Publication detail

Increasing Visibility of IEC 104 Communication in the Smart Grid

MATOUŠEK, P. RYŠAVÝ, O. GRÉGR, M.

Original Title

Increasing Visibility of IEC 104 Communication in the Smart Grid

English Title

Increasing Visibility of IEC 104 Communication in the Smart Grid

Type

conference paper

Language

en

Original Abstract

Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The  proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.

English abstract

Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The  proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.

Keywords

IEC 104, smart grid, ICS, security monitoring, SCADA, flow monitoring

Released

25.06.2019

Publisher

BCS Learning and Development Ltd.

Location

Swindon

ISBN

978-1-78017-523-2

Book

6th International Symposium for ICS & SCADA Cyber Security Research 2019

Edition

NEUVEDEN

Edition number

NEUVEDEN

Pages from

21

Pages to

30

Pages count

10

URL

Full text in the Digital Library

Documents

BibTex


@inproceedings{BUT159977,
  author="Petr {Matoušek} and Ondřej {Ryšavý} and Matěj {Grégr}",
  title="Increasing Visibility of IEC 104 Communication in the Smart Grid",
  annote="Energy systems like smart grids are part of critical infrastructure and their
interruption or blackout may have fatal consequences on energy production,
distribution, and eventually the life of individual people. In order to secure
communication in Industrial Control Systems (ICS) and detect cyber attacks on
smart grids, we need
to increase visibility of ICS communication so that an operator can see what
commands are sent between ICS devices. Security monitoring of ICS transmission
requires (i) retrieving monitoring data from ICS packets, (ii) processing and
analyzing extracted data, (iii) visualizing the passing communication to the
operator. The  proposed work presents a concept of ICS flow monitoring system
that extracts meta data from ICS packet headers and creates ICS flow records
similarly to Netflow/IPFIX system. ICS flows represent communication in the smart
grid network that is further visualized using dashboard and communication charts.
Unlike traditional monitoring approach that works with network and transport
layer data only, we extend flow monitoring to application layer with focus on ICS
protocols. The proposed approach is demonstrated on
monitoring IEC 60870-5-104 communication.",
  address="BCS Learning and Development Ltd.",
  booktitle="6th International Symposium for ICS & SCADA Cyber Security Research 2019",
  chapter="159977",
  doi="10.14236/ewic/icscsr19.3",
  edition="NEUVEDEN",
  howpublished="print",
  institution="BCS Learning and Development Ltd.",
  year="2019",
  month="june",
  pages="21--30",
  publisher="BCS Learning and Development Ltd.",
  type="conference paper"
}