针对 IEC 61850 电网变电站的两阶段高级持续性威胁 (APT) 攻击

IF 2.4 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Information Security Pub Date : 2024-05-14 DOI:10.1007/s10207-024-00856-6
Aida Akbarzadeh, Laszlo Erdodi, Siv Hilde Houmb, Tore Geir Soltvedt
{"title":"针对 IEC 61850 电网变电站的两阶段高级持续性威胁 (APT) 攻击","authors":"Aida Akbarzadeh, Laszlo Erdodi, Siv Hilde Houmb, Tore Geir Soltvedt","doi":"10.1007/s10207-024-00856-6","DOIUrl":null,"url":null,"abstract":"<p>Advanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage to the physical world, as seen with the Stuxnet attack, or manipulation of an industrial process, as was the case in the Ukraine Power Grid attacks. Given the increasing sophistication and targeted nature of cyber-attacks, especially APTs, this paper delves into the substantial threats APTs pose to critical infrastructures, focusing on power grid substations. Through a detailed case study, we present and explore a 2-stage APT attack on an IEC 61850 power grid substation, employing a Hardware-in-the-Loop (HIL) testbed to simulate real-world conditions. More specifically, this paper discusses two significant experiments conducted to assess vulnerabilities in the control protocols used in IEC 61850 substations: IEC 60870-5-104 and IEC 61850. The integration of findings from these experiments revealed a number of previously undiscussed potential threats to power grid infrastructure that could arise from attacking one or more substations. To better address these potential threats, the paper proposes an extension to the Industrial Control System (ICS) kill chain that explicitly accounts for the consequences of attacks on the physical aspects of Cyber-Physical Systems (CPSs).</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"155 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation\",\"authors\":\"Aida Akbarzadeh, Laszlo Erdodi, Siv Hilde Houmb, Tore Geir Soltvedt\",\"doi\":\"10.1007/s10207-024-00856-6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Advanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage to the physical world, as seen with the Stuxnet attack, or manipulation of an industrial process, as was the case in the Ukraine Power Grid attacks. Given the increasing sophistication and targeted nature of cyber-attacks, especially APTs, this paper delves into the substantial threats APTs pose to critical infrastructures, focusing on power grid substations. Through a detailed case study, we present and explore a 2-stage APT attack on an IEC 61850 power grid substation, employing a Hardware-in-the-Loop (HIL) testbed to simulate real-world conditions. More specifically, this paper discusses two significant experiments conducted to assess vulnerabilities in the control protocols used in IEC 61850 substations: IEC 60870-5-104 and IEC 61850. The integration of findings from these experiments revealed a number of previously undiscussed potential threats to power grid infrastructure that could arise from attacking one or more substations. To better address these potential threats, the paper proposes an extension to the Industrial Control System (ICS) kill chain that explicitly accounts for the consequences of attacks on the physical aspects of Cyber-Physical Systems (CPSs).</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"155 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00856-6\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00856-6","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

高级持续性威胁(APT)是针对特定目标的隐蔽、多步骤攻击。APT 通常被描述为 "低速而缓慢",在网络攻击的后果显现之前一直未被发现,通常表现为对物理世界的破坏(如 Stuxnet 攻击)或对工业流程的操纵(如乌克兰电网攻击)。鉴于网络攻击(尤其是 APT)的复杂性和针对性日益增强,本文将以电网变电站为重点,深入探讨 APT 对关键基础设施构成的重大威胁。通过详细的案例研究,我们介绍并探讨了针对 IEC 61850 电网变电站的两阶段 APT 攻击,采用了硬件在环 (HIL) 测试平台来模拟真实世界的条件。更具体地说,本文讨论了为评估 IEC 61850 变电站使用的控制协议中的漏洞而进行的两项重要实验:IEC 60870-5-104 和 IEC 61850。这些实验结果的整合揭示了许多以前未曾讨论过的潜在威胁,攻击一个或多个变电站可能会对电网基础设施造成威胁。为了更好地应对这些潜在威胁,本文提出了对工业控制系统 (ICS) 杀伤链的扩展,明确说明了对网络物理系统 (CPS) 物理方面的攻击所造成的后果。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation

Advanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage to the physical world, as seen with the Stuxnet attack, or manipulation of an industrial process, as was the case in the Ukraine Power Grid attacks. Given the increasing sophistication and targeted nature of cyber-attacks, especially APTs, this paper delves into the substantial threats APTs pose to critical infrastructures, focusing on power grid substations. Through a detailed case study, we present and explore a 2-stage APT attack on an IEC 61850 power grid substation, employing a Hardware-in-the-Loop (HIL) testbed to simulate real-world conditions. More specifically, this paper discusses two significant experiments conducted to assess vulnerabilities in the control protocols used in IEC 61850 substations: IEC 60870-5-104 and IEC 61850. The integration of findings from these experiments revealed a number of previously undiscussed potential threats to power grid infrastructure that could arise from attacking one or more substations. To better address these potential threats, the paper proposes an extension to the Industrial Control System (ICS) kill chain that explicitly accounts for the consequences of attacks on the physical aspects of Cyber-Physical Systems (CPSs).

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Information Security
International Journal of Information Security 工程技术-计算机:理论方法
CiteScore
6.30
自引率
3.10%
发文量
52
审稿时长
12 months
期刊介绍: The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
期刊最新文献
“Animation” URL in NFT marketplaces considered harmful for privacy An overview of proposals towards the privacy-preserving publication of trajectory data Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by design An enhanced and verifiable lightweight authentication protocol for securing the Internet of Medical Things (IoMT) based on CP-ABE encryption Secure multi-party computation with legally-enforceable fairness
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1