increase the security of decentralized SCADA networks in power grids is presented. The testbed builds on the co-simulation framework Mosaik, and co-simulates in an integrated way, the power distribution network on different voltage levels, as well as the control network (Modbus/TCP). The existing simulators were extended to allow topology changes, and a controller (RTU) simulator connected to a SCADA server enabling remote control was implemented. Using the developed testbed, a recently proposed local monitoring approach was investigated. The results show that for so-called interlocks the proposed monitoring approach prevents the execution of 33.3% of the commands, that would result in an unsafe state of the power distribution grid. Furthermore, it is shown that unsafe transformer tap positions can also be avoided. To illustrate the relevance and importance of the proposed testbed, a detailed comparison of related work on process-aware intrusion detection approaches and testbeds combining (parts of) the control network and the power grid is provided.

[1]  Igor Nai Fovino,et al.  Design and Implementation of a Secure Modbus Protocol , 2009, Critical Infrastructure Protection.

[2]  Peter Maynard,et al.  Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks , 2014, ICS-CSR.

[3]  Lamine Mili,et al.  Power system and communication network co-simulation for smart grid applications , 2011, ISGT 2011.

[4]  Shafiullah Khan,et al.  Green Networking and Communications : ICT for Sustainability , 2013 .

[5]  Martin Maier,et al.  Communications and power distribution network co-simulation for multidisciplinary smart grid experimentations , 2012, SpringSim.

[6]  Péter Tamás Szemes,et al.  Proposal of a Secure Modbus RTU Communication with Adi Shamir's Secret Sharing Method , 2018 .

[7]  J. A. Tenreiro Machado,et al.  Towards a classification scheme for musical sounds , 2013, 2013 Signal Processing: Algorithms, Architectures, Arrangements, and Applications (SPA).

[8]  Binbin Chen,et al.  An active command mediation approach for securing remote control interface of substations , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Boudewijn R. Haverkort,et al.  What's under the hood? Improving SCADA security with process awareness , 2016, 2016 Joint Workshop on Cyber- Physical Security and Resilience in Smart Grids (CPSR-SG).

[11]  Rui Fan,et al.  Data Attack Detection and Command Authentication via Cyber-Physical Comodeling , 2017, IEEE Design & Test.

[12]  Aiko Pras,et al.  Intrusion Detection in SCADA Networks , 2010, AIMS.

[13]  Ravishankar K. Iyer,et al.  Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids , 2018, IEEE Transactions on Smart Grid.

[14]  Davide Della Giustina,et al.  Real-Time Low Voltage Network Monitoring—ICT Architecture and Field Test Experience , 2015, IEEE Transactions on Smart Grid.

[15]  Mauricio Papa,et al.  On the use of open-source firewalls in ICS/SCADA systems , 2016, Inf. Secur. J. A Glob. Perspect..

[16]  Steven Liu,et al.  Real-Time Distributed Control of Low-Voltage Grids With Dynamic Optimal Power Dispatch of Renewable Energy Sources , 2019, IEEE Transactions on Sustainable Energy.

[17]  Markus Kucera,et al.  Comparison of smart grid architectures for monitoring and analyzing power grid data via Modbus and REST , 2017, EURASIP J. Embed. Syst..

[18]  Abdalkarim Awad,et al.  SGsim: Co-simulation Framework for ICT-Enabled Power Distribution Grids , 2016, MMB/DFT.

[19]  T.J. Overbye,et al.  SCADA Cyber Security Testbed Development , 2006, 2006 38th North American Power Symposium.

[20]  Peter Palensky,et al.  Towards a classification scheme for co-simulation approaches in energy systems , 2015, 2015 International Symposium on Smart Electric Distribution Systems and Technologies (EDST).

[21]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[22]  S. Mustard,et al.  Security of distributed control systems: the concern increases , 2005 .

[23]  Stephen F. Bush,et al.  Smart Grid: Communication-Enabled Intelligence for the Electric Power Grid , 2014 .

[24]  Isao Ono,et al.  On detection of cyber attacks against voltage control in distribution power grids , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[25]  Pieter H. Hartel,et al.  Through the eye of the PLC: semantic security monitoring for industrial processes , 2014, ACSAC.

[26]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[27]  Binbin Chen,et al.  SoftGrid: A Software-based Smart Grid Testbed for Evaluating Substation Cybersecurity Solutions , 2016, CPS-SPC '16.

[28]  Mauricio Papa,et al.  A SCADA Intrusion Detection Framework that Incorporates Process Semantics , 2016, CISRC.

[29]  Gianfranco Chicco,et al.  Voltage control in low voltage grids: A comparison between the use of distributed photovoltaic converters or centralized devices , 2017, 2017 IEEE International Conference on Environment and Electrical Engineering and 2017 IEEE Industrial and Commercial Power Systems Europe (EEEIC / I&CPS Europe).

[30]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[31]  Anna Scaglione,et al.  Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[32]  Anna Scaglione,et al.  A hybrid network IDS for protective digital relays in the power transmission grid , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[33]  Boudewijn R. Haverkort,et al.  Improving SCADA security of a local process with a power grid model , 2016, ICS-CSR.

[34]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[35]  Boudewijn R. Haverkort,et al.  Context-aware local Intrusion Detection in SCADA systems: A testbed and two showcases , 2017, 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[36]  Simin Nadjm-Tehrani,et al.  Exploiting Bro for Intrusion Detection in a SCADA System , 2016, CPSS@AsiaCCS.

[37]  Robert K. Abercrombie,et al.  Co-Simulation Platform for Characterizing Cyber Attacks in Cyber Physical Systems , 2015, 2015 IEEE Symposium Series on Computational Intelligence.

[38]  Peter Maynard,et al.  Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[39]  Avishai Wool,et al.  Stealthy Deception Attacks Against SCADA Systems , 2017, CyberICPS/SECPRE@ESORICS.

[40]  Helge Janicke,et al.  Towards a Distributed Runtime Monitor for ICS/SCADA Systems , 2016, ICS-CSR.

[41]  F. Cleveland,et al.  IEC TC57 Security Standards for the Power System's Information Infrastructure - Beyond Simple Encryption , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[42]  Naixue Xiong,et al.  Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information , 2015, Symmetry.

[43]  Frank Kargl,et al.  Sequence-aware Intrusion Detection in Industrial Control Systems , 2015, CPSS@ASIACSS.

[44]  Beibei Li,et al.  BLITHE: Behavior Rule-Based Insider Threat Detection for Smart Grid , 2016, IEEE Internet of Things Journal.

[45]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[46]  Deborah A. Frincke,et al.  CONCERNS ABOUT INTRUSIONS INTO REMOTELY ACCESSIBLE SUBSTATION CONTROLLERS AND SCADA SYSTEMS , 2000 .

[47]  Ravishankar K. Iyer,et al.  Adapting Bro into SCADA: building a specification-based intrusion detection system for the DNP3 protocol , 2013, CSIIRW '13.

[48]  Anna Scaglione,et al.  A Real-Time Testbed Environment for Cyber-Physical Security on the Power Grid , 2015, CPS-SPC@CCS.

[49]  Karl Henrik Johansson,et al.  A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator , 2010, ArXiv.

[50]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[51]  Elias Yaacoub,et al.  Peer-to-Peer Content Sharing Techniques for Energy Efficiency in Wireless Networks with Fast Channel Variations , 2013 .