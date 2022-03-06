Keerthi Koneru

Computer Science PhD Student

Description: The exponential growth of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) led to the expansion of Industrial IoT (IIoT), which is loaded with various smart devices such as sensors to collect information. Many operators monitor and control this information to ensure uninterrupted services and prevent damage to high-cost equipment. But as these systems grow more intelligent and more interdependent, the impact of cyber-attacks raises many security and privacy concerns. Despite their complex nature, many industrial systems fail to defend themselves from several cyber-attacks, as modern attacks mainly try to exploit permissions rather than exploit vulnerabilities. The well-known cyber-sabotage episodes include the Stuxnet attack on an Iranian nuclear power plant in 2010, the cyber-attack on the Bowman Dam in Rye Brook, NY, in 2013, and the Industroyer malware attack on the Ukrainian power grid in 2016 and 2022. These attacks are not limited to industrial systems but also affect several IoT devices used for household activities, such as security cameras/baby monitors, smart TVs, printers, etc.

Unlike the IoT devices, the attack's impact on Industrial IoT networks is huge. Automating individual components of the smart grid, such as substations with the integration of TCP/IP protocols and the Ethernet-based networks to monitor and control switchgear through Intelligent Electronic Devices (IEDs), exposes them to wide-range of the attack surface. While the improvement in cyber security of these critical components requires thorough research, it is hard to obtain access to real-world systems due to their critical value and the conservative approach of industrial operators. As a result, most of the research to date is done either on simulations or testbeds. Also, most of the research work from the security community shows attacks and defenses to substation networks. Still, no research focuses on measuring and analyzing real-world substation networks.



This proposal mainly focuses on measuring and analyzing a real-world substation network traffic and its configuration through deep packet inspection (DPI) and reconstructing the network by identifying devices through their functions. The primary protocol under research is IEC 61850, an international standard protocol designed for communications between IEDs in an electrical substation. By analyzing these network traffic measurements, we can detect how the network supports various functions and legacy components, integrating modern-day GOOSE networks and legacy equipment through Serial to Ethernet converters. The research also includes analyzing the characteristics of the IEC 61850 component in "Industroyer" used to attack the Ukrainian power grid in 2016. We developed a simulation environment to replay the attack and perform deep static and dynamic analysis to study its capabilities. The proposal also includes a little research on the privacy and security of internet-connected cameras.