skip to main content


Title: You Can’t Protect What You Don’t Understand: Characterizing an Operational Gas SCADA Network
Natural gas distribution networks are part of a nation’s critical infrastructure, ensuring gas delivery to households and industries (e.g., power plants) with the correct chemical composition and the right conditions of pressure and temperature. Gas distribution is monitored and controlled by a Supervisory Control and Data Acquisition (SCADA) network, which provides centralized monitoring and control over the physical process.In this paper, we conduct the first openly available network measurement study of the SCADA network of an operational large-scale natural gas distribution network. With a total of 154 remote substations communicating through the SCADA system with a Control Room and over 98 days of observation, this is, to the best of our knowledge, the most extensive dataset of this kind analyzed to date.By combining the information obtained from engineering and IEC 104 network traffic, we reconstruct the gas distribution system’s layout, including the type and purpose of the substations and the physical properties of the gas that enters the SCADA system. Our analysis shows that it is possible to extract this information, essential for security monitoring, purely from the raw network traffic and without background knowledge provided by the control system engineers. We also note that configuration changes in SCADA environments, although probably less frequent than in IT environments, are not as rare and exceptional as the research community assumed.  more » « less
Award ID(s):
1929406
NSF-PAR ID:
10397927
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
IEEE SafeThings 2022
Page Range / eLocation ID:
243 to 250
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Traditionally, distribution system operators had limited visibility beyond distribution system substations. It was not unusual for electric utilities to have insufficient information about the network and phase connectivity model for the distribution system. This resulted in limited situational awareness at the distribution system level. In this paper, a visual analytics approach to gleaning intelligence from the vast amounts of data accumulated in the distribution system is proposed. The web-based visual analytics interface integrates data from heterogeneous datasets such as AMI, GIS and SCADA. The interface is designed to enable distribution system operators visualize and analyze the state of the distribution system over time. This paper presents the use of the visual analytics system to identify mismatched meter-to-transformer associations and to visualize voltage violations in a real-world distribution network. 
    more » « less
  2. Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.

     
    more » « less
  3. null (Ed.)
    Abstract—It is well known that physical interdependencies exist between networked civil infrastructures such as transportation and power system networks. In order to analyze complex nonlinear correlations between such networks, datasets pertaining to such real infrastructures are required. However, such data are not readily available due to their proprietary nature. This work proposes a methodology to generate realistic synthetic power distribution networks for a given geographical region. A network generated in this manner is not the actual distribution system, but its functionality is very similar to the real distribution network. The synthetic network connects high voltage substations to individual residential consumers through primary and secondary distribution networks. Here, the distribution network is generated by solving an optimization problem which minimizes the overall length of the network subject to structural and power flow constraints. This work also incorporates identification of long high voltage feeders originating from substations and connecting remotely situated customers in rural geographic locations while maintaining voltage regulation within acceptable limits. The proposed methodology is applied to the state of Virginia and creates synthetic distribution networks which are validated by comparing them to actual power distribution networks at the same location. Index Terms—synthetic distribution networks, radial networks, Mixed Integer Linear Programming 
    more » « less
  4. null (Ed.)
    Renewable energy sources such as solar and wind provide an effective solution for reducing dependency on conventional power generation and increasing the reliability and quality of power systems. Presented in this paper are design and implementation of a laboratory scale solar microgrid cyber-physical system (CPS) with wireless data monitoring as a teaching tool in the engineering technology curriculum. In the system, the solar panel, battery, charge controller, and loads form the physical layer, while the sensors, communication networks, supervisory control and data acquisition systems (SCADA) and control systems form the cyber layer. The physical layer was seamlessly integrated with the cyber layer consisting of control and communication. The objective was to create a robust CPS platform and to use the system to promote interest in and knowledge of renewable energy among university students. Experimental results showed that the maximum power point tracking (MPPT) charge controller provided the loads with power from the solar panel and used additional power to charge the rechargeable battery. Through the system, students learned and mastered key concepts and knowledge of multi-disciplinary areas including data sampling and acquisition, analog to digital conversion, solar power, battery charging, control, embedded systems and software programing. It is a valuable teaching resource for students to study renewable energy in CPS. 
    more » « less
  5. The critical role of gas fired-plants to compensate renewable generation has increased the operational variability in natural gas networks (GN). Towards developing more reliable and efficient computational tools for GN monitoring, control, and planning, this work considers the task of solving the nonlinear equations governing steady-state flows and pressures in GNs. It is first shown that if the gas flow equations are feasible, they enjoy a unique solution. To the best of our knowledge, this is the first result proving uniqueness of the steady-state gas flow solution over the entire feasible domain of gas injections. To find this solution, we put forth a mixed-integer second-order cone program (MI-SOCP)-based solver relying on a relaxation of the gas flow equations. This relaxation is provably exact under specific network topologies. Unlike existing alternatives, the devised solver does not need proper initialization or knowing the gas flow directions beforehand, and can handle gas networks with compressors. Numerical tests on tree and meshed networks indicate that the relaxation is exact even when the derived conditions are not met. 
    more » « less