Design and Analysis of a Sophisticated Malware Attack Against Smart Grid

  • Byungho MinEmail author
  • Vijay Varadharajan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


In this paper, we propose a realistic malware attack against the smart grid. The paper first briefs the architecture of the smart grid in general. And then we explain our proposed attack that is specifically tailored for the smart grid infrastructures. The attack considers the characteristics of recent real malware attacks such as deceptive hardware attack and multi-stage operation. We believe this analysis will benefit the design and implementation of secure smart grid infrastructures by demonstrating how a sophisticated malware attack can damage the smart grid.


Smart grid Cyber-physical system Cyber attack  Malware Blackout Security 


  1. 1.
    Momoh, J.: Smart Grid: Fundamentals of Design and Analysis. Wiley, Hoboken (2012)CrossRefGoogle Scholar
  2. 2.
    U.S. Government: NIST framework and roadmap for Smart Grid interoperability standards, release 1.0. NIST, January 2010Google Scholar
  3. 3.
    Cyber Security Working Group: Guidelines for Smart Grid Cyber Security: vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements. NIST, August 2010Google Scholar
  4. 4.
    McDaniel, P., McLaughlin, S.: Security and privacy challenges in the smart grid. IEEE Security & Privacy 7(3), 75–77 (2009)CrossRefGoogle Scholar
  5. 5.
    Liu, J., Xiao, Y., Li, S., Liang, W., Philip Chen, C.L.: Cyber security and privacy issues in smart grids. IEEE Commun. Surv. Tutorials 14(4), 981–997 (2012)CrossRefGoogle Scholar
  6. 6.
    Fang, X., Misra, S., Xue, G., Yang, D.: Smart grid - the new and improved power grid: a survey. IEEE Commun. Surv. Tutorials 14(4), 944–980 (2012)CrossRefGoogle Scholar
  7. 7.
    Li, X., Liang, X., Rongxing, L., Shen, X., Lin, X., Zhu, H.: Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Commun. Mag. 50(8), 38–45 (2012)CrossRefGoogle Scholar
  8. 8.
    Sridhar, S., Hahn, A., Govindarasu, M.: Cyber-physical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2012)CrossRefGoogle Scholar
  9. 9.
    Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet dossier. White paper, Symantec Corp., Security Response (2011)Google Scholar
  10. 10.
    Ganesalingam, M.: Type. In: Ganesalingam, M. (ed.) The Language of Mathematics. LNCS, vol. 7805, pp. 113–156. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  11. 11.
    Luigi Auriemma, Bugtraq: Vulnerabilities in some SCADA server softwares, March 2011., Last Accessed on 15 May 2013
  12. 12.
    Secunia Vulnerability Review 2013, Secunia, March 2013Google Scholar
  13. 13.
    Gao, J., Xiao, Y., Liu, J., Liang, W., Philip Chen, C.L.: A survey of communication/networking in Smart Grids. Future Gener. Comput. Syst. 28(2), 391–404 (2012)CrossRefGoogle Scholar
  14. 14.
    Kolhe, M.: Smart grid: charting a new energy future: research, development and demonstration. Electricity J. 25(2), 88–93 (2012)CrossRefGoogle Scholar
  15. 15.
    Ernst & Young: Attacking the smart grid, December 2011Google Scholar
  16. 16.
    Byres, E.: Unicorns and Air Gaps - Do They Really Exist? Living with Reality in Critical Infrastructures, Tofino, July 2012Google Scholar
  17. 17.
    Symantec: The Symantec Intelligence Report: June 2012, June 2010Google Scholar
  18. 18.
    McDonald, G., O Murchu, L., Doherty, S., Chien, E.: Stuxnet 0.5: The Missing Link. White paper, Symantec Corp., Security Response, February 2013Google Scholar
  19. 19.
    Wightman, K.R.: Schneider Modicon Quantum, January 2012., Last Accessed on 15 May 2013
  20. 20.
    Zetter, K.: SCADA System’s Hard-Coded Password Circulated Online for Years, July 2010., Last Accessed on 15 May 2013
  21. 21.
    Global Research & Analysis Team, Kaspersky Lab: What was that Wiper thing? August 2012., Last Accessed on 15 May 2013

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Advanced Cyber Security Research CentreMacquarie UniversitySydneyAustralia

Personalised recommendations