An experimental investigation of malware attacks on SCADA systems

Fovino, Igor Nai; Carcano, Andrea; Masera, Marcelo; Trombetta, Alberto

doi:10.1016/j.ijcip.2009.10.001

Cited by 89 publications

(39 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Identifying the attack vector that could compromise the system to enable such a scenario is not the main focus of this study. However, the Stuxnet worm together with other studies such as the one performed by Nai Fovino, et al [11] showed that such scenarios are possible in real settings. For instance, corporate firewalls could be compromised by infected user stations within the corporate network.…”

Section: Adversary Model and Attack Scenariomentioning

confidence: 99%

“…In the past CIs were isolated environments and used proprietary hardware and protocols, limiting thus the threats that could affect them. Nowadays CIs, or more specifically Networked Industrial Control Systems (NICS), are exposed to significant cyber-threats; a fact that has been highlighted by many studies on the security of Supervisory Control And Data Acquisition (SCADA) systems [7,11]. The recently reported Stuxnet worm [8] is the first malware specifically designed to attack NICS.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

Genge

Siaterlis

2012

Networking 2012

View full text Add to dashboard Cite

Abstract. The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT) is well known. Although many studies have focused on the security of NICS, today we still lack a proper understanding of the impact that network design choices have on the resilience of NICS, e.g., a network architecture using VLAN segmentation. In this paper we investigate the impact of process control network segmentation on the resilience of physical processes. We consider an adversary capable of reprogramming the logic of control hardware in order to disrupt the normal operation of the physical process. Our analysis that is based on the Tennessee-Eastman chemical process proves that network design decisions significantly increase the resilience of the process using as resilience metric the time that the process is able to run after the attack is started, before shutting down. Therefore a resilience-aware network design can provide a tolerance period of several hours that would give operators more time to intervene, e.g., switch OFF devices or disconnect equipment in order to reduce damages.

show abstract

Section: Adversary Model and Attack Scenariomentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

Genge

Siaterlis

2012

Networking 2012

View full text Add to dashboard Cite

show abstract

“…Nowadays, CIs or more accurately Distributed Control Systems (DCS) are exposed to significant cyber-threats; a fact that has been highlighted by many studies on the security of Supervisory Control And Data Acquisition (SCADA) systems [5], [6], [7].…”

Section: Introductionmentioning

confidence: 99%

Cyber Security Impact on Power Grid Including Nuclear Plant

Soupionis¹,

Piccinelli²,

Benoist³

2016

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-Decentralized Critical infrastructure management systems will play a key role in reducing costs and improving the quality of service of industrial processes, such as electricity production. The recent malwares (e.g. Stuxnet) revealed several vulnerabilities in today's Distributed Control Systems (DCS), but most importantly they highlighted the lack of an efficient scientific approach to conduct experiments that measure the impact of cyber threats on both the physical and the cyber parts of Networked Critical Infrastructures (NCIs). The study of those complex systems, either physical or cyber, could be carried out by experimenting with real systems, software simulators or emulators. Experimentation with production systems suffers from the inability to control the experiment environment. On the other hand the development of a dedicated experimentation infrastructure with real components is often economically prohibitive and disruptive experiments on top of it could be a risk to safety. In this paper, we focus on the implementation of a Cyber-Physical (CP) testbed which includes physical equipment. We illustrate and the cyber security issues on the communication channel between the Critical Infrastructures(CIs), such as a power grid, a nuclear plant and the energy market. We simulate the power grid network (including nuclear plant), but we emulate the Information and Communications Technology (ICT) part which is the focus of our work. Within this context we assume that we are able to implement scenarios, which produce consequences on the normal operation of the power power grid and the financial area.

show abstract

“…It is forecasted that IP-based networks with IPv6 and Supervisory Control And Data Acquisition (SCADA) [1] will provide the communications architecture for substation and distribution automation, advanced metering and home area networking applications for the future Smart Grid [2]. This will lead to many challenging issues in the security of Smart Grid as current SCADA systems are exposed to significant cyber-threats; a fact that has been highlighted by many studies [3], [4]. For example, the recently discovered Stuxnet worm [5] is the first malware that is specifically designed to attack SCADA systems.…”

Section: Introductionmentioning

confidence: 99%

Developing cyber-physical experimental capabilities for the security analysis of the future Smart Grid

Genge

Siaterlis

2011

2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies

View full text Add to dashboard Cite

Abstract-During the evolution of today's power grid to a Smart Grid it is expected that IP-based communication protocols including Supervisory Control And Data Acquisition (SCADA) systems, will form the basis of communications architecture for substation and distribution automation, advanced metering and home area networking applications. However, this will lead to many Smart Grid security challenges -a forecast that is supported by the vulnerability of current SCADA systems. In this paper we examine how our experimental framework that has been developed for the modeling and simulation of local power plants can be extended and efficiently used for the study of complex wide area environments such as the future Smart Grid. We show that our framework is flexible enough to be easily extended with components for satisfying the requirements of a complex environment as the future Smart Grid. The main contribution of the paper is that it proposes a framework for experimenting with the Smart Grid that can be used by researchers to recreate an experimentation environment for measuring and understanding the consequences of cyber attacks on the Smart Grid. The paper also presents the study of a cyber attack involving compromised control hardware and the IEEE 9-bus system. The results confirm that we can experimentally recreate and study oscillations in the power grid caused by adversaries that attack the system through its IP-based control subsystem.

show abstract

An experimental investigation of malware attacks on SCADA systems

Cited by 89 publications

References 16 publications

An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

Cyber Security Impact on Power Grid Including Nuclear Plant

Developing cyber-physical experimental capabilities for the security analysis of the future Smart Grid

Contact Info

Product

Resources

About