Low-budget Energy Sector Cyberattacks via Open Source Exploitation

Modern cyber warfare involves penetration of a nation’s computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

[1]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[2]  Michail Maniatakos,et al.  Attacking the smart grid using public information , 2016, 2016 17th Latin-American Test Symposium (LATS).

[3]  Sriram Vishwanath,et al.  One breaker is enough: Hidden topology attacks on power grids , 2015, 2015 IEEE Power & Energy Society General Meeting.

[4]  Michail Maniatakos,et al.  GPS spoofing effect on phase angle monitoring and control in a real-time digital simulator-based hardware-in-the-loop environment , 2017, IET Cyper-Phys. Syst.: Theory & Appl..

[5]  Slobodan Pajic,et al.  Power System State Estimation and Contingency Constrained Optimal Power Flow - A Numerically Robust Implementation , 2007 .

[6]  Joe Weiss Aurora generator test , 2016 .

[7]  Robert David Steele Open source intelligence , 2006 .

[8]  Todd E. Humphreys,et al.  GNSS Spoofing and Detection , 2016, Proceedings of the IEEE.

[9]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[10]  U. Sahu,et al.  Robust frequency burst detection algorithm for GSM/GPRS , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[11]  Elliott D. Kaplan Understanding GPS : principles and applications , 1996 .

[12]  Robert Lobenstein,et al.  Eyewitness to dc history , 2008, IEEE Power and Energy Magazine.

[13]  Alejandro D. Dominguez-Garcia,et al.  Spoofing GPS Receiver Clock Offset of Phasor Measurement Units , 2013, IEEE Transactions on Power Systems.

[14]  Henry Dalziel,et al.  Cyber Kill Chain , 2015 .

[15]  Todd E. Humphreys,et al.  Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks , 2012, Int. J. Crit. Infrastructure Prot..

[16]  Srdjan Capkun,et al.  On the requirements for successful GPS spoofing attacks , 2011, CCS '11.

[17]  Carey E. Noll,et al.  The crustal dynamics data information system: A resource to support scientific analysis using space geodesy , 2010 .

[18]  Eric Blossom,et al.  GNU radio: tools for exploring the radio frequency spectrum , 2004 .