Advertisement

EPIC: An Electric Power Testbed for Research and Training in Cyber Physical Systems Security

  • Sridhar AdepuEmail author
  • Nandha Kumar Kandasamy
  • Aditya Mathur
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11387)

Abstract

Testbeds that realistically mimic the operation of critical infrastructure are of significant value to researchers. One such testbed, named Electrical Power and Intelligent Control (EPIC), is described in this paper together with examples of its use for research in the design of secure smart-grids. EPIC includes generation, transmission, smart home, and micro-grid. EPIC enables researchers to conduct research in an active and realistic environment. It can also be used to understand the cascading effects of failures in one Industrial Control System (ICS) on another, and to assess the effectiveness of novel attack detection algorithms. Four feasible attack scenarios on EPIC are described. Two of these scenarios, demonstrated on EPIC, namely a power supply interruption attack and a physical damage attack, and possible mitigation, are also described.

Keywords

Critical infrastructure Cyber Physical Systems Smart-grid testbed Smart-grid security Cyber attacks 

References

  1. 1.
    Wago Programmable Logic Controllers (2009). http://www.wago.us
  2. 2.
    Adepu, S., Mathur, A.: An investigation into the response of a water treatment system to cyber attacks. In: Proceedings of the 17th IEEE High Assurance Systems Engineering Symposium, Orlando, January 2016Google Scholar
  3. 3.
    Adepu, S., Mathur, A.: Distributed attack detection in a water treatment plant: method and case study. In: IEEE Transactions on Dependable and Secure Computing (2018, to appear)Google Scholar
  4. 4.
    Adepu, S., Mathur, A.: Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, pp. 449–460. ACM, New York, May 2016Google Scholar
  5. 5.
    Adepu, S., Mathur, A.: Generalized attacker and attack models for cyber-physical systems. In: Proceedings of the 40th Annual International Computers, Software and Applications Conference, Atlanta, USA, pp. 283–292. IEEE, June 2016Google Scholar
  6. 6.
    Adepu, S., Shrivastava, S., Mathur, A.: Argus: an orthogonal defense framework to protect public infrastructure against cyber-physical attacks. IEEE Internet Comput. 20(5), 38–45 (2016)CrossRefGoogle Scholar
  7. 7.
    Adepu, S., Mathur, A.: Assessing the effectiveness of attack detection at a hackfest on industrial control systems. arXiv preprint arXiv:1809.04786 (2018)
  8. 8.
    Ahmed, C.M., Palleti, V.R., Mathur, A.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: The 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, April 2017Google Scholar
  9. 9.
    Biswas, S.S., Kim, J.H., Srivastava, A.K.: Development of a smart grid test bed and applications in PMU and PDC testing. In: 2012 North American Power Symposium (NAPS), pp. 1–6 (2012)Google Scholar
  10. 10.
    Caulfield, T., Ioannidis, C., Pym, D.: The U.S. vulnerabilities equities process: an economic perspective. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) GameSec 2017. LNCS, vol. 10575, pp. 131–150. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-68711-7_8CrossRefGoogle Scholar
  11. 11.
    Cintuglu, M.H., Mohammed, O.A., Akkaya, K., Uluagac, A.S.: A survey on smart grid cyber-physical system testbeds. IEEE Commun. Surv. Tutor. 19(1), 446–464 (2017)CrossRefGoogle Scholar
  12. 12.
    CODESYS: Codesys-industrial IEC 61131–3 PLC programming (2018). https://www.codesys.com/
  13. 13.
    CVE-2017-0144: Windows SMB remote code execution vulnerability (2017). https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144
  14. 14.
    ICS-CERT Advisories (2018). https://ics-cert.us-cert.gov/advisories
  15. 15.
    Du, L., Liu, Q.Y.: The design of communication system on the real-time relay protection based on goose. In: 2012 Asia-Pacific Power and Energy Engineering Conference, pp. 1–5 (2012)Google Scholar
  16. 16.
    Dumitrache, I., Dogaru, D.I.: Smart grid overview: infrastructure, cyber-physical security and challenges. In: 2015 20th International Conference on Control Systems and Computer Science, pp. 693–699 (2015)Google Scholar
  17. 17.
    EMA: Pulau ubin micro-grid test bed (2013). https://www.ema.gov.sg/Pulau_Ubin_Micro-grid_Test_Bed.aspx
  18. 18.
    Formby, D., Walid, A., Beyah, R.: A case study in power substation network dynamics. Proc. ACM Meas. Anal. Comput. Syst. 1, 19 (2017)CrossRefGoogle Scholar
  19. 19.
    Giraldo, J., Cárdenas, A., Quijano, N.: Integrity attacks on real-time pricing in smart grids: impact and countermeasures. IEEE Trans. Smart Grid 8, 2249–2257 (2017)CrossRefGoogle Scholar
  20. 20.
    Gunathilaka, P., Mashima, D., Chen, B.: SoftGrid: a software-based smart grid testbed for evaluating substation cybersecurity solutions. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy. CPS-SPC 2016 (2016)Google Scholar
  21. 21.
    He, Y., Mendis, G.J., Wei, J.: Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans. Smart Grid 8(5), 2505–2516 (2017)CrossRefGoogle Scholar
  22. 22.
    Hernandez, M., Ramos, G., Lwin, M., Siratarnsophon, P., Santoso, S.: Embedded real-time simulation platform for power distribution systems. IEEE Access 6, 6243–6256 (2017)CrossRefGoogle Scholar
  23. 23.
    Kandasamy, N.K., Badrinarayanan, R., Kanamarlapudi, V.R.K., Tseng, K.J., Soong, B.H.: Performance analysis of machine-learning approaches for modeling the charging/discharging profiles of stationary battery systems with non-uniform cell aging. Batteries 3(2), 18 (2017)CrossRefGoogle Scholar
  24. 24.
    Kharraz, A.: Techniques and solutions for addressing ransomware attacks (2017)Google Scholar
  25. 25.
    Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)CrossRefGoogle Scholar
  26. 26.
    Lee, E.A.: Cyber-physical systems: design challenges. Technical Report UCB/EECS-2008-8, EECS Department, University of California, Berkeley, January 2008. http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-8.html
  27. 27.
    Lopez, J., Rubio, J.E., Alcaraz, C.: A resilient architecture for the smart grid. IEEE Trans. Industr. Inf. 14, 3745–3753 (2018)CrossRefGoogle Scholar
  28. 28.
    Mackiewicz, R.: Overview of IEC 61850 and benefits. In: Power Systems Conference and Exposition, 2006. PSCE 2006. 2006 IEEE PES, pp. 623–630. IEEE (2006)Google Scholar
  29. 29.
    Mascarella, D., Chlela, M., Joos, G., Venne, P.: Real-time testing of power control implemented with IEC 61850 GOOSE messaging in wind farms featuring energy storage. In: 2015 IEEE Energy Conversion Congress and Exposition (ECCE), pp. 6710–6715 (2015)Google Scholar
  30. 30.
    Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), USA, pp. 31–36. IEEE, April 2016Google Scholar
  31. 31.
    McDaniel, P., McLaughlin, S.: Security and privacy challenges in the smart grid. IEEE Secur. Priv. 7, 75–77 (2009)CrossRefGoogle Scholar
  32. 32.
  33. 33.
    Nakashima, E., Timberg, C.: NSA officials worried about the day its potent hacking tool would get loose. Then it did. Washington Post (2017). https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loosethen-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html
  34. 34.
    Paithankar, Y.G., Bhide, S.: Fundamentals of Power System Protection. PHI Learning Pvt. Ltd., New Delhi (2011)Google Scholar
  35. 35.
  36. 36.
    Qi, J., Hahn, A., Lu, X., Wang, J., Liu, C.C.: Cybersecurity for distributed energy resources and smart inverters. IET Cyber-Phys. Syst.: Theory Appl. 1(1), 28–39 (2016)Google Scholar
  37. 37.
    Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45741-3_22CrossRefGoogle Scholar
  38. 38.
    Shelar, D., Sun, P., Amin, S., Zonouz, S.: Compromising security of economic dispatch in power system operations. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2017)Google Scholar
  39. 39.
    Siddiqi, A., Tippenhauer, N.O., Mashima, D., Chen, B.: On practical threat scenario testing in an electric power ICS testbed. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, pp. 15–21 (2018)Google Scholar
  40. 40.
    Sørensen, J.T., Jaatun, M.G.: An analysis of the manufacturing messaging specification protocol. In: Sandnes, F.E., Zhang, Y., Rong, C., Yang, L.T., Ma, J. (eds.) UIC 2008. LNCS, vol. 5061, pp. 602–615. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-69293-5_47CrossRefGoogle Scholar
  41. 41.
    Tudor, V., Almgren, M., Papatriantafilou, M.: The influence of dataset characteristics on privacy preserving methods in the advanced metering infrastructure. Comput. Secur. 76, 178–196 (2018)CrossRefGoogle Scholar
  42. 42.
    Tunaboylu, N.S., Shehu, G., Argin, M., Yalcinoz, T.: Development of smart grid test-bed for electric power distribution system. In: 2016 IEEE Conference on Technologies for Sustainability (SusTech), pp. 184–187 (2016)Google Scholar
  43. 43.
    Weinberger, S.: Computer security: is this the start of cyberwarfare? Nature 174, 142–145 (2011)CrossRefGoogle Scholar
  44. 44.
    Zeller, M.: Myth or reality? Does the aurora vulnerability pose a risk to my generator? In: 2011 64th Annual Conference for Protective Relay Engineers, pp. 130–136 (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Sridhar Adepu
    • 1
    Email author
  • Nandha Kumar Kandasamy
    • 1
  • Aditya Mathur
    • 1
  1. 1.iTrust, Center for Research in Cyber SecuritySingapore University of Technology and DesignSingaporeSingapore

Personalised recommendations