2,498
views
0
recommends
+1 Recommend
1 collections
    8
    shares

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Increasing Visibility of IEC 104 Communication in the Smart Grid

      proceedings-article
      , ,
      6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR)
      Cyber Security Research
      10th-12th September 2019
      IEC 104, smart grid, ICS, security monitoring, SCADA, flow monitoring
      Bookmark

            Abstract

            Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the ongoing communication to the operator. The proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.

            Content

            Author and article information

            Contributors
            Conference
            September 2019
            September 2019
            : 21-30
            Affiliations
            [0001]Brno University of Technology

            Božetěchova 1/2

            Brno, Czech Republic
            Article
            10.14236/ewic/icscsr19.3
            0ba50e72-98fe-4bbf-b683-6107a28c4df4
            © Petr Matoušek et al. Published by BCS Learning and Development Ltd. 6th International Symposium for ICS & SCADA Cyber Security Research 2019

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            6th International Symposium for ICS & SCADA Cyber Security Research 2019
            ICS-CSR
            6
            Athens, Greece
            10th-12th September 2019
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/icscsr19.3
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            SCADA,IEC 104,smart grid,ICS,security monitoring,flow monitoring

            REFERENCES

            1. 2015 October The Industrial Control System Cyber Kill Chain Technical report, SANS Institute

            2. 2017 August Modular ICS Malware. Technical report Electricity Information Sharing and Analysis Center (E-ISAC)

            3. 2017 June Win32/Industroyer. A new threat for industrial control systems. Technical report ESET

            4. 2004 October Cisco Systems NetFlow Services Export Version 9. IETF RFC 3954

            5. 2013 September Information Model for IP Flow Information Export (IPFIX). IETF RFC 7012

            6. 2013 September Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information. IETF RFC 7011

            7. 2017 June CrashOverride. Analysis of the Threat of Electric Grid Operations. Technical report Dragos Inc

            8. ENISA 2016 December Communication network dependencies for ICS/SCADA Systems. Technical report European Union Agency for Network and Information Security (ENISA)

            9. 2009 March The Syslog Protocol IETF RFC 5424

            10. 2015 July Challenges for IDS/IPS Deployment in Industrial Control Systems. Technical report SANS Institute

            11. IEC 2006 June Telecontrol equipment and systems - Part 5-104: Transmission protocols - Network access for IEC 60870-5-101 using standard transport profiles. Standard IEC 60870-5-104:2006 International Electrotechnical Commission Geneva

            12. 2017 Cybersecurity protection for power grid control infrastructures International Journal of Critical Infrastructure Protection 18 20 33

            13. 2015 Industrial Network Security. Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Syngress

            14. 2016 March Analysis of the Cyber Attack on the Ukrainian Power Grid. Defense Use Case. Technical report Electricity Information Sharing and Analysis Center (E-ISAC)

            15. 2018 Understanding IEC-60870-5-104 Traffic Patterns in SCADA Networks Proceedings of the 4th ACM Workshop on Cyber-Physical System Security CPSS ’18 New York, NY, USA 51 60 ACM

            16. 2010 Oct Review and evaluation of security threats on the communication networks in the smart grid 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE, 1830 1835

            17. 2017 Description and analysis of IEC 104 Protocol. Technical Report FIT-TR-2017-12 Brno University of Technology

            18. 2014 Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks Proceedings of the 2Nd International Symposium on ICS & SCADA Cyber Security Research 2014 ICS-CSR 2014 UK 30 42 BCS

            19. 2012 A survey of SCADA and critical infrastructure incidents In Proceedings of the 1st Annual conference on Research in information technology, RIIT ’12 51 56 ACM

            20. 2002 December Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) Ietf rfc 3416

            21. 2015 Guide to Industrial Control Systems (ICS) Security. Technical Report NIST-SP-800-82r2 National Institute of Standards and Technology

            22. 2013 July Intrusion detection system for iec 60870-5-104 based scada networks 2013 IEEE Power Energy Society General Meeting 1 5

            Comments

            Comment on this article