+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid


      1 , 1 , 1 , 1 , 1

      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

      Cyber Security Research

      23 - 25 August 2016

      BlackEnergy, Malware, Cyber Attacks, Synchrophasors, Smart Grid, IEEE C37.118, IEC 61850-90-5



            The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.


            Author and article information

            October 2016
            October 2016
            : 53-63
            [0001]Queen’s University Belfast, Belfast, United Kingdom
            © Khan et al. Published byBCS Learning & Development Ltd.Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. et al 2011 Advanced realtime synchrophasor applications SEL Journal of Reliable Power 2 2

            2. et al 2016 Analysis of IEEE C37.118 and IEC 61850-90-5 synchrophasor communication frameworks IEEE PES-GM

            3. 2011 Cyberwar case study: Georgia 2008 Small Wars Journal

            4. ThreatSTOP 2016 Black energy Security Report by ThreatSTOP

            5. 2013 Synchrophasor standards and guides for the smart grid IEEE PES-GM

            6. et al 2008 Exploring the IEEE Standard C37.118-2005 synchrophasors for power systems IEEE Transactions on Power Delivery

            7. et al 2015 Challenges and Lessons Learned from Commissioning an IEC 61850-90-5 based Synchrophasor System 68th Annual Conference for Protective Relay Engineers

            8. et al 2013 The OpenPMU project: Challenges and perspectives IEEE PES-GM

            9. et al 2016 IEEE C37.118-2 synchrophasor communication framework: Overview, cyber vulnerabilities analysis and performance evaluation ICISSP

            10. et al 2011 Security profile for wide area monitoring, protection and control UCAIug SG Security Working Group

            11. et al 2011 Synchrophasor security practices 14th Georgia Tech Fault and Disturbance Analysis Conference

            12. et al 2011 Cybersecurity testing of substation phasor measurement units and phasor data concentrators 7th ACM CSIIRW

            13. et al 2014 Exposing vulnerabilities in electric power grids: An experimental approach Int. Journal of Critical Infrastructure Protection 7 1 51 60

            14. Shepard et al 2012 Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks Critical Infrastructure Protection Conference

            15. et al 2012 A survey on cyber security for smart grid communications IEEE Communications Surveys and Tutorials

            16. 2009 Study of security attributes of smart grid systems - Current cyber security issues. Battelle Energy Alliance LLC., Rep INL/EXT-09-15500

            17. et al 2014 A survey of electric power synchrophasor network cyber security PES ISGT-Europe

            18. 2007 BlackEnergy DDoS Bot analysis Arbor Networks Technical Report

            19. et al 2016 Analysis of the cyber attack on the Ukrainian power grid SANS ICS Report


            Comment on this article