Visible to the public Attacking IEC-60870-5-104 SCADA Systems

Submitted by aekwall on Mon, 03/16/2020 - 10:29am
TitleAttacking IEC-60870-5-104 SCADA Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsRadoglou-Grammatikis, Panagiotis, Sarigiannidis, Panagiotis, Giannoulakis, Ioannis, Kafetzakis, Emmanouil, Panaousis, Emmanouil
Conference Name2019 IEEE World Congress on Services (SERVICES)
KeywordsAccess Control, AlienVault's risk assessment, coloured Petri Net, compositionality, Cyber Attacks, cyberattack, electrical grid, European energy sector, Human Behavior, IEC 60870 5 104, IEC 60870-5-104 protocol, IEC standards, IEC-60870-5-104 SCADA systems, information and communications technology services, Internet of Things, Internet of Things devices, OSSIM, Petri nets, power engineering computing, Power supplies, power system security, process control, Protocols, pubcrawl, Resiliency, risk management, SCADA Security, SCADA systems, SCADA Systems Security, SCADA threat model, security of data, SG, Smart grid, smart power grids, supervisory control and data acquisition systems, threat modelling
AbstractThe rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.
DOI10.1109/SERVICES.2019.00022
Citation Keyradoglou-grammatikis_attacking_2019
Groups: