research-article

On Practical Threat Scenario Testing in an Electric Power ICS Testbed

Authors:

Nils Ole Tippenhauer,

Daisuke Mashima,

Binbin ChenAuthors Info & Claims

CPSS '18: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security

Pages 15 - 21

https://doi.org/10.1145/3198458.3198461

Published: 22 May 2018 Publication History

Abstract

Industrial control system networks in real world usually require a complex composition of many different devices, protocols, and services. Unfortunately, such practical setups are rarely documented publicly in sufficient technical detail to allow third parties to use the system as reference for their research. As a result, security researchers often have to work with abstract and simplified system assumptions, which might not translate well to practice. In this work, we provide a comprehensive overview of the network services provided by industrial devices found in the EPIC (Electric Power and Intelligent Control) system at SUTD. We provide a detailed network topology of the different network segments, enumerate hosts, models, protocols, and services provided. We argue that such a detailed system description can serve as an enabler for more practical security research. In particular, we discuss how the reported information can be used for emulating a diverse set of important threat scenarios in the smart grid domain. In addition, the provided details allow other researchers to build more detailed models or simulations.

References

[1]

2017. CRASHOVERRIDE: Analysis of the Threat to Electric Grid Operations. {Online}. Available: https://dragos.com/blog/crashoverride/CrashOverride-01. pdf. (2017). (Date last accessed on Aug. 18, 2017).

[2]

2017. CrashOverride Malware. {Online}. Available: https://www.us-cert.gov/ ncas/alerts/TA17--163A. (2017). (Date last accessed on Aug. 18, 2017).

[3]

Sridhar Adepu and Aditya Mathur. 2016. Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant. In Proceedings of the ACM Asia Conference on Computer and Communications Security. ACM, 449--460.

Digital Library

[4]

U. Adhikari, T.H. Morris, and Shengyi Pan. 2014. A cyber-physical power system test bed for intrusion detection systems. In Proceedings of IEEE PES General Meeting. 1--5.

[5]

Daniele Antonioli and Nils Ole Tippenhauer. 2015. MiniCPS: A Toolkit for Security Research on CPS Networks. In Proceedings of ACM Workshop on CyberPhysical Systems-Security and/or PrivaCy (CPS-SPC). ACM, New York, NY, USA, 91--100.

Digital Library

[6]

Aditya Ashok, Pengyuan Wang, Matthew Brown, and Manimaran Govindarasu. 2015. Experimental evaluation of cyber attacks on Automatic Generation Control using a CPS Security Testbed. In Proceedings of IEEE Power Energy Society General Meeting. 1--5.

[7]

Richard Candell, Timothy Zimmerman, and Keith Stouffer. 2015. An industrial control system cybersecurity performance testbed. National Institute of Standards and Technology. NISTIR 8089 (2015).

[8]

Defense Use Case. 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid. (2016).

[9]

Justyna Joanna Chromik, Boudewijn RHM Haverkort, Anne Katharina Ingrid Remke, Carina Pilch, Pascal Brackmann, Christof Duhme, Franziska Everinghoff, Artur Giberlein, Thomas Teodorowicz, and Julian Wieland. 2017. Context-aware local Intrusion Detection in SCADA systems: a testbed and two showcases. In 8th IEEE International Conference on Smart Grid Communications, SmartGridComm 2017.

[10]

Frances Cleveland. 2005. IEC TC57 Security standards for the power system's information infrastructure-beyond simple encryption. In Proceedings of Transmission and Distribution Conference and Exhibition, Vol. 2006. 1079--1087.

[11]

David Formby, Srikar Durbha, and Raheem Beyah. 2017. Out of control: Ransomware for industrial control systems. (2017). www.cap.gatech.edu/ plcransomware.pdf

[12]

J. Giraldo, E. Sarkar, A. A. Cardenas, M. Maniatakos, and M. Kantarcioglu. 2017. Security and Privacy in Cyber-Physical Systems: A Survey of Surveys. IEEE Design Test 34, 4 (Aug 2017), 7--17.

[13]

Benjamin Green, Anhtuan Lee, Rob Antrobus, Utz Roedig, David Hutchison, and Awais Rashid. 2017. Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research. In Proceedings of USENIX Workshop on Cyber Security Experimentation and Test (CSET). USENIX Association.

[14]

Prageeth Gunathilaka, Daisuke Mashima, and Binbin Chen. 2016. SoftGrid: A Software-based Smart Grid Testbed for Evaluating Substation Cybersecurity Solutions. In Proceedings of ACM Workshop on Cyber-Physical Systems Security &Privacy (CPS-SPC). ACM, 113--124.

Digital Library

[15]

A. Hahn, A. Ashok, S. Sridhar, and M. Govindarasu. 2013. Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid. IEEE Transactions on Smart Grid 4, 2 (2013), 847--855.

[16]

R Kuffel, J Giesbrecht, T Maguire, RP Wierckx, and P McLaren. 1995. RTDS-a fully digital power system simulator operating in real time. In Proceedings of Conference on Communications, Power, and Computing (WESCANEX), Vol. 2. IEEE, 300--305.

[17]

RE Mackiewicz. 2006. Overview of IEC 61850 and Benefits. In Proceedings of Power Systems Conference and Exposition (PSCE). IEEE, 623--630.

[18]

Daisuke Mashima, Prageeth Gunathilaka, and Binbin Chen. 2018. Artificial Command Delaying for Secure Substation Remote Control: Design and Implementation. (2018). To appear in IEEE Transactions on Smart Grid.

[19]

Sakis Meliopoulos, George Cokkinides, Rui Fan, Liangyi Sun, and Bai Cui. 2016. Command authentication via faster than real time simulation. In Proceedings of Power and Energy Society General Meeting (PESGM). IEEE, 1--5.

[20]

National Electric Sector Cybersecurity Organization Resource (NESCOR). 2013. Electric Sector Failure Scenarios and Impact Analyses. (2013).

[21]

Chih-Che Sun, Junho Hong, and Chen-Ching Liu. 2015. A co-simulation environment for integrated cyber and power systems. In Proceedings of Conference on Smart Grid Communications (SmartGridComm). IEEE, 133--138.

[22]

Song Tan, Wen-Zhan Song, Steve Yothment, Junjie Yang, and Lang Tong. 2015. ScorePlus: An integrated scalable cyber-physical experiment environment for Smart Grid. In Proceedings of Conference on Sensing, Communication, and Networking (SECON). IEEE, 381--389.

[23]

William G. Temple, Binbin Chen, and Nils Ole Tippenhauer. 2013. Delay Makes a Difference: Smart Grid Resilience Under Remote Meter Disconnect Attack. In Proceedings of the IEEE Conference on Smart Grid Communications (SmartGridComm).

[24]

David Urbina, Jairo Giraldo, Alvaro A. Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting The Impact of Stealthy Attacks on Industrial Control Systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[25]

V. Urias, B. Van Leeuwen, and B. Richardson. 2012. Supervisory Command and Data Acquisition (SCADA) system cyber security analysis using a live, virtual, and constructive (LVC) testbed. In Proceedings of Military Communications Conference (MILCOM). 1--8.

[26]

T. Weber. 2017. Critical CODESYS vulnerabilities in WAGO PFC 200 Series. (2017). https://www.sec-consult.com/en/blog/advisories/ wago-pfc-200-series-critical-codesys-vulnerabilities/index.html

[27]

Joseph M Weiss. 2007. Control Systems Cyber Security-The Need for Appropriate Regulations to Assure the Cyber Security of the Electric Grid. (2007). US Congress Testimony, October.

[28]

Willem Westerhof. 2017. SMA Vulnerabilities. (2017). https://horusscenario. com/practical-proof/

[29]

Kim Zetter. 2016. Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid. {Online}. Available: http://www.wired.com/2016/03/ inside-cunning-unprecedented-hack-ukraines-power-grid/. (2016). (Date last accessed on Jun. 7, 2017).

Cited By

Esiner ETefek UMashima DChen BKalbarczyk ZNicol D(2023)Message Authentication and Provenance Verification for Industrial Control SystemsACM Transactions on Cyber-Physical Systems10.1145/36071947:4(1-28)Online publication date: 14-Oct-2023
https://dl.acm.org/doi/10.1145/3607194
Alves DApolinário FPacheco BEscravana NGrilo A(2023)Calculating Business Impact Assessment of Cyber-Threats2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539457(01-08)Online publication date: 12-Oct-2023
https://doi.org/10.1109/WF-IoT58464.2023.10539457
Lin WSaifuddin MChen B(2023)The Design and Implementation of a Cyber Exercise on EPIC Microgrid Testbed2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm57358.2023.10333919(1-7)Online publication date: 31-Oct-2023
https://doi.org/10.1109/SmartGridComm57358.2023.10333919
Show More Cited By

Index Terms

On Practical Threat Scenario Testing in an Electric Power ICS Testbed
1. Security and privacy
  1. Security in hardware
    1. Embedded systems security

Recommendations

IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems
RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable ...
Semantic web service composition testbed

A huge amount of web services are deployed on the Web, nowadays. These services can be used to fulfill online requests. Requests are getting more and more complicated over time. So, there exists a lot of frequent request that cannot be fulfilled using ...
Education for Electric Power Engineering

This invited paper was presented at the Second Panamerican Congress of Mechanical and Electrical Engineering. A one-year graduate program in electric power engineering has been in operation at Rensselaer Polytechnic Institute since the fall of 1962; it ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPSS '18: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security

May 2018

79 pages

ISBN:9781450357555

DOI:10.1145/3198458

Program Chairs:
Dieter Gollmann
Hamburg University of Technology, Germany &NTU, Singapore
,
Jianying Zhou
SUTD, Singapore

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Research Foundation Prime Minister's Office Singapore

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

CPSS '18 Paper Acceptance Rate 6 of 24 submissions, 25%;

Overall Acceptance Rate 43 of 135 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
450
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Esiner ETefek UMashima DChen BKalbarczyk ZNicol D(2023)Message Authentication and Provenance Verification for Industrial Control SystemsACM Transactions on Cyber-Physical Systems10.1145/36071947:4(1-28)Online publication date: 14-Oct-2023
https://dl.acm.org/doi/10.1145/3607194
Alves DApolinário FPacheco BEscravana NGrilo A(2023)Calculating Business Impact Assessment of Cyber-Threats2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539457(01-08)Online publication date: 12-Oct-2023
https://doi.org/10.1109/WF-IoT58464.2023.10539457
Lin WSaifuddin MChen B(2023)The Design and Implementation of a Cyber Exercise on EPIC Microgrid Testbed2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm57358.2023.10333919(1-7)Online publication date: 31-Oct-2023
https://doi.org/10.1109/SmartGridComm57358.2023.10333919
Lin WTan HChen BZhang F(2023)DNAttest: Digital-twin-based Non-intrusive Attestation under Transient Uncertainty2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00044(376-388)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00044
Mashima DRoomi MNg BKalberczyk ZSuhail Hussain SChang E(2023)Towards Automated Generation of Smart Grid Cyber Range for Cybersecurity Experiments and Training2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S58398.2023.00024(49-55)Online publication date: Jun-2023
https://doi.org/10.1109/DSN-S58398.2023.00024
Shi LKrishnan SWen S(2022)Study Cybersecurity of Cyber Physical System in the Virtual Environment: A Survey and New DirectionProceedings of the 2022 Australasian Computer Science Week10.1145/3511616.3513098(46-55)Online publication date: 14-Feb-2022
https://dl.acm.org/doi/10.1145/3511616.3513098
Carvalho OApolinário FEscravana NRibeiro CHong JBures MPark JCerny T(2022)CIIAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507313(124-132)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507313
Coshatt SLi QYang BWu SShrivastava DYe JSong WZahiri F(2022)Design of Cyber-Physical Security Testbed for Multi-Stage Manufacturing SystemGLOBECOM 2022 - 2022 IEEE Global Communications Conference10.1109/GLOBECOM48099.2022.10000849(1978-1983)Online publication date: 4-Dec-2022
https://doi.org/10.1109/GLOBECOM48099.2022.10000849
Roomi MOng WHussain SMashima D(2022)IEC 61850 Compatible OpenPLC for Cyber Attack Case Studies on Smart Substation SystemsIEEE Access10.1109/ACCESS.2022.314402710(9164-9173)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3144027
Tan HMohanraj VChen BMashima DNan SYang A(2021)An IEC 61850 MMS Traffic Parser for Customizable and Efficient Intrusion Detection2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm51999.2021.9632304(194-200)Online publication date: 25-Oct-2021
https://doi.org/10.1109/SmartGridComm51999.2021.9632304
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten