Visible to the public Demonstrating Cyber-Physical Attacks and Defense for Synchrophasor Technology in Smart Grid

TitleDemonstrating Cyber-Physical Attacks and Defense for Synchrophasor Technology in Smart Grid
Publication TypeConference Paper
Year of Publication2018
AuthorsKhan, Rafiullah, McLaughlin, Kieran, Laverty, John Hastings David, David, Hastings, Sezer, Sakir
Conference Name2018 16th Annual Conference on Privacy, Security and Trust (PST)
Keywordsaforementioned cyber-attacks, attack capabilities, command injection attack, command injection attacks, composability, computer network security, cyber-physical attacks, decentralized decision making capability, decision making, defense mechanisms, Global Positioning System, IEEE standards, intrusion detection system, IP networks, malicious activities, Metrics, packet drop attack, phasor measurement, phasor measurement units, potential physical impacts, power engineering computing, pubcrawl, Real-time Systems, Resiliency, security, security of data, Smart grid, smart power grids, Software, Standards, stealthy cyber-attacks, stealthy data manipulation attack, stealthy man-in-the-middle attacks, synchrophasor communication standard, synchrophasor devices, synchrophasor network security, synchrophasor technology, synchrophasor-based synchronous islanding testbed, synchrophasor-based systems
AbstractSynchrophasor technology is used for real-time control and monitoring in smart grid. Previous works in literature identified critical vulnerabilities in IEEE C37.118.2 synchrophasor communication standard. To protect synchrophasor-based systems, stealthy cyber-attacks and effective defense mechanisms still need to be investigated.This paper investigates how an attacker can develop a custom tool to execute stealthy man-in-the-middle attacks against synchrophasor devices. In particular, four different types of attack capabilities have been demonstrated in a real synchrophasor-based synchronous islanding testbed in laboratory: (i) command injection attack, (ii) packet drop attack, (iii) replay attack and (iv) stealthy data manipulation attack. With deep technical understanding of the attack capabilities and potential physical impacts, this paper also develops and tests a distributed Intrusion Detection System (IDS) following NIST recommendations. The functionalities of the proposed IDS have been validated in the testbed for detecting aforementioned cyber-attacks. The paper identified that a distributed IDS with decentralized decision making capability and the ability to learn system behavior could effectively detect stealthy malicious activities and improve synchrophasor network security.
Citation Keykhan_demonstrating_2018