Download sparks multi-stage cyber-attack and countermeasure demonstration

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript 
M. FASCHANG1// [email protected] // C. SEITL1// [email protected] // F. KUPZOG1// [email protected] //
D. UMSONST2// [email protected] // B. KANG3// [email protected] //
1 AIT Austrian Institute of Technology GmbH, Center for Energy, Electric Energy Systems, Tech Base Vienna, Austria.
2 KTH Royal Institute of Technology, Stockholm, Sweden
3 Queen‘s University Belfast, Northern Ireland, UK
SPARKS MULTI-STAGE CYBER-ATTACK AND
COUNTERMEASURE DEMONSTRATION
ABSTRACT – Remotely operated Smart Grid components such as photovoltaic (PV) and battery inverters, electric vehicle (EV) supply equipment, or wind
generators introduce new vulnerabilities that could be exploited by attackers. One such attack scenario has recently been presented in the AIT SmartEST
laboratory as described below. Through a man-in-the-middle attack to the 61850 communication, a set of simulated and one real PV inverter are forced into
unstable situation and start oscillating. By a follow-up attack, the inverters disconnect due to a maliciously created overvoltage situation. A centralized SCADA
intrusion detection system (IDS) and decentralized implemented resilient controllers (RC) – developed in the SPARKS project (https://project-sparks.eu) – are
able to successfully counteract the demonstrated attacks.
ATTACK SCENARIO
Central
COUNTERMEASURES
IDS
 Low voltage distribution grid
 central controller
 distributed PV systems
 61850 based Q(U) set-points
PV System
RC
RC
PV System
 Attacker‘s goals
 violation of supply system limits
 destabilisation of supply system
Communication
Devices in the field
 Man-in-the-middle (MITM) attack
 on plain 61850 MMS packets
 sniffing voltage measurements
 modifying Q(U) set-points
RC
PV System
LABORATORY PHIL SET-UP
Communication System
Simulator (NRL Core)
SCADA |
WAN
|
Field
61850
Stack
C
IDS
Att.
Laboratory Domain
Lab link middleware
Simulation Domain
Smart Low
Voltage Grid
Controller
RC
RC
PV
PV
61850
Stack
Distribution Grid Simulator
(DIgSILENT
PowerFactory)
RC - Rule 1
Resilient Controller (RC)
 rule-based local (at PV site) decision making
 RC Rule 1 „Voltage Prediction“
 estimation of set-points effects by
 Thevenin equivalent & local droop law
 RC Rule 2 „Critical Gain“
 assessment of droop law‘s gain
 limitation of effective gain k to kcrit
Reactive Power 𝑄0
Intrusion Detection System (IDS)
 monitoring traffic in application layer
 Muliti-attribute Detection
 white/balcklist, known signatures
 state-full analysis and anomaly detection
 Alerts to Resilient Controller
 additional information for better RC reactions
RC - Rule 2
Voltage 𝑉0
k ≤ kcrit to avoid oscillation
Laboratory set-up
 Power-hardware-in-the-loop (PHIL) integration of PV inverter in distribution grid simulation
 Man-in-the-middle attacker integration in TCP/IP communication system simulation
 IDS and RC implementation
Real/physical entities
 2.5 kVA single phase PV inverter (SunSpec)
PV Inverter
Power
Amp.
 IEC61850/SunSpec gateway IEC61499-impl.
 Smart Low Voltage Grid controller
 Spitzenberger & Spies power amplifier
 local load and line impedance
G
SCADA … Supervisory Control & Data Akquisition
WAN … Wide Area Network
PV … Photovoltaic Inverter
IDS … Intrusion Detection System
RC … Resilient Controller
Simulated entities
 small rural distribution grid (20 households, 13 PV)
 TCP/IP communication grid (SCADA ↔ WAN ↔ Field)
DEMONSTRATION OF CYBER-ATTACKS AND COUNTERMEASURES
Attacker changes set-points to
modify the inverters‘ characteristics
 Attack 1: infinite gain Q(U)
 Attack 2: flipped Q(U) curve
Q(U) characteristics
Reactive Power 𝑄0
Measured effects
typical
attack 1
attack 2
𝑉0
Voltage
 Before first attack
 regular Q(U) characteristic
 deadband at Unom ± 4%
 Voltage supporting Q(U)
Set Curve
1,00
Nominal Reactive Power
Attacks
Measured Curve
0,67
0,33
0,00
-0,33
-0,67
-1,00
0,9
0,95
1
1,05
Nominal Grid Voltage
1,1
Intrusion Detection System
232,0
0,25
231,4
0,00
230,8
-0,25
230,2
-0,50
229,6
-0,75
229,0
-1,00
228,4
0
5
CONCLUSION
 Centralized (IDS) and decentralized (RC) countermeasures able to protect
the attacked system
 Best protection through combined RC+IDS approach and resilient fall-back
 Encryption of remote commands crucial as basic cyber-attack prevention
 Trade-off between configuration freedom and protection of field devices
Nominal Power
Active Power
10
15
20
Time (sec)
25
30
Reactive Power
35
Grid Voltage
1,0
253,0
0,8
252,6
0,6
252,2
0,4
251,8
0,2
251,4
0,0
251,0
-1
0
1
2
3
Time (sec)
m!unow - mlunow
EU FP7 Programme
Contract No. 608224
4
Grid Voltage (V)
0,50
-5
 After second MITM-attack
 inverter with malicous Q(U)
characteristic: flipped curve
 no more Q(U) voltage support
 further increase of high voltage
 voltage limit violation
 autom. inverter disconnection
Grid Voltage
5
6
Grid Votlage (V)
 After first MITM-attack
 inverters with malicous Q(U)
characteristic: infinite gain
 unstable, oscillating behaviour
 ΔQ oscillation 0.75 p.u.
 ΔU oscillation ~2.0 Vpp
Nominal Reactive Power
Reactive Power
Related documents