g. dondossola, f. garrone, j. szanto rse research context test bed architecture attack model
DESCRIPTION
Experimental evaluation of cyber intrusions into Highly Critical Power Control Systems. G. Dondossola, F. Garrone, J. Szanto RSE Research context Test bed architecture Attack model Attack experiments Cyber-power risk evaluation. DONDOSSOLA – IT – S3 – 0440. Context. - PowerPoint PPT PresentationTRANSCRIPT
Frankfurt (Germany), 6-9 June 2011
G. Dondossola, F. Garrone, J. Szanto
RSE Research context Test bed architecture Attack model Attack experiments Cyber-power risk evaluation
DONDOSSOLA – IT – S3 – 0440
Experimental evaluation of cyber Experimental evaluation of cyber intrusions into Highly Critical Power intrusions into Highly Critical Power
Control SystemsControl Systems
Frankfurt (Germany), 6-9 June 2011
Cyber-power risk assessment Critical communication and control systems in the power
grid operation Cyber threats are increasing with the deployment of
technologies relying on standard units and protocols Sample attack experiments produce inputs to the
calculation of the cyber-power risk index Complex intrusion scenarios involving inter-operator
communications
DONDOSSOLA – IT – S3 – 0440
Context
Frankfurt (Germany), 6-9 June 2011
Interconnected HV/MV distribution networks Substation automation networks Control centre networks ICT management networks
Technical security measures Experiments of cyber threats to critical assets of
the grid control network
DONDOSSOLA – IT – S3 – 0440
Test bed architecture
Frankfurt (Germany), 6-9 June 2011
Possible attack scenarios vary depending on the compromised nodes of the network topology
A full set of compromise paths may be derived from the topological analysis of the grid control network
An attack process is composed of intrusion steps along a given compromise path
Transition times from one step to the next one vary on a step and technique base
The malware development may last several months depending on the difficulty degree of the attack
DONDOSSOLA – IT – S3 – 0440
Attack model (I)
Frankfurt (Germany), 6-9 June 2011
DONDOSSOLA – IT – S3 – 0440
Attack model (II)
Frankfurt (Germany), 6-9 June 2011
Target information exchanged by an emergency control procedure for automatic load shedding Italian grid code
The procedure is based on standard IEC 60870-5-104/TCP communications for the arming
requests between the TSO/DSO centres UDP multicast for the trip commands between the TSO/DSO
substations Attacked networks
DSO substations networks DSO centre networks TSO centre/substation networks
DONDOSSOLA – IT – S3 – 0440
Attack experiments (I)
Frankfurt (Germany), 6-9 June 2011
A malicious insider in the ICT management network identifies the process networks, their interconnection gateways, nodes and services
s/he compromises a workstation for gaining unauthorised remote access to the substation gateway
s/he accesses the process nodes and decides to compromise the substation gateway
s/he develops a malware code interfering with the IEC 6070-5-104 TCP/IP communications
causing the arbitrary trip of the power substation
DONDOSSOLA – IT – S3 – 0440
Attack experiments (II)
Frankfurt (Germany), 6-9 June 2011
DONDOSSOLA – IT – S3 – 0440
Frankfurt (Germany), 6-9 June 2011
Performance measures
Operator’s Interface - warnings
Frankfurt (Germany), 6-9 June 2011
Topological analysis of the grid control network possible compromise paths
ICT management and remote accesses Serious attacks
Network access controls and user authentication mechanisms Advanced security architectures
Results from experiments feed the calculation of the cyber-power risk
Analysis tools increasing the security capabilities in the operation of the power grid
Conclusions
DONDOSSOLA – IT – S3 – 0440
Frankfurt (Germany), 6-9 June 2011
Power Grid Security Flexible/IntegratedMultiple-Operated
Defence Plans Power Grid Operation
Risk Management
Stratified Defence Lines
In-depth Security ICT Protections
Contact Point: [email protected]
DONDOSSOLA – IT – S3 – 0440Do not miss the Poster Session
Wednesday, 8 June 2011