{"title":"Cybersecurity Intrusion Detection for Station and Process Bus Applications in Substations: Challenges and Experiences","authors":"A. Klien, Amro Mohamed","doi":"10.1109/SASG57022.2022.10199351","DOIUrl":null,"url":null,"abstract":"Numerous cyber-attacks on critical infrastructure triggered utilities to implement sophisticated cyber security measures to protect the electrical grid. For example, firewalls and “air gaps” are currently used to safeguard substations. However, these can be evaded through remote access tunnels or computers directly attached to the station network. Therefore, measures are needed to detect cyber threats in substation networks to respond quickly and minimize consequences.This document describes how to apply the different NIST Cybersecurity Framework (CSF) functions: Identity, Protect, Detect, Respond, and Recover to substations and which benefits emerge from utilizing what IEC 61850 standard offers. The frequently used attack vector on industrial control systems is the connections to services in corporate IT and control centers or temporary maintenance connections.Another entry point is engineering workstations connected to substation networks. Finally, the storage of settings and test documents could also be an entry point for attackers and malware.","PeriodicalId":206589,"journal":{"name":"2022 Saudi Arabia Smart Grid (SASG)","volume":"246 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Saudi Arabia Smart Grid (SASG)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SASG57022.2022.10199351","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Numerous cyber-attacks on critical infrastructure triggered utilities to implement sophisticated cyber security measures to protect the electrical grid. For example, firewalls and “air gaps” are currently used to safeguard substations. However, these can be evaded through remote access tunnels or computers directly attached to the station network. Therefore, measures are needed to detect cyber threats in substation networks to respond quickly and minimize consequences.This document describes how to apply the different NIST Cybersecurity Framework (CSF) functions: Identity, Protect, Detect, Respond, and Recover to substations and which benefits emerge from utilizing what IEC 61850 standard offers. The frequently used attack vector on industrial control systems is the connections to services in corporate IT and control centers or temporary maintenance connections.Another entry point is engineering workstations connected to substation networks. Finally, the storage of settings and test documents could also be an entry point for attackers and malware.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
