ASTORIA: A framework for attack simulation and evaluation in smart grids

Electric power grids are undergoing a modernization process. By relying on the ICT infrastructure and on Internet connectivity, these so-called Smart Grids are now able to provide new functionalities and to become more efficient. However, despite the existence of a few standards that aim to specify the secure operation of Smart Grids, utility companies do not have a comprehensive set of metrics and evaluation tools for assessing security properties in these infrastructures. Thus, it is necessary to develop new toolsets to provide support for vulnerability analysis in Smart Grids. This paper proposes ASTORIA, a framework developed to allow the simulation of attacks and the evaluation of their impact on Smart Grid infrastructures, using closely-related real devices and real topologies comprising both power grid elements as well as ICT and networking equipment. We anticipate that ASTORIA can be used by Smart Grid operators not only to analyze the impact of malicious attacks and other security threats in different components, but also to permit the development and evaluation of anomaly detection techniques in a simulation environment. Further, we present evaluation scenarios illustrating customizable Smart Grid topologies, comprising sensors, master and remote stations, and using an extensible set of attack profiles.

[1]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[2]  Song Tan,et al.  SCORE: Smart-Grid common open research emulator , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[3]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[4]  Zahir Tari,et al.  SCADASim—A Framework for Building SCADA Simulations , 2011, IEEE Transactions on Smart Grid.

[5]  Igor Nai Fovino,et al.  Evaluating Security and Resilience of Critical Networked Infrastructures after Stuxnet , 2013 .

[6]  Rafael Ramos Regis Barbosa,et al.  Anomaly Detection in SCADA Systems - A Network Based Approach , 2014 .

[7]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[8]  Panayiotis Kotzanikolaou,et al.  Risk Assessment of Multi-Order Dependencies between Critical Information and Communication Infrastructures , 2013 .

[9]  Sandro Bologna,et al.  Critical Information Infrastructure Protection and Resilience in the ICT Sector , 2013 .

[10]  Sandeep K. Shukla,et al.  GECO: Global Event-Driven Co-Simulation Framework for Interconnected Power System and Communication Network , 2012, IEEE Transactions on Smart Grid.

[11]  Jianfeng Ma,et al.  On Network Performance Evaluation toward the Smart Grid: A Case Study of DNP3 over TCP/IP , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[12]  Sean W. Smith,et al.  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems , 2008, SEC.

[13]  David Bailey,et al.  SCADA systems, software and protocols , 2003 .

[14]  Zahir Tari,et al.  SCADAVT-A framework for SCADA security testbed based on virtualization technology , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[15]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[16]  Ieee Catalog Number NOMS 2002 2002 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM , 2002 .