Cyber Security Impact on Power Grid Including Nuclear Plant
Yannis Soupionis, Roberta Piccinelli, Thierry Benoist
Citation: Proceedings of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 8, pages 767–773 (2016)
Abstract. Decentralized Critical infrastructure management systems will play a key role in reducing costs and improving the quality of service of industrial processes, such as electricity production. The recent malwares (e.g. Stuxnet) revealed several vulnerabilities in today's Distributed Control Systems (DCS), but most importantly they highlighted the lack of an efficient scientific approach to conduct experiments that measure the impact of cyber threats on both the physical and the cyber parts of Networked Critical Infrastructures (NCIs). The study of those complex systems, either physical or cyber, could be carried out by experimenting with real systems, software simulators or emulators. Experimentation with production systems suffers from the inability to control the experiment environment. On the other hand the development of a dedicated experimentation infrastructure with real components is often economically prohibitive and disruptive experiments on top of it could be a risk to safety. In this paper, we focus on the implementation of a Cyber-Physical (CP) testbed which includes physical equipment. We illustrate and the cyber security issues on the communication channel between the Critical Infrastructures(CIs), such as a power grid, a nuclear plant and the energy market. We simulate the power grid network (including nuclear plant), but we emulate the Information and Communications Technology (ICT) part which is the focus of our work. Within this context we assume that we are able to implement scenarios, which produce consequences on the normal operation of the power power grid and the financial area.
- European commission, Directive on European Critical Infrastructures, COUNCIL DIRECTIVE 2008/114/EC, December 2008
- Wolthusen S.D., Modeling critical infrastructure requirements, Information Assurance Workshop, 2004, Proceedings from the Fifth Annual IEEE SMC, pp. 101- 108, 2004, http://dx.doi.org/10.1109/IAW.2004.1437804
- Yampolskiy, M., Sztipanovits, J., Yuan Xue, Koutsoukos, X. D., Horvath, P., Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach, Resilient Control Systems (ISRCS), 2012 5th International Symposium on, pp. 55-62, 2012, http://dx.doi.org/10.1109/ISRCS.2012.6309293
- Zio, E., Sansavini, G., Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating Margins, Reliability, IEEE Transactions on, vol. 60, no. 1, pp. 94-101, 2011, http://dx.doi.org/10.1109/TR.2010.2104211
- Zhu, B., Joseph, A., Sastry, S., A taxonomy of cyber attacks on SCADA systems. In Internet of things (iThings/CPSCom), 2011 international conference on and 4th international conference on cyber, physical and social computing (pp. 380-388). IEEE, October, 2011, http://dx.doi.org/10.1109/iThings/CPSCom.2011.34
- Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A: An experimental investigation of malware attacks on SCADA systems. International Journal of Critical Infrastructure Protection, vol. 2, no. 4, pp. 139-145, 2009, http://dx.doi.org/10.1016/j.ijcip.2009.10.001
- Rysavy, Ondrej, Jaroslav Rab, and Miroslav Sveda. “Improving security in SCADA systems through firewall policy analysis.” In Computer Science and Information Systems (FedCSIS), 2013 Federated Conference on, pp. 1435-1440. IEEE, 2013.
- Chen T, Abu-Nimeh S., Lessons from Stuxnet. Computer 2011; 44(4):913, http://dx.doi.org/10.1109/MC.2011.115
- Fidler D., Tinker, Tailor, Soldier, Duqu: Why cyberespionage is more dangerous than you think. International Journal of Critical Infrastructure Protection 2012;5(1):289, http://dx.doi.org/10.1016/j.ijcip.2011.12.001
- Munro, Kate. “Deconstructing flame: the limitations of traditional defences.” Computer Fraud & Security 2012.10 (2012): 8-11, http://dx.doi.org/10.1016/S1361-3723(12)70102-1
- Siaterlis, C., Garcia, A.P. and Genge, B., 2013. On the use of Emulab testbeds for scientifically rigorous experiments. Communications Surveys & Tutorials, IEEE, 15(2), pp.929-942, http://dx.doi.org/10.1109/SURV.2012.0601112.00185
- Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. Smart Grid, IEEE Transactions on, 4(2), pp.847-855, 2013, http://dx.doi.org/10.1109/TSG.2012.2226919
- Yardley, Tim, Robin Berthier, David Nicol, and William H. Sanders. ”Smart grid protocol testing through cyber-physical testbeds.” In Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES, pp. 1-6. IEEE, 2013, http://dx.doi.org/10.1145/2602575
- Davis, C. M., J. E. Tate, H. Okhravi, C. Grier, T. J. Overbye, and D. Nicol. “SCADA cyber security testbed development.” In Proceedings of the 38th North American power symposium (NAPS 2006), pp. 483-488. 2006, http://dx.doi.org/10.1109/NAPS.2006.359615
- University of Washington - Electrical Engineering, “Power Systems Test Case Archive,” http://www.ee.washington.edu/research/pstca/, 2012, [Online; accessed January 2016].
- Genge, Béla, Christos Siaterlis, and Marc Hohenadel. “AMICI: An assessment platform for multi-domain security experimentation on critical infrastructures.” In Critical information infrastructures security, pp. 228-239. Springer Berlin Heidelberg, 2012, http://dx.doi.org/10.1007/978-3-642-41485-5 20
- White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An integrated experimental environment for distributed systems and networks. In Proc. of the Fifth Symposium on Operating Systems Design and Implementation, pp. 255-270, 2002, http://dx.doi.org/10.1145/844128.844152
- Nai Fovino, I., Masera, M., Guidi, L., Carpi, G.: An Experimental Platform for Assessing SCADA Vulnerabilities and Countermeasures in Power Plants. In Proc. HSI, pp. 679-686, 2010, http://dx.doi.org/10.1109/HSI.2010.5514494
- Bialas, A., 2015, September. Experimentation tool for critical infrastructures risk management. In Computer Science and Information Systems (FedCSIS), 2015 Federated Conference on (pp. 1099-1106). IEEE, http://dx.doi.org/10.15439/2015F77
- Preisler, T., Dethlefs, T., & Renz, W. (2015, September). Simulation as a service: A design approach for large-scale energy network simulations. In Computer Science and Information Systems (FedCSIS), 2015 Federated Conference on (pp. 1765-1772). IEEE, http://dx.doi.org/10.15439/2015F116
- Bunn, Derek W., “Modelling prices in competitive electricity markets,” 2004.
- Arroyo, José M., and Antonio J. Conejo. “Optimal response of a thermal unit to an electricity spot market,” Power Systems, IEEE Transactions on 15.3 (2000): 1098-1104, http://dx.doi.org/10.1109/59.871739
- APX Power Spot Exchange, https://www.apxgroup.com/trading-clearing/spot-market/, last accessed on January 12, 2016
- EEX Power Spot Exchange, https://www.eex.com/en/products/power/power-spot-market, last accessed on January 12, 2016
- World Nuclear Association: htp://www.world-nuclear.org/Information-Library/ last accessed on January 12, 2015.
- Todreas N. E. and Kazimi M. S., Nuclear Systems Volume I: Thermal Hydraulic Fundamentals, CRC press, 2012.
- R.D. Zimmerman, C.E. Murillo-Sanchez, and R.J. Thomas, “MATPOWER: Steady-State Operations, Planning, and Analysis Tools for Power Systems Research and Education, IEEE Trans. on Power Systems, vol. 26, no. 1, pp. 12-19, Febr. 2011, http://dx.doi.org/10.1109/TPWRS.2010.2051168
- Cole S., Belmans R., “MatDyn, A New Matlab-Based Toolbox for Power System Dynamic Simulation”, IEEE Trans. on Power Systems, vol. 26, no. 3, pp. 1129-1136, Aug. 2011, http://dx.doi.org/10.1109/TPWRS.2010.2071888
- Soupionis Y., Ntalampiras S., and Giannopoulos G., “Faults and Cyber Attacks Detection in Critical Infrastructures.” In International Conference on Critical Information Infrastructures Security, pp. 283-289. Springer International Publishing, 2014.
- Kornecki, A. J., Subramanian, N., & Zalewski, J. (2013, September). Studying interrelationships of safety and security for software assurance in cyber-physical systems: Approach based on bayesian belief networks. In Computer Science and Information Systems (FedCSIS), 2013 Federated Conference on (pp. 1393-1399). IEEE.