Security of Smart Grid Communication

Abstract

Protection of industrial communication systems against cyber attacks has become a great challenge during the past years due to the convergence of Operational Technologies (OT) and Information Technologies (IT), adoption of the TCP/IP to industrial networks, and the rising level of automation and intelligent control of industrial processes. Security and safety of critical infrastructure systems that include power plants, substations, water and gas distribution, traffic control systems, etc., can be implemented on various levels. In this work we focus on security of industrial system via high-level communication monitoring and automated anomaly detection. <br><br>The first issue that should be addressed for cyber security of ICS communication is high-level visibility of transmitted commands. For this taks we adopt Netflow/IPFIX technology extended by meta-data obtained from ICS protocol headers, e.g., transmitted commands, device status, requested objects, etc. Enhanced visiblity provides rich data for detection of unexpected events like malfunctioning or cyber attacks. <br><br>Second part of this work introduces two technique for anomaly detection of ICS communication. The first technique models communication sequences using probabilistic automata and observe the frequency of their occurence. If an unknown sequence or a sequence with unexpected frequence is found, it is considered as anomaly. The second technique applies statistical modeling where we observe typical distribution of packet features like inter-arrival time and direction. Using learnt distributions we create a profile of a normal communication. When a communication deviates significantly from the learnt profile, anomaly alarm is raised. <br><br>By combination of both technique we are able to detect common anomalies and cyber attack vectors that are typical for smart grid communication. Application of the presented approach can improve security of smart grid networks. <br>

Protection of industrial communication systems against cyber attacks has become a great challenge during the past years due to the convergence of Operational Technologies (OT) and Information Technologies (IT), adoption of the TCP/IP to industrial networks, and the rising level of automation and intelligent control of industrial processes. Security and safety of critical infrastructure systems that include power plants, substations, water and gas distribution, traffic control systems, etc., can be implemented on various levels. In this work we focus on security of industrial system via high-level communication monitoring and automated anomaly detection. <br><br>The first issue that should be addressed for cyber security of ICS communication is high-level visibility of transmitted commands. For this taks we adopt Netflow/IPFIX technology extended by meta-data obtained from ICS protocol headers, e.g., transmitted commands, device status, requested objects, etc. Enhanced visiblity provides rich data for detection of unexpected events like malfunctioning or cyber attacks. <br><br>Second part of this work introduces two technique for anomaly detection of ICS communication. The first technique models communication sequences using probabilistic automata and observe the frequency of their occurence. If an unknown sequence or a sequence with unexpected frequence is found, it is considered as anomaly. The second technique applies statistical modeling where we observe typical distribution of packet features like inter-arrival time and direction. Using learnt distributions we create a profile of a normal communication. When a communication deviates significantly from the learnt profile, anomaly alarm is raised. <br><br>By combination of both technique we are able to detect common anomalies and cyber attack vectors that are typical for smart grid communication. Application of the presented approach can improve security of smart grid networks. <br>