More Like this

1. DefRec: Establishing Physical FunctionVirtualization to Disrupt Reconnaissance of PowerGrids’ Cyber-Physical Infrastructures

   https://doi.org/ndss.2020.24365  

   Lin, Hui ; Zhuang, Jianing ; Hu, Yih-Chun ; Zhou, Huayu ( January 2020 , The Proceedings of 2020 Network and Distributed System Security Symposium (NDSS))

   Reconnaissance is critical for adversaries to prepare attacks causing physical damage in industrial control systems (ICS) like smart power grids. Disrupting reconnaissance is challenging. The state-of-the-art moving target defense (MTD) techniques based on mimicking and simulating system behaviors do not consider the physical infrastructure of power grids and can be easily identified. To overcome these challenges, we propose physical function virtualization (PFV) that “hooks” network interactions with real physical devices and uses these real devices to build lightweight virtual nodes that follow the actual implementation of network stacks, system invariants, and physical state variations in the real devices. On top of PFV, we propose DefRec, a defense mechanism that significantly increases the effort required for an adversary to infer the knowledge of power grids’ cyber-physical infrastructures. By randomizing communications and crafting decoy data for virtual nodes, DefRec can mislead adversaries into designing damage-free attacks. We implement PFV and DefRec in the ONOS network operating system and evaluate them in a cyber-physical testbed, using real devices from different vendors and HP physical switches to simulate six power grids. The experimental results show that with negligible overhead, PFV can accurately follow the behavior of real devices. DefRec can delay adversaries’ reconnaissance formore »more than 100 years by adding a number of virtual nodes less than or equal to 20% of the number of real devices.« less
2. Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids

   https://doi.org/10.1109/SmartGridComm.2019.8909767  

   Lakshminarayana, Subhash ; Belmega, E. Veronica ; Poor, H. Vincent ( October 2019 , Proceedings of the 10th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm 2019))

   This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid’s transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system’s operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systemsmore »verify the effectiveness of our approach in detecting CCPAs and reducing the operator’s defense cost.« less
3. An Efficient Computational Strategy for Cyber-Physical Contingency Analysis in Smart Grids

   https://doi.org/10.1109/PESGM46819.2021.9637857  

   Emadi, Hamid ; Clanin, Joe ; Hyder, Burhan ; Khanna, Kush ; Govindarasu, Manimaran ; Bhattacharya, Sourabh ( July 2021 , IEEE PES General Meeting)

   The increasing penetration of cyber systems into smart grids has resulted in these grids being more vulnerable to cyber physical attacks. The central challenge of higher order cyber-physical contingency analysis is the exponential blow-up of the attack surface due to a large number of attack vectors. This gives rise to computational challenges in devising efficient attack mitigation strategies. However, a system operator can leverage private information about the underlying network to maintain a strategic advantage over an adversary equipped with superior computational capability and situational awareness. In this work, we examine the following scenario: A malicious entity intrudes the cyber-layer of a power network and trips the transmission lines. The objective of the system operator is to deploy security measures in the cyber-layer to minimize the impact of such attacks. Due to budget constraints, the attacker and the system operator have limits on the maximum number of transmission lines they can attack or defend. We model this adversarial interaction as a resource-constrained attacker-defender game. The computational intractability of solving large security games is well known. However, we exploit the approximately modular behavior of an impact metric known as the disturbance value to arrive at a linear-time algorithm for computing anmore »optimal defense strategy. We validate the efficacy of the proposed strategy against attackers of various capabilities and provide an algorithm for a real-time implementation.« less
4. Leveraging Data-Centric Edge Computing to Defend IoT-based Attacks in Power Grids

   Shrestha, Bibek ; Lin, Hui ( May 2020 , Computer)

   Internet-of-things (IoT) introduce new attack surfaces for power grids with the usage of Wi-Fi enabled high wattage appliances. Adversaries can use IoT networks as a foothold to significantly change load demands and cause physical disruptions in power systems. This new IoT-based attack makes current security mechanisms, focusing on either power systems or IoT clouds, ineffective. To defend the attack, we propose to use a data-centric edge computing infrastructure to host defense mechanisms in IoT clouds by integrating physical states in decentralized regions of a power grid. By enforcing security policies on IoT devices, we can significantly limit the range of malicious activities, reducing the impact of IoT-based attacks. To fully understand the impact of data-centric edge computing on IoT clouds and power systems, we developed a cyber-physical testbed simulating six different power grids. Our preliminary results show that performance overhead is negligible, with less than 5% on average.
5. A Covert System Identification Attack on Constant Setpoint Control Systems

   https://doi.org/10.1109/CANDARW.2019.00070  

   Phillips, Tyler ; Mehrpouyan, Hoda ; Gardner, John ; Reese, Stephen ( November 2019 , 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW))

   Industrial Control Systems (ICS) are the brain and backbone of nation's critical infrastructure such as nuclear power, water treatment, and petrochemical plants. In order to increase interoperability, real-time availability of data, and flexibility, information/communication technologies are adopted in this domain. While these information technologies have been effective, they are integrated into operational technologies without the necessary security defense. Designing an effective, layered security defense is not possible unless security threats are identified through a structural analysis of the ICS. For that reason, this paper provides an attacker's point of view on the reconnaissance effort necessary to gather details of the system dynamics - which are required for the development of sophisticated attacks. We present a reconnaissance approach which uses the system's I/O data to infer the dynamic model of the system. In this effort, we propose a novel cyber-attack which targets the controller proportional-integral-derivative gain values in a constant setpoint control system. Our findings will help researchers design more secure control systems.