SlideShare a Scribd company logo

Evaluation of cybersecurity threats -mdms.pdf

Bhekumuzi Xaba
Bhekumuzi Xaba

Evaluation of cybersecurity threats -mdms

Technology
1 of 8
Download to read offline
See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/318601090 Evaluation of Cybersecurity Threats on Smart Metering System Chapter in Advances in Intelligent Systems and Computing · July 2018 DOI: 10.1007/978-3-319-54978-1_28 CITATIONS 14 READS 8,935 4 authors: Some of the authors of this publication are also working on these related projects: Microload Management in Generation Constrained Environment View project Russian global information warfare View project Samuel Tweneboah-Koduah Aarhus Business School 11 PUBLICATIONS 219 CITATIONS SEE PROFILE Anthony Tsetse Northern Kentucky University 25 PUBLICATIONS 113 CITATIONS SEE PROFILE Julius Quarshie Azasoo The University of Northampton 16 PUBLICATIONS 96 CITATIONS SEE PROFILE Barbara Endicott-Popovsky University of Washington Seattle 100 PUBLICATIONS 688 CITATIONS SEE PROFILE All content following this page was uploaded by Samuel Tweneboah-Koduah on 23 March 2018. The user has requested enhancement of the downloaded file.
Page 1 of 7 Evaluation of cybersecurity threats on Smart Metering System Abstract Smart metering has emerged as the next-generation of energy distribution, consumption, and monitoring systems via the convergence of power engineering and information and communication technology (ICT) integration otherwise known as smart grid systems. While the innovation is advancing the future power generation, distribution, consumption monitoring and information delivery, the success of the platform is positively correlated to the thriving integration of technologies upon which the system is built. Nonetheless, the rising trend of cybersecurity attacks on cyber infrastructure and its dependent systems coupled with the system’s inherent vulnerabilities present a source of concern not only to the vendors but also the consumers. These security concerns need to be addressed in order to increase consumer confidence so as to ensure greatest adoption and success of smart metering. In this paper, we present a functional communication architecture of the smart metering system. Following that, we demonstrate and discuss the taxonomy of smart metering common vulnerabilities exposure, upon which sophisticated threats can capitalize. We then introduce countermeasure techniques, whose integration is considered pivotal for achieving security protection against existing and future sophisticated attacks on smart metering systems. Keywords Smart Metering Infrastructure, Power Engineering, Smart Grid, Cybersecurity, Cyber Threats, Cyber Attack 1.0 Introduction The modernization of the modern power grid systems otherwise known as the smart grid has been developed for the purpose of enabling bidirectional flows of metering information in order to provide consumers with diverse choices as to how, when, and how much electricity they use. Integrated within the smart grid infrastructure setup is smart metering which core objective is to automate the monitoring of consumers’ power consumption, for the purpose of billing and accounting. Smart metering infrastructure otherwise known as Advanced Metering Infrastructure (AMI), is the core component in smart grid infrastructure systems. The functional architecture represents an automated two-way communication between a smart utility meter and a utility producer [1]. The metering system monitors consumers’ power consumption by collecting information on such consumption and communicating such information back to the utility company for load monitoring and billing [1]. Additionally, smart metering infrastructure provides better monitoring of power consumption and efficient and more transparent billing system to consumers. Thus, the utility providers are able to apply different price models for power consumption based on the time of day and season power is consumed [2]. By design, smart metering enables consumers to access their own real-time use of power consumption information through a web interface and mobile app service. These goals could not have been achieved and realized without the integration of communication technology infrastructure required to gather, assemble, and synthesize data provided by smart meters and other interconnected components. Smart Metering (SM) has gradually become an interest to both research and industrial communities most importantly to utility companies, energy regulators, energy distribution vendors as well as energy conservation societies [3]. The adoption and use of smart metering are advancing in recent times due to the ability to integrate information and communication technologies with the development of energy infrastructure systems. Notwithstanding, the recent upsurge in cyber attacks against critical infrastructure systems threatens the smooth functioning of smart metering infrastructure development and the electric grid as a whole. In this paper, we assess some of the major cybersecurity issues in smart metering infrastructure. Our goal is to provide an initial step to classify the system’s inherent vulnerabilities and the potential threats capable of exploiting the vulnerabilities. We evaluate this by demonstrating the feasibility and impact of various threat vectors upon a smart metering communication infrastructure network. This paper is organized as follows. Beginning with this introduction, the next section reviews the state of the art of smart metering system. In Section III, smart metering functional architecture is presented. Section IV explores the evaluation of cybersecurity challenges on smart metering. We discuss the study findings in section V and then conclude the paper in Section VI. 2.0 Related studies The concept of smart metering has advanced in recent times due to the integration of information and communication technologies into energy development. Rinaldi classified such integration as cyber interdependency [4]. In a related study, Rinaldi, et al.
Page 2 of 7 argued that interdependencies in critical infrastructure systems give rise to functional and non-functional challenges which do not exist in the single infrastructural system [5]. Accordingly, Li et al, posit that smart metering is part of the smart grid infrastructure system and for that matter, security attacks may take place both in the physical space, as in the conventional power grid, as well as in the cyberspace as in any modern communication infrastructure network [2]. Smart metering infrastructure system is often microprocessor-based which supports wireless connectivity for easy control and monitoring. Li et al. argue that smart meters are massively deployed as access points and are mostly connected to the Internet to engage customers in utility management. These access points, conversely, have become ideal ports for intrusions, penetration and other malicious attacks [2]. Conversely, Li et al, maintain that the openness in the smart metering systems (to the public network) increases vulnerabilities in the grid thereby escalating sophisticated threat attacks on the system. In a related study, Flick and Morehouse claim that cyber threats on critical infrastructure systems in general, and the electricity grid, in particular, has become the subject of increasing research interest both in academia and industry [6]. Contributing to this, Giani, et al., argue, the potential consequences of successful cyber attack on the electric grid is staggering [7]. They stated, smart metering which is part of a Smart Grid infrastructure system, incorporates sensing, communication, and distributed control to accommodate renewable generation, Electronic Vehicle (EV) loads, storage, and many other technologies. These activities substantially increase actionable data transfers making the system more vulnerable to cyber attacks, thus, increasing the urgency of cybersecurity research for electric grids [7]. Prior studies explored various aspects of cyber attacks on smart grid and smart metering systems. For instance, Yan et al, summarize possible vulnerabilities and cybersecurity requirements in smart grid communication systems and surveyed solutions capable of counteracting related cybersecurity threats [8]. In a related study, Wei et al. proposed a framework for protecting power grid automation systems against cyber attacks [9]. The proposal includes integration with the existing legacy systems, desirable performance in terms of modularity, scalability, extendibility, and manageability, alignment to the “Roadmap to Secure Control Systems in the Energy Sector” and future intelligent power delivery systems [9]. Cleveland in [3] argued that while various AMI vendors and customers consider encryption as a security proof solution to the threats of cyber adversaries on AMIs, there are other potential cybersecurity challenges facing AMI systems which require research focus. The challenges Cleveland identified include confidentiality, integrity, data availability and non-repudiation. The issues of privacy, confidentiality, and data availability as cybersecurity threats against smart grid systems have also been discussed in the following studies [2], [10]- [14]. 3.0 Smart Metering Functional Architecture The future power grid has a tiered architecture to supply energy to consumers [15]. This modern energy infrastructure system starts from power generation through transmission systems to distribution and eventually to the final consumer. A smart grid system strives to use and coordinate various generations, and production as well as the distribution mechanisms of the grid [15]. Smart metering infrastructure is the core component in a smart grid infrastructure system. It functional architecture represents an automated two- way communication between a smart utility meter and a utility producer [1]. Smart meters identify power consumption by collecting information on such consumption and communicate the information back to the utility company for load monitoring and billing for accounting purposes [1]. By generalizing the structures in [15], [2] and [1], we present functional smart metering architecture as illustrated in figure 1. The architecture consists of a micro-load management unit and it hardware subsystem which houses the various hardware components of the system. Each of the structures has its core components and functions explained below. i. Smart Meter: This is the core of a smart metering infrastructure setup. It acts as the main source of energy-related information or other metrological data and provides interval data for customer energy loads. ii. Smart Metering Communications Network: Like a traditional communication network, the smart metering network provides a path for information flow within the grid. iii. Customer Gateway: This acts as the conduit between a smart metering network and the other smart devices in the grid or within the customer facilities, such as a Home Area Network (HAN) or the Neighborhood Area Network (NAN) Other components within the metering structure include: iv. The Wide Area Network (WAN) Interface: It collects metering and control information from the Server systems and relays the readings and status of the meter to the server. v. The Home Area Network (HAN): This serves as the communication medium for device interface sensors, actuator/network relays, the In-Home Display (IHD) units, etc. This
Page 3 of 7 communication medium can be a single unidirectional or bidirectional or a combination of multiple technologies such as power line carrier (PLC), Ethernet, or wireless communication technologies (e.g. Z-Wave, Bluetooth, ZigBee, WiFi, RF mesh, and WLAN (802.11)). vi. The WAN gateway: This acts as the link between the metering Unit and the Micro-load metering information system to provide near real-time monitoring and control functions of the metering system and other auxiliary services, by providing access to the electrical utility companies and their consumers. The utility company gains access to the metering system through a computer interface directly connected to the server. Utility consumers are usually provided access to the metering system through the web and/or mobile application interface, giving consumers the ability to monitor real-time information about energy consumption and billing, as well as performing home automation activities using integrated mobile devices. Figure 1: Smart Metering Communication Architecture vii. The Home Area Network (HAN) Gateway: It provides a communication channel between the main metering unit and the micro-load controllers. As a result, the microcontrollers and load management can be extended to an off-the-shelf micro-load meter for the use of Electric Vehicle (EV) charging systems and other energy consuming loads. viii. The Neighboring Area Network (NAN) Gateway: Acts as the intermediary tier connecting multiple HANs collectively in the smart grid for the purpose of accumulating energy consumption information from households (the HANs), in a neighborhood and relay the data to the utility company [15] for billing and monitoring. The Metering Unit (MU) is the main control center for the smart metering functional architecture. In the absence of the HAN, the MU monitors the amount of energy being consumed, as well as the ability to curtail power to all consuming devices. Additionally, the Micro-Load Metering Unit (MMU) monitors and reads the consumptions of all the devices and appliances attached to the main meter (including the Electric Vehicle Charging Terminals (EVCT)) by providing granular consumption data for consumption analysis and predicting future energy consumption. The micro- load controller functions to cut-off or connects micro- loads to the main source of electricity via the metering unit. This functionality is linked, to the Direct Load Control (DLC) unit enabling consumers to respond to pricing signals or time-of-use through an application program interface (API) such as Web or App. 4.0 Cybersecurity Challenges in Smart Metering The conventional metering system is embedded with dedicated power devices, which are mostly integrated with control, monitoring and communication functionalities, using closed networks composed of predictable serial communication links. In contrast, smart metering decouples communication and control functionalities from power devices and is modularized for the purposes of scalability and maintenance [2]. Moreover, smart metering core components are usually commercial off-the-shelf (COTS) products from diverse vendors having unknown incompatibilities. Cybersecurity challenges of a smart metering system lie in the system’s inherent vulnerabilities which expose the infrastructure set to various attacks. Sources of vulnerabilities include firmware, hardware architecture, system applications, as well as a network interface. Besides, the bi-directional communication link between the metering unit and main gateway (and Metering Information Server-MIS) leaves the system open for network-related attacks and protocol failure. Other communication attacks include wireless scrambling, eavesdropping, man-in-the-middle attacks, message modification and injection attacks. For example, IP- based devices are susceptible to IP misconfiguration which does exhibit nondeterministic behavior in times of success attack. IP misconfiguration inevitably decreases system operation and reliability. Besides, smart meters are deployed in smart grid as access points for each customer (in the NAN and HAN), in order to manage utility consumption. These devices are usually connected to the Internet through the metering gateway. In addition to IP spoofing, the gateway (both local and global), can become perfect points for intrusions, DoS attacks, and other Internet-based attacks.
Page 4 of 7 Furthermore, per their design, utility consumers usually interact with the metering system through the web and/or mobile application interfaces. Most of these applications are either web-based or stand-alone. Web- based applications are integrated with the metering system application using Application Programming Interface (API). An outdated API code may be susceptible to various attacks exposing the entire metering system to malicious attacks. Additionally, a poorly configured interface design exposes smart metering system to injection and code execution attacks. Furthermore, in the Home Area Network (HAN), such attacks on a metering device could destabilize the communication system leading to a denial of essential services to interdependent components or devices. In the Neighborhood Area Network (NAN), such an attack could lead to distributed denial of service (DDoS) attacks due to inter-meter communication services. While many of these systems are designed with security in mind, security misconfiguration could occur at any level or any part of system design exposing the entire setup to software misconfiguration attack. More so, at the firmware level, smart metering components usually have internal memory used for temporary storage and information processing. Like a conventional metering system, power fluctuations in the grid occasionally cause devices to lose memory leading to data loss. Furthermore, intermittent power fluctuations in semiconductor devices may lead to signal loss and system malfunction. Other security challenges in the smart metering infrastructure include component incompatibilities, as well as device-based (physical) attacks, such as natural disasters, illegitimate use of the device (e.g. pilferage), and masquerading. To overcome these challenges will require innovative research and comprehensive system solutions which focus on the architectural redesign, firmware and hardware reconfiguration, network hardening and dynamic system application design. 4.1 Smart Metering Cyber attack From the above challenges, we present a taxonomy of cybersecurity attack in a smart metering communication system by analyzing system’s inherent vulnerabilities vis-à-vis the potential threat actors. In this taxonomy, six types of vulnerabilities are discussed. Thes are IP Misconfiguration, Injection, DoS, Code Execution, Memory Corruption, and XSS & CSRF. Corresponding threat vectors include physical (device) attack, application (software) attack, network attack, web interface attack, and data attack (see table 1 and figure 2). Table 1 shows our proposed vulnerability threat matrix. In columns III and IV, threat vectors are matched with their corresponding vulnerabilities. Figure 2: Smart metering and corresponding threat attack Table 1: Vulnerability-Threat Matrix Vulnerabilities (V) Cyber-attack vectors (AV) Vulnerability-Threat Matrix Attack Vectors Vulnerabilities IP Misconfiguration (IM) Device Attack (DA) DA IP, MC, CE, D SQL Injection (SI) Application Attack (AA) AA SI, D, CE DoS (D) Network Attack (NA) NA SI, D, CE Code Execution (DE) Web Interface Attack (WiA) WiA SI, D, XC, IP XSS & CSRF (XC) Data Integrity Attack (DA) DA SI, CE Memory Corruption (MC) 4.2 Attack Vectors 4.2.1 Device Attack This is an attack type capable of compromising smart metering devices. It is the first point of call to compromise the functionality of the entire architecture (depending on the devices involved). In HAN, this type of attack could bring entire network down (especially when the metering unit is the target). Similarly, in a NAN, a device attack may affect the resistance of the network which in the extreme case could lead to DDoS attacks on the entire grid. Device attacks may be caused by IP misconfiguration, memory corruption, and wrongly executed code in the device operating system at the middleware layer. 4.2.2 Application Service Attack This is a type of attack that compromises system applications (Web, Mobile, System, etc) which are run on various components of the system. Smart metering
Page 5 of 7 systems run multiple applications both at the local and the server levels. In most cases, these applications are owned by application service providers (ASPs) which are third party vendors. Cyber attacks on these applications will surely compromise the metering system. Common vulnerabilities in this type of attack include SQL injection, code execution, and DoS. 4.2.3 Network Attack This is an attack which aims at compromising intercommunication among devices by either delaying message forwarding or completely failing to deliver. Network attacks may also destruct computational processes within the smart metering system. In HAN, this type of attack aims at destructing the core functionalities of the metering system. Similarly, in a NAN, a network attack may isolate or deny NAN devices from accessing vital information from the neighborhood or addressing messaging request from neighboring devices. Causes of network availability attacks include SQL injection, DoS and code execution in the network infrastructure system. 4.2.4 Web Interface Attack This type of attack presents itself as a result of account enumeration, lack of account lockout or weak account credentials. In this case, an attacker may use weak account credentials (either capture plain-text credentials or enumerate accounts) to access the web interface. Web interface attacks may be caused by cross-site scripting (XSS), cross-site reference forgery (CSRF), IP misconfiguration and SQL injection. Other sources include insecure web interface design and weak account credentials. The attack compromises device integrity and could lead to denial of services. 4.2.5 Data Integrity Attack This is an attack whereby the threat agent attempts to compromise system data by inserting, altering or completely deleting data (either stored or in transmission) so as to deceive smart metering to make wrong decisions or compromise its integrity. Data attacks may be caused by SQL injection and code execution which may be executed by a remote attacker. 5.0 Experimental Evaluation of Cyberattacks against Smart Metering In this section, we demonstrate how SQL injection and DoS attacks could be executed against a smart metering system. These demonstrations were performed on a live server with positive results. In each case, the results show that cyber attack on smart metering systems was successful. SQL injection attack – Algorithm Print header information for URL in target URLs for payload in get request payloads response = send get request probe to server if response.status code == 500 print payload and exist for manual attack for paylaod in post request payloads response = send post request probe to server Figure 3: SQL injection attack – Flowchart SQL injection attack – Python script This function delivers a payload to the server using the http ‘get’ method. To do this, the payload is added to the url. The url sends the request to @params payload {string}. The request parameters for example requests.get('http://www.test.com/', params=payload) will map to http://www.test.com/?key=value ### def http_get(url, payload): r = requests.get(url, params=payload) return process_responds(r) ### This function processes the request to determine if the probe is positive or negative Probing Get (assuming query is contracted: where id = <defined_param> ('Params ', {'make': "'"}) ('Url: ', 'http://metering.grid.com/metering/meter/topup_history'
Page 6 of 7 ) data been sanitised data been sanitised data been sanitised data been sanitised Probbing Post data been sanitised data been sanitised data been sanitised data been sanitised Vulnerability: Weakness found (SQL injection) Threat: data sanitised Effect: sensitive information could be disclosed by injection attack Impact: Data confidentiality and integrity could be compromised Denial of Service Attack DoS attack on the Application layer Attack url: http://metering.smartmeter.com/metering/server/dashbo ard Tool: loadtest (https://www.npmjs.com/package/loadtest) requires nodejs to be installed Test parameter: $ loadtest http://metering.aborsour.com/metering/server/dashboar d -t 50 -c 10 --rps 1000. Figure 4: Results (screenshot) of DoS attack 5.1 Discussion The idea of running both SQLi and DoS attacks on a smart metering system highlights their significant impact on distributed network system, such as smart metering (see table 1). In the case of the former, a payload request was sent to the server to probe the server for vulnerabilities. The server responded with an ACKnowledgement a message header which encourages an attack on the system. This means SQL injection vulnerability in a smart metering system could allow remote authenticated users to execute arbitrary SQL commands via crafted serialized data both on the metering information system server (MISS in figure 2). For example, SQL injection vulnerability in the login page in the user interface device would allow remote attackers to execute arbitrary SQL commands via a crafted URL. Per the CVE 1 database, DoS vulnerability remains the most common vulnerability type and can be exploited by various threat vectors. In the above test, we executed multiple (abnormal) remote requests (1000) to the server from concurrent connections in 50 seconds. The result (figure 4) shows the server failing or executing arbitrary code (system crushing). For example, a buffer overflow in the Point-to-Point Protocol over the Ethernet (PPPoE) module in the customer gateway when CHAP authentication is configured on the server, could allow remote attackers to cause a denial of service or execute arbitrary code via crafted packets sent during authentication. For example, in CVE-2016- 8666, an IP stack in the Linux kernel (before 4.6) allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have an unspecified impact by triggering use of the GRO functions (gro-receive and gro-complete) path for packets with tunnel stacking. 6.0 Conclusion The core objective of smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities [16]. This objective is made plausible by the successful integration of a smart metering system which core value is to automate monitoring of consumer power consumption, efficient energy distribution, billing, and accounting. In this paper, an attempt has been made to evaluate the taxonomy of the system inherent vulnerabilities which expose smart metering to various cyber threat vectors and make case for research effort in this emerging technology. The discussion involved the identification of various vulnerabilities inherent within smart metering components matched with the potential threat vectors capable of exploiting these vulnerabilities. We executed two different attack scenarios (tests) as a proof of concept. Tests results show that vulnerable smart 1 Common Vulnerability Exposure
Page 7 of 7 metering system could be abused by various threat actors via crafted vectors. Finally, it is critical to continue the discussion while at the same time challenging device manufacturers and components’ vendors to design, and implement solutions for such mechanisms so as to counteract threats from cyber adversaries of the electrical grid so as to guarantee consumer utmost trust in a smart metering innovation and transformation. Reference [1] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on smart grid communication infrastructures: Motivations, requirements, and challenges,” Commun. Surv. Tutor. IEEE, vol. 15, no. 1, pp. 5–20, 2013. [2] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing smart grid: cyber attacks, countermeasures, and challenges,” IEEE Commun. Mag., vol. 50, no. 8, pp. 38–45, 2012. [3] F. M. Cleveland, “Cyber security issues for advanced metering infrastructure (ami),” in Power and Energy Society General Meeting- Conversion and Delivery of Electrical Energy in the 21st Century, 2008 IEEE, 2008, pp. 1–5. [4] S. M. Rinaldi, “Modeling and simulating critical infrastructures and their interdependencies,” in System sciences, 2004. Proceedings of the 37th annual Hawaii international conference on, 2004, p. 8–pp. [5] S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, “Identifying, understanding, and analyzing critical infrastructure interdependencies,” Control Syst. IEEE, vol. 21, no. 6, pp. 11–25, 2001. [6] T. Flick and J. Morehouse, Securing the smart grid: next generation power grid security. Elsevier, 2010. [7] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and K. Poolla, “Smart grid data integrity attacks: characterizations and countermeasures π,” in Smart Grid Communications (SmartGridComm), 2011 IEEE International Conference on, 2011, pp. 232–237. [8] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on cybersecurity for smart grid communications,” IEEE Commun. Surv. Tutor., vol. 14, no. 4, pp. 998–1010, 2012. [9] D. Wei, Y. Lu, M. Jafari, P. Skare, and K. Rohde, “An integrated security system of protecting smart grid against cyber attacks,” in Innovative Smart Grid Technologies (ISGT), 2010, 2010, pp. 1–7. [10] J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. Chen, “Cyber security and privacy issues in smart grids,” Commun. Surv. Tutor. IEEE, vol. 14, no. 4, pp. 981–997, 2012. [11] G. N. Ericsson, “Cybersecurity and power system communication—essential parts of a smart grid infrastructure,” IEEE Trans. Power Deliv., vol. 25, no. 3, pp. 1501–1507, 2010. [12] A. Hahn, A. Ashok, S. Sridhar, and M. Govindarasu, “Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid,” IEEE Trans. Smart Grid, vol. 4, no. 2, pp. 847–855, 2013. [13] Z. Lu, X. Lu, W. Wang, and C. Wang, “Review and evaluation of security threats on the communication networks in the smart grid,” in Military Communications Conference, 2010- MILCOM 2010, 2010, pp. 1830–1835. [14] A. R. Metke and R. L. Ekl, “Security technology for smart grid networks,” IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 99–107, 2010. [15] E. Bou-Harb, C. Fachkha, M. Pourzandi, M. Debbabi, and C. Assi, “Communication security for smart grid distribution networks,” IEEE Commun. Mag., vol. 51, no. 1, pp. 42–49, 2013. [16] S. Clements and H. Kirkham, “Cybersecurity considerations for the smart grid,” in IEEE PES General Meeting, 2010, pp. 1–5. View publication stats

Recommended

Running head SMART GRID .docx
Running head SMART GRID .docxRunning head SMART GRID .docx
Running head SMART GRID .docxtodd521
 
Smart Meter Data Privacy: A Survey
Smart Meter Data Privacy: A SurveySmart Meter Data Privacy: A Survey
Smart Meter Data Privacy: A SurveyDaniele Miorandi
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdfAmerican Research Journal of Humanities & Social Science
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
9517cnc08
9517cnc089517cnc08
9517cnc08IJCNCJournal
 

Recommended

Running head SMART GRID .docx
Running head SMART GRID .docxRunning head SMART GRID .docx
Running head SMART GRID .docxtodd521
 
Smart Meter Data Privacy: A Survey
Smart Meter Data Privacy: A SurveySmart Meter Data Privacy: A Survey
Smart Meter Data Privacy: A SurveyDaniele Miorandi
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdfAmerican Research Journal of Humanities & Social Science
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
9517cnc08
9517cnc089517cnc08
9517cnc08IJCNCJournal
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksInternational Journal of Engineering Inventions www.ijeijournal.com
 
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Power System Operation
 
SMART GRID – AN INTRODUCTION
SMART GRID – AN INTRODUCTIONSMART GRID – AN INTRODUCTION
SMART GRID – AN INTRODUCTIONIAEME Publication
 
Smart Grid Technologies in Power Systems An Overview
Smart Grid Technologies in Power Systems An OverviewSmart Grid Technologies in Power Systems An Overview
Smart Grid Technologies in Power Systems An OverviewRaja Larik
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
A Review of anomaly detection techniques in advanced metering infrastructure
A Review of anomaly detection techniques in advanced metering infrastructureA Review of anomaly detection techniques in advanced metering infrastructure
A Review of anomaly detection techniques in advanced metering infrastructurejournalBEEI
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
man_behind_selfhealing_grid
man_behind_selfhealing_gridman_behind_selfhealing_grid
man_behind_selfhealing_gridMassoud Amin
 
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET Journal
 
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...nilesh405711
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart GridIJERD Editor
 
Salsa20 based lightweight security scheme for smart meter communication in sm...
Salsa20 based lightweight security scheme for smart meter communication in sm...Salsa20 based lightweight security scheme for smart meter communication in sm...
Salsa20 based lightweight security scheme for smart meter communication in sm...TELKOMNIKA JOURNAL
 
Smart Grid Resilience Issues & Enhancements
Smart Grid Resilience Issues & EnhancementsSmart Grid Resilience Issues & Enhancements
Smart Grid Resilience Issues & EnhancementsIRJET Journal
 
Technologies used in Smart grids for power distribution
Technologies used in Smart grids for power distributionTechnologies used in Smart grids for power distribution
Technologies used in Smart grids for power distributionRaja Larik
 
A Review Of Recent Development In Smart Grid And Micro Grid Laboratories
A Review Of Recent Development In Smart Grid And Micro Grid LaboratoriesA Review Of Recent Development In Smart Grid And Micro Grid Laboratories
A Review Of Recent Development In Smart Grid And Micro Grid LaboratoriesJoaquin Hamad
 
Security Attacks and Countermeasures on Cloud Assisted IoT App.docx
Security Attacks and Countermeasures on Cloud Assisted IoT App.docxSecurity Attacks and Countermeasures on Cloud Assisted IoT App.docx
Security Attacks and Countermeasures on Cloud Assisted IoT App.docxedgar6wallace88877
 
IRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET Journal
 
Smart ppts22222222222grid
Smart ppts22222222222gridSmart ppts22222222222grid
Smart ppts22222222222gridavvariharish
 
etfa2014-CR.pdf
etfa2014-CR.pdfetfa2014-CR.pdf
etfa2014-CR.pdfJohn Paul
 
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdfBhekumuzi Xaba
 

More Related Content

Similar to Evaluation of cybersecurity threats -mdms.pdf

Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Power System Operation
 
SMART GRID – AN INTRODUCTION
SMART GRID – AN INTRODUCTIONSMART GRID – AN INTRODUCTION
SMART GRID – AN INTRODUCTIONIAEME Publication
 
Smart Grid Technologies in Power Systems An Overview
Smart Grid Technologies in Power Systems An OverviewSmart Grid Technologies in Power Systems An Overview
Smart Grid Technologies in Power Systems An OverviewRaja Larik
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
A Review of anomaly detection techniques in advanced metering infrastructure
A Review of anomaly detection techniques in advanced metering infrastructureA Review of anomaly detection techniques in advanced metering infrastructure
A Review of anomaly detection techniques in advanced metering infrastructurejournalBEEI
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
man_behind_selfhealing_grid
man_behind_selfhealing_gridman_behind_selfhealing_grid
man_behind_selfhealing_gridMassoud Amin
 
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET Journal
 
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...nilesh405711
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart GridIJERD Editor
 
Salsa20 based lightweight security scheme for smart meter communication in sm...
Salsa20 based lightweight security scheme for smart meter communication in sm...Salsa20 based lightweight security scheme for smart meter communication in sm...
Salsa20 based lightweight security scheme for smart meter communication in sm...TELKOMNIKA JOURNAL
 
Smart Grid Resilience Issues & Enhancements
Smart Grid Resilience Issues & EnhancementsSmart Grid Resilience Issues & Enhancements
Smart Grid Resilience Issues & EnhancementsIRJET Journal
 
Technologies used in Smart grids for power distribution
Technologies used in Smart grids for power distributionTechnologies used in Smart grids for power distribution
Technologies used in Smart grids for power distributionRaja Larik
 
A Review Of Recent Development In Smart Grid And Micro Grid Laboratories
A Review Of Recent Development In Smart Grid And Micro Grid LaboratoriesA Review Of Recent Development In Smart Grid And Micro Grid Laboratories
A Review Of Recent Development In Smart Grid And Micro Grid LaboratoriesJoaquin Hamad
 
Security Attacks and Countermeasures on Cloud Assisted IoT App.docx
Security Attacks and Countermeasures on Cloud Assisted IoT App.docxSecurity Attacks and Countermeasures on Cloud Assisted IoT App.docx
Security Attacks and Countermeasures on Cloud Assisted IoT App.docxedgar6wallace88877
 
IRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET Journal
 
Smart ppts22222222222grid
Smart ppts22222222222gridSmart ppts22222222222grid
Smart ppts22222222222gridavvariharish
 
etfa2014-CR.pdf
etfa2014-CR.pdfetfa2014-CR.pdf
etfa2014-CR.pdfJohn Paul
 

Similar to Evaluation of cybersecurity threats -mdms.pdf (20)

Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
 
SMART GRID – AN INTRODUCTION
SMART GRID – AN INTRODUCTIONSMART GRID – AN INTRODUCTION
SMART GRID – AN INTRODUCTION
 
Smart Grid Technologies in Power Systems An Overview
Smart Grid Technologies in Power Systems An OverviewSmart Grid Technologies in Power Systems An Overview
Smart Grid Technologies in Power Systems An Overview
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
A Review of anomaly detection techniques in advanced metering infrastructure
A Review of anomaly detection techniques in advanced metering infrastructureA Review of anomaly detection techniques in advanced metering infrastructure
A Review of anomaly detection techniques in advanced metering infrastructure
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart grids
 
man_behind_selfhealing_grid
man_behind_selfhealing_gridman_behind_selfhealing_grid
man_behind_selfhealing_grid
 
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
 
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart Grid
 
Salsa20 based lightweight security scheme for smart meter communication in sm...
Salsa20 based lightweight security scheme for smart meter communication in sm...Salsa20 based lightweight security scheme for smart meter communication in sm...
Salsa20 based lightweight security scheme for smart meter communication in sm...
 
Smart Grid Resilience Issues & Enhancements
Smart Grid Resilience Issues & EnhancementsSmart Grid Resilience Issues & Enhancements
Smart Grid Resilience Issues & Enhancements
 
Technologies used in Smart grids for power distribution
Technologies used in Smart grids for power distributionTechnologies used in Smart grids for power distribution
Technologies used in Smart grids for power distribution
 
A Review Of Recent Development In Smart Grid And Micro Grid Laboratories
A Review Of Recent Development In Smart Grid And Micro Grid LaboratoriesA Review Of Recent Development In Smart Grid And Micro Grid Laboratories
A Review Of Recent Development In Smart Grid And Micro Grid Laboratories
 
Security Attacks and Countermeasures on Cloud Assisted IoT App.docx
Security Attacks and Countermeasures on Cloud Assisted IoT App.docxSecurity Attacks and Countermeasures on Cloud Assisted IoT App.docx
Security Attacks and Countermeasures on Cloud Assisted IoT App.docx
 
IRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider Attack
 
Smart ppts22222222222grid
Smart ppts22222222222gridSmart ppts22222222222grid
Smart ppts22222222222grid
 
etfa2014-CR.pdf
etfa2014-CR.pdfetfa2014-CR.pdf
etfa2014-CR.pdf
 

More from Bhekumuzi Xaba

How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdfBhekumuzi Xaba
 
IFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdf
IFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdfIFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdf
IFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdfBhekumuzi Xaba
 
02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf
02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf
02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdfBhekumuzi Xaba
 
GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...
GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...
GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...Bhekumuzi Xaba
 
The-Money-Remittance-Regulations-2013.pdf
The-Money-Remittance-Regulations-2013.pdfThe-Money-Remittance-Regulations-2013.pdf
The-Money-Remittance-Regulations-2013.pdfBhekumuzi Xaba
 
Configuration of Meter_Data_Management_Systems.pdf
Configuration of Meter_Data_Management_Systems.pdfConfiguration of Meter_Data_Management_Systems.pdf
Configuration of Meter_Data_Management_Systems.pdfBhekumuzi Xaba
 
ITV presentation eng.ppt
ITV presentation eng.pptITV presentation eng.ppt
ITV presentation eng.pptBhekumuzi Xaba
 
Diabetes and covid 19-risks
Diabetes and covid 19-risksDiabetes and covid 19-risks
Diabetes and covid 19-risksBhekumuzi Xaba
 
Intelligent transport system presentation
Intelligent transport system presentationIntelligent transport system presentation
Intelligent transport system presentationBhekumuzi Xaba
 
Legal requirements of starting a textile business in south africa
Legal requirements of starting a textile business in south africaLegal requirements of starting a textile business in south africa
Legal requirements of starting a textile business in south africaBhekumuzi Xaba
 
Sample green-clean-presentation
Sample green-clean-presentationSample green-clean-presentation
Sample green-clean-presentationBhekumuzi Xaba
 
Guidelines for staging events within the city of tshwane
Guidelines for staging events within the city of tshwaneGuidelines for staging events within the city of tshwane
Guidelines for staging events within the city of tshwaneBhekumuzi Xaba
 

More from Bhekumuzi Xaba (16)

How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
 
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
2012_MMU_Managing-the-risk-of-fraud-in-mobile-money.pdf
 
IFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdf
IFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdfIFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdf
IFRC-Fraud-and-Corruption-prevention-and-control-policy_English.pdf
 
02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf
02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf
02122021_BANKING_FRAUD_ITS_DETECTION,_PREVENTION_AND_REPORTING.pdf
 
GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...
GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...
GSMA_September_2017_Guidelines_On_International_Remittances_Through_Mobile_Mo...
 
The-Money-Remittance-Regulations-2013.pdf
The-Money-Remittance-Regulations-2013.pdfThe-Money-Remittance-Regulations-2013.pdf
The-Money-Remittance-Regulations-2013.pdf
 
Configuration of Meter_Data_Management_Systems.pdf
Configuration of Meter_Data_Management_Systems.pdfConfiguration of Meter_Data_Management_Systems.pdf
Configuration of Meter_Data_Management_Systems.pdf
 
ITV presentation eng.ppt
ITV presentation eng.pptITV presentation eng.ppt
ITV presentation eng.ppt
 
Next generation BPM
Next generation BPMNext generation BPM
Next generation BPM
 
Diabetes and covid 19-risks
Diabetes and covid 19-risksDiabetes and covid 19-risks
Diabetes and covid 19-risks
 
Intelligent transport system presentation
Intelligent transport system presentationIntelligent transport system presentation
Intelligent transport system presentation
 
Legal requirements of starting a textile business in south africa
Legal requirements of starting a textile business in south africaLegal requirements of starting a textile business in south africa
Legal requirements of starting a textile business in south africa
 
Sample green-clean-presentation
Sample green-clean-presentationSample green-clean-presentation
Sample green-clean-presentation
 
Guidelines for staging events within the city of tshwane
Guidelines for staging events within the city of tshwaneGuidelines for staging events within the city of tshwane
Guidelines for staging events within the city of tshwane
 
Ptp overview
Ptp overviewPtp overview
Ptp overview
 
Fight Force Security
Fight Force SecurityFight Force Security
Fight Force Security
 

Recently uploaded

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Evaluation of cybersecurity threats -mdms.pdf

  • 1. See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/318601090 Evaluation of Cybersecurity Threats on Smart Metering System Chapter in Advances in Intelligent Systems and Computing · July 2018 DOI: 10.1007/978-3-319-54978-1_28 CITATIONS 14 READS 8,935 4 authors: Some of the authors of this publication are also working on these related projects: Microload Management in Generation Constrained Environment View project Russian global information warfare View project Samuel Tweneboah-Koduah Aarhus Business School 11 PUBLICATIONS 219 CITATIONS SEE PROFILE Anthony Tsetse Northern Kentucky University 25 PUBLICATIONS 113 CITATIONS SEE PROFILE Julius Quarshie Azasoo The University of Northampton 16 PUBLICATIONS 96 CITATIONS SEE PROFILE Barbara Endicott-Popovsky University of Washington Seattle 100 PUBLICATIONS 688 CITATIONS SEE PROFILE All content following this page was uploaded by Samuel Tweneboah-Koduah on 23 March 2018. The user has requested enhancement of the downloaded file.
  • 2. Page 1 of 7 Evaluation of cybersecurity threats on Smart Metering System Abstract Smart metering has emerged as the next-generation of energy distribution, consumption, and monitoring systems via the convergence of power engineering and information and communication technology (ICT) integration otherwise known as smart grid systems. While the innovation is advancing the future power generation, distribution, consumption monitoring and information delivery, the success of the platform is positively correlated to the thriving integration of technologies upon which the system is built. Nonetheless, the rising trend of cybersecurity attacks on cyber infrastructure and its dependent systems coupled with the system’s inherent vulnerabilities present a source of concern not only to the vendors but also the consumers. These security concerns need to be addressed in order to increase consumer confidence so as to ensure greatest adoption and success of smart metering. In this paper, we present a functional communication architecture of the smart metering system. Following that, we demonstrate and discuss the taxonomy of smart metering common vulnerabilities exposure, upon which sophisticated threats can capitalize. We then introduce countermeasure techniques, whose integration is considered pivotal for achieving security protection against existing and future sophisticated attacks on smart metering systems. Keywords Smart Metering Infrastructure, Power Engineering, Smart Grid, Cybersecurity, Cyber Threats, Cyber Attack 1.0 Introduction The modernization of the modern power grid systems otherwise known as the smart grid has been developed for the purpose of enabling bidirectional flows of metering information in order to provide consumers with diverse choices as to how, when, and how much electricity they use. Integrated within the smart grid infrastructure setup is smart metering which core objective is to automate the monitoring of consumers’ power consumption, for the purpose of billing and accounting. Smart metering infrastructure otherwise known as Advanced Metering Infrastructure (AMI), is the core component in smart grid infrastructure systems. The functional architecture represents an automated two-way communication between a smart utility meter and a utility producer [1]. The metering system monitors consumers’ power consumption by collecting information on such consumption and communicating such information back to the utility company for load monitoring and billing [1]. Additionally, smart metering infrastructure provides better monitoring of power consumption and efficient and more transparent billing system to consumers. Thus, the utility providers are able to apply different price models for power consumption based on the time of day and season power is consumed [2]. By design, smart metering enables consumers to access their own real-time use of power consumption information through a web interface and mobile app service. These goals could not have been achieved and realized without the integration of communication technology infrastructure required to gather, assemble, and synthesize data provided by smart meters and other interconnected components. Smart Metering (SM) has gradually become an interest to both research and industrial communities most importantly to utility companies, energy regulators, energy distribution vendors as well as energy conservation societies [3]. The adoption and use of smart metering are advancing in recent times due to the ability to integrate information and communication technologies with the development of energy infrastructure systems. Notwithstanding, the recent upsurge in cyber attacks against critical infrastructure systems threatens the smooth functioning of smart metering infrastructure development and the electric grid as a whole. In this paper, we assess some of the major cybersecurity issues in smart metering infrastructure. Our goal is to provide an initial step to classify the system’s inherent vulnerabilities and the potential threats capable of exploiting the vulnerabilities. We evaluate this by demonstrating the feasibility and impact of various threat vectors upon a smart metering communication infrastructure network. This paper is organized as follows. Beginning with this introduction, the next section reviews the state of the art of smart metering system. In Section III, smart metering functional architecture is presented. Section IV explores the evaluation of cybersecurity challenges on smart metering. We discuss the study findings in section V and then conclude the paper in Section VI. 2.0 Related studies The concept of smart metering has advanced in recent times due to the integration of information and communication technologies into energy development. Rinaldi classified such integration as cyber interdependency [4]. In a related study, Rinaldi, et al.
  • 3. Page 2 of 7 argued that interdependencies in critical infrastructure systems give rise to functional and non-functional challenges which do not exist in the single infrastructural system [5]. Accordingly, Li et al, posit that smart metering is part of the smart grid infrastructure system and for that matter, security attacks may take place both in the physical space, as in the conventional power grid, as well as in the cyberspace as in any modern communication infrastructure network [2]. Smart metering infrastructure system is often microprocessor-based which supports wireless connectivity for easy control and monitoring. Li et al. argue that smart meters are massively deployed as access points and are mostly connected to the Internet to engage customers in utility management. These access points, conversely, have become ideal ports for intrusions, penetration and other malicious attacks [2]. Conversely, Li et al, maintain that the openness in the smart metering systems (to the public network) increases vulnerabilities in the grid thereby escalating sophisticated threat attacks on the system. In a related study, Flick and Morehouse claim that cyber threats on critical infrastructure systems in general, and the electricity grid, in particular, has become the subject of increasing research interest both in academia and industry [6]. Contributing to this, Giani, et al., argue, the potential consequences of successful cyber attack on the electric grid is staggering [7]. They stated, smart metering which is part of a Smart Grid infrastructure system, incorporates sensing, communication, and distributed control to accommodate renewable generation, Electronic Vehicle (EV) loads, storage, and many other technologies. These activities substantially increase actionable data transfers making the system more vulnerable to cyber attacks, thus, increasing the urgency of cybersecurity research for electric grids [7]. Prior studies explored various aspects of cyber attacks on smart grid and smart metering systems. For instance, Yan et al, summarize possible vulnerabilities and cybersecurity requirements in smart grid communication systems and surveyed solutions capable of counteracting related cybersecurity threats [8]. In a related study, Wei et al. proposed a framework for protecting power grid automation systems against cyber attacks [9]. The proposal includes integration with the existing legacy systems, desirable performance in terms of modularity, scalability, extendibility, and manageability, alignment to the “Roadmap to Secure Control Systems in the Energy Sector” and future intelligent power delivery systems [9]. Cleveland in [3] argued that while various AMI vendors and customers consider encryption as a security proof solution to the threats of cyber adversaries on AMIs, there are other potential cybersecurity challenges facing AMI systems which require research focus. The challenges Cleveland identified include confidentiality, integrity, data availability and non-repudiation. The issues of privacy, confidentiality, and data availability as cybersecurity threats against smart grid systems have also been discussed in the following studies [2], [10]- [14]. 3.0 Smart Metering Functional Architecture The future power grid has a tiered architecture to supply energy to consumers [15]. This modern energy infrastructure system starts from power generation through transmission systems to distribution and eventually to the final consumer. A smart grid system strives to use and coordinate various generations, and production as well as the distribution mechanisms of the grid [15]. Smart metering infrastructure is the core component in a smart grid infrastructure system. It functional architecture represents an automated two- way communication between a smart utility meter and a utility producer [1]. Smart meters identify power consumption by collecting information on such consumption and communicate the information back to the utility company for load monitoring and billing for accounting purposes [1]. By generalizing the structures in [15], [2] and [1], we present functional smart metering architecture as illustrated in figure 1. The architecture consists of a micro-load management unit and it hardware subsystem which houses the various hardware components of the system. Each of the structures has its core components and functions explained below. i. Smart Meter: This is the core of a smart metering infrastructure setup. It acts as the main source of energy-related information or other metrological data and provides interval data for customer energy loads. ii. Smart Metering Communications Network: Like a traditional communication network, the smart metering network provides a path for information flow within the grid. iii. Customer Gateway: This acts as the conduit between a smart metering network and the other smart devices in the grid or within the customer facilities, such as a Home Area Network (HAN) or the Neighborhood Area Network (NAN) Other components within the metering structure include: iv. The Wide Area Network (WAN) Interface: It collects metering and control information from the Server systems and relays the readings and status of the meter to the server. v. The Home Area Network (HAN): This serves as the communication medium for device interface sensors, actuator/network relays, the In-Home Display (IHD) units, etc. This
  • 4. Page 3 of 7 communication medium can be a single unidirectional or bidirectional or a combination of multiple technologies such as power line carrier (PLC), Ethernet, or wireless communication technologies (e.g. Z-Wave, Bluetooth, ZigBee, WiFi, RF mesh, and WLAN (802.11)). vi. The WAN gateway: This acts as the link between the metering Unit and the Micro-load metering information system to provide near real-time monitoring and control functions of the metering system and other auxiliary services, by providing access to the electrical utility companies and their consumers. The utility company gains access to the metering system through a computer interface directly connected to the server. Utility consumers are usually provided access to the metering system through the web and/or mobile application interface, giving consumers the ability to monitor real-time information about energy consumption and billing, as well as performing home automation activities using integrated mobile devices. Figure 1: Smart Metering Communication Architecture vii. The Home Area Network (HAN) Gateway: It provides a communication channel between the main metering unit and the micro-load controllers. As a result, the microcontrollers and load management can be extended to an off-the-shelf micro-load meter for the use of Electric Vehicle (EV) charging systems and other energy consuming loads. viii. The Neighboring Area Network (NAN) Gateway: Acts as the intermediary tier connecting multiple HANs collectively in the smart grid for the purpose of accumulating energy consumption information from households (the HANs), in a neighborhood and relay the data to the utility company [15] for billing and monitoring. The Metering Unit (MU) is the main control center for the smart metering functional architecture. In the absence of the HAN, the MU monitors the amount of energy being consumed, as well as the ability to curtail power to all consuming devices. Additionally, the Micro-Load Metering Unit (MMU) monitors and reads the consumptions of all the devices and appliances attached to the main meter (including the Electric Vehicle Charging Terminals (EVCT)) by providing granular consumption data for consumption analysis and predicting future energy consumption. The micro- load controller functions to cut-off or connects micro- loads to the main source of electricity via the metering unit. This functionality is linked, to the Direct Load Control (DLC) unit enabling consumers to respond to pricing signals or time-of-use through an application program interface (API) such as Web or App. 4.0 Cybersecurity Challenges in Smart Metering The conventional metering system is embedded with dedicated power devices, which are mostly integrated with control, monitoring and communication functionalities, using closed networks composed of predictable serial communication links. In contrast, smart metering decouples communication and control functionalities from power devices and is modularized for the purposes of scalability and maintenance [2]. Moreover, smart metering core components are usually commercial off-the-shelf (COTS) products from diverse vendors having unknown incompatibilities. Cybersecurity challenges of a smart metering system lie in the system’s inherent vulnerabilities which expose the infrastructure set to various attacks. Sources of vulnerabilities include firmware, hardware architecture, system applications, as well as a network interface. Besides, the bi-directional communication link between the metering unit and main gateway (and Metering Information Server-MIS) leaves the system open for network-related attacks and protocol failure. Other communication attacks include wireless scrambling, eavesdropping, man-in-the-middle attacks, message modification and injection attacks. For example, IP- based devices are susceptible to IP misconfiguration which does exhibit nondeterministic behavior in times of success attack. IP misconfiguration inevitably decreases system operation and reliability. Besides, smart meters are deployed in smart grid as access points for each customer (in the NAN and HAN), in order to manage utility consumption. These devices are usually connected to the Internet through the metering gateway. In addition to IP spoofing, the gateway (both local and global), can become perfect points for intrusions, DoS attacks, and other Internet-based attacks.
  • 5. Page 4 of 7 Furthermore, per their design, utility consumers usually interact with the metering system through the web and/or mobile application interfaces. Most of these applications are either web-based or stand-alone. Web- based applications are integrated with the metering system application using Application Programming Interface (API). An outdated API code may be susceptible to various attacks exposing the entire metering system to malicious attacks. Additionally, a poorly configured interface design exposes smart metering system to injection and code execution attacks. Furthermore, in the Home Area Network (HAN), such attacks on a metering device could destabilize the communication system leading to a denial of essential services to interdependent components or devices. In the Neighborhood Area Network (NAN), such an attack could lead to distributed denial of service (DDoS) attacks due to inter-meter communication services. While many of these systems are designed with security in mind, security misconfiguration could occur at any level or any part of system design exposing the entire setup to software misconfiguration attack. More so, at the firmware level, smart metering components usually have internal memory used for temporary storage and information processing. Like a conventional metering system, power fluctuations in the grid occasionally cause devices to lose memory leading to data loss. Furthermore, intermittent power fluctuations in semiconductor devices may lead to signal loss and system malfunction. Other security challenges in the smart metering infrastructure include component incompatibilities, as well as device-based (physical) attacks, such as natural disasters, illegitimate use of the device (e.g. pilferage), and masquerading. To overcome these challenges will require innovative research and comprehensive system solutions which focus on the architectural redesign, firmware and hardware reconfiguration, network hardening and dynamic system application design. 4.1 Smart Metering Cyber attack From the above challenges, we present a taxonomy of cybersecurity attack in a smart metering communication system by analyzing system’s inherent vulnerabilities vis-à-vis the potential threat actors. In this taxonomy, six types of vulnerabilities are discussed. Thes are IP Misconfiguration, Injection, DoS, Code Execution, Memory Corruption, and XSS & CSRF. Corresponding threat vectors include physical (device) attack, application (software) attack, network attack, web interface attack, and data attack (see table 1 and figure 2). Table 1 shows our proposed vulnerability threat matrix. In columns III and IV, threat vectors are matched with their corresponding vulnerabilities. Figure 2: Smart metering and corresponding threat attack Table 1: Vulnerability-Threat Matrix Vulnerabilities (V) Cyber-attack vectors (AV) Vulnerability-Threat Matrix Attack Vectors Vulnerabilities IP Misconfiguration (IM) Device Attack (DA) DA IP, MC, CE, D SQL Injection (SI) Application Attack (AA) AA SI, D, CE DoS (D) Network Attack (NA) NA SI, D, CE Code Execution (DE) Web Interface Attack (WiA) WiA SI, D, XC, IP XSS & CSRF (XC) Data Integrity Attack (DA) DA SI, CE Memory Corruption (MC) 4.2 Attack Vectors 4.2.1 Device Attack This is an attack type capable of compromising smart metering devices. It is the first point of call to compromise the functionality of the entire architecture (depending on the devices involved). In HAN, this type of attack could bring entire network down (especially when the metering unit is the target). Similarly, in a NAN, a device attack may affect the resistance of the network which in the extreme case could lead to DDoS attacks on the entire grid. Device attacks may be caused by IP misconfiguration, memory corruption, and wrongly executed code in the device operating system at the middleware layer. 4.2.2 Application Service Attack This is a type of attack that compromises system applications (Web, Mobile, System, etc) which are run on various components of the system. Smart metering
  • 6. Page 5 of 7 systems run multiple applications both at the local and the server levels. In most cases, these applications are owned by application service providers (ASPs) which are third party vendors. Cyber attacks on these applications will surely compromise the metering system. Common vulnerabilities in this type of attack include SQL injection, code execution, and DoS. 4.2.3 Network Attack This is an attack which aims at compromising intercommunication among devices by either delaying message forwarding or completely failing to deliver. Network attacks may also destruct computational processes within the smart metering system. In HAN, this type of attack aims at destructing the core functionalities of the metering system. Similarly, in a NAN, a network attack may isolate or deny NAN devices from accessing vital information from the neighborhood or addressing messaging request from neighboring devices. Causes of network availability attacks include SQL injection, DoS and code execution in the network infrastructure system. 4.2.4 Web Interface Attack This type of attack presents itself as a result of account enumeration, lack of account lockout or weak account credentials. In this case, an attacker may use weak account credentials (either capture plain-text credentials or enumerate accounts) to access the web interface. Web interface attacks may be caused by cross-site scripting (XSS), cross-site reference forgery (CSRF), IP misconfiguration and SQL injection. Other sources include insecure web interface design and weak account credentials. The attack compromises device integrity and could lead to denial of services. 4.2.5 Data Integrity Attack This is an attack whereby the threat agent attempts to compromise system data by inserting, altering or completely deleting data (either stored or in transmission) so as to deceive smart metering to make wrong decisions or compromise its integrity. Data attacks may be caused by SQL injection and code execution which may be executed by a remote attacker. 5.0 Experimental Evaluation of Cyberattacks against Smart Metering In this section, we demonstrate how SQL injection and DoS attacks could be executed against a smart metering system. These demonstrations were performed on a live server with positive results. In each case, the results show that cyber attack on smart metering systems was successful. SQL injection attack – Algorithm Print header information for URL in target URLs for payload in get request payloads response = send get request probe to server if response.status code == 500 print payload and exist for manual attack for paylaod in post request payloads response = send post request probe to server Figure 3: SQL injection attack – Flowchart SQL injection attack – Python script This function delivers a payload to the server using the http ‘get’ method. To do this, the payload is added to the url. The url sends the request to @params payload {string}. The request parameters for example requests.get('http://www.test.com/', params=payload) will map to http://www.test.com/?key=value ### def http_get(url, payload): r = requests.get(url, params=payload) return process_responds(r) ### This function processes the request to determine if the probe is positive or negative Probing Get (assuming query is contracted: where id = <defined_param> ('Params ', {'make': "'"}) ('Url: ', 'http://metering.grid.com/metering/meter/topup_history'
  • 7. Page 6 of 7 ) data been sanitised data been sanitised data been sanitised data been sanitised Probbing Post data been sanitised data been sanitised data been sanitised data been sanitised Vulnerability: Weakness found (SQL injection) Threat: data sanitised Effect: sensitive information could be disclosed by injection attack Impact: Data confidentiality and integrity could be compromised Denial of Service Attack DoS attack on the Application layer Attack url: http://metering.smartmeter.com/metering/server/dashbo ard Tool: loadtest (https://www.npmjs.com/package/loadtest) requires nodejs to be installed Test parameter: $ loadtest http://metering.aborsour.com/metering/server/dashboar d -t 50 -c 10 --rps 1000. Figure 4: Results (screenshot) of DoS attack 5.1 Discussion The idea of running both SQLi and DoS attacks on a smart metering system highlights their significant impact on distributed network system, such as smart metering (see table 1). In the case of the former, a payload request was sent to the server to probe the server for vulnerabilities. The server responded with an ACKnowledgement a message header which encourages an attack on the system. This means SQL injection vulnerability in a smart metering system could allow remote authenticated users to execute arbitrary SQL commands via crafted serialized data both on the metering information system server (MISS in figure 2). For example, SQL injection vulnerability in the login page in the user interface device would allow remote attackers to execute arbitrary SQL commands via a crafted URL. Per the CVE 1 database, DoS vulnerability remains the most common vulnerability type and can be exploited by various threat vectors. In the above test, we executed multiple (abnormal) remote requests (1000) to the server from concurrent connections in 50 seconds. The result (figure 4) shows the server failing or executing arbitrary code (system crushing). For example, a buffer overflow in the Point-to-Point Protocol over the Ethernet (PPPoE) module in the customer gateway when CHAP authentication is configured on the server, could allow remote attackers to cause a denial of service or execute arbitrary code via crafted packets sent during authentication. For example, in CVE-2016- 8666, an IP stack in the Linux kernel (before 4.6) allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have an unspecified impact by triggering use of the GRO functions (gro-receive and gro-complete) path for packets with tunnel stacking. 6.0 Conclusion The core objective of smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities [16]. This objective is made plausible by the successful integration of a smart metering system which core value is to automate monitoring of consumer power consumption, efficient energy distribution, billing, and accounting. In this paper, an attempt has been made to evaluate the taxonomy of the system inherent vulnerabilities which expose smart metering to various cyber threat vectors and make case for research effort in this emerging technology. The discussion involved the identification of various vulnerabilities inherent within smart metering components matched with the potential threat vectors capable of exploiting these vulnerabilities. We executed two different attack scenarios (tests) as a proof of concept. Tests results show that vulnerable smart 1 Common Vulnerability Exposure
  • 8. Page 7 of 7 metering system could be abused by various threat actors via crafted vectors. Finally, it is critical to continue the discussion while at the same time challenging device manufacturers and components’ vendors to design, and implement solutions for such mechanisms so as to counteract threats from cyber adversaries of the electrical grid so as to guarantee consumer utmost trust in a smart metering innovation and transformation. Reference [1] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on smart grid communication infrastructures: Motivations, requirements, and challenges,” Commun. Surv. Tutor. IEEE, vol. 15, no. 1, pp. 5–20, 2013. [2] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing smart grid: cyber attacks, countermeasures, and challenges,” IEEE Commun. Mag., vol. 50, no. 8, pp. 38–45, 2012. [3] F. M. Cleveland, “Cyber security issues for advanced metering infrastructure (ami),” in Power and Energy Society General Meeting- Conversion and Delivery of Electrical Energy in the 21st Century, 2008 IEEE, 2008, pp. 1–5. [4] S. M. Rinaldi, “Modeling and simulating critical infrastructures and their interdependencies,” in System sciences, 2004. Proceedings of the 37th annual Hawaii international conference on, 2004, p. 8–pp. [5] S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, “Identifying, understanding, and analyzing critical infrastructure interdependencies,” Control Syst. IEEE, vol. 21, no. 6, pp. 11–25, 2001. [6] T. Flick and J. Morehouse, Securing the smart grid: next generation power grid security. Elsevier, 2010. [7] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and K. Poolla, “Smart grid data integrity attacks: characterizations and countermeasures π,” in Smart Grid Communications (SmartGridComm), 2011 IEEE International Conference on, 2011, pp. 232–237. [8] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on cybersecurity for smart grid communications,” IEEE Commun. Surv. Tutor., vol. 14, no. 4, pp. 998–1010, 2012. [9] D. Wei, Y. Lu, M. Jafari, P. Skare, and K. Rohde, “An integrated security system of protecting smart grid against cyber attacks,” in Innovative Smart Grid Technologies (ISGT), 2010, 2010, pp. 1–7. [10] J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. Chen, “Cyber security and privacy issues in smart grids,” Commun. Surv. Tutor. IEEE, vol. 14, no. 4, pp. 981–997, 2012. [11] G. N. Ericsson, “Cybersecurity and power system communication—essential parts of a smart grid infrastructure,” IEEE Trans. Power Deliv., vol. 25, no. 3, pp. 1501–1507, 2010. [12] A. Hahn, A. Ashok, S. Sridhar, and M. Govindarasu, “Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid,” IEEE Trans. Smart Grid, vol. 4, no. 2, pp. 847–855, 2013. [13] Z. Lu, X. Lu, W. Wang, and C. Wang, “Review and evaluation of security threats on the communication networks in the smart grid,” in Military Communications Conference, 2010- MILCOM 2010, 2010, pp. 1830–1835. [14] A. R. Metke and R. L. Ekl, “Security technology for smart grid networks,” IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 99–107, 2010. [15] E. Bou-Harb, C. Fachkha, M. Pourzandi, M. Debbabi, and C. Assi, “Communication security for smart grid distribution networks,” IEEE Commun. Mag., vol. 51, no. 1, pp. 42–49, 2013. [16] S. Clements and H. Kirkham, “Cybersecurity considerations for the smart grid,” in IEEE PES General Meeting, 2010, pp. 1–5. View publication stats