The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation

Juha Parssinen, Petra Raussi, Sami Noponen, Mikael Opas, Jarno Salonen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

1 Citation (Scopus)

Abstract

Our research presented in this article comprises of network based cyber-attacks in a laboratory setup consisting of a power grid substation implemented as a hardware-in-the-loop simulation with hardware (Intelligent Electronic Devices a.k.a. IEDs), and the analysis on how these cyber-attacks can be detected using network forensics. The investigated cyber-attacks exploit the IEC 61850 MMS and GOOSE protocols, and one of the attacks has been already implemented in an existing malware. Additionally we organized a cybersecurity themed workshop for energy sector companies in Finland. The workshop participants were given a task to search for the aforementioned cyber-attacks from network traffic captures. The key finding from the workshop is that for the domain expert it is crucial to know different kind of cyber-attack scenarios in order to detect and mitigate them in a timely manner.

Original languageEnglish
Title of host publication10th International Symposium on Digital Forensics and Security, ISDFS 2022
EditorsAsaf Varol, Murat Karabatak, Cihan Varol
PublisherIEEE Institute of Electrical and Electronic Engineers
ISBN (Electronic)978-1-66549-796-1
DOIs
Publication statusPublished - 2022
MoE publication typeA4 Article in a conference publication
Event10th International Symposium on Digital Forensics and Security, ISDFS 2022 - Istanbul, Turkey
Duration: 6 Jun 20227 Jun 2022

Conference

Conference10th International Symposium on Digital Forensics and Security, ISDFS 2022
Country/TerritoryTurkey
CityIstanbul
Period6/06/227/06/22

Keywords

  • critical infrastructure protection
  • cyber-attack
  • digital forensics
  • hardware-in-the-loop
  • power grid
  • sub-station

Fingerprint

Dive into the research topics of 'The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation'. Together they form a unique fingerprint.

Cite this