The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation

Juha Parssinen; Petra Raussi; Sami Noponen; Mikael Opas; Jarno Salonen

doi:10.1109/ISDFS55398.2022.9800831

The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation

Juha Parssinen, Petra Raussi, Sami Noponen, Mikael Opas^*, Jarno Salonen

^*Corresponding author for this work

BA6403 Cybersecurity engineering and automation

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

6 Citations (Scopus)

Abstract

Our research presented in this article comprises of network based cyber-attacks in a laboratory setup consisting of a power grid substation implemented as a hardware-in-the-loop simulation with hardware (Intelligent Electronic Devices a.k.a. IEDs), and the analysis on how these cyber-attacks can be detected using network forensics. The investigated cyber-attacks exploit the IEC 61850 MMS and GOOSE protocols, and one of the attacks has been already implemented in an existing malware. Additionally we organized a cybersecurity themed workshop for energy sector companies in Finland. The workshop participants were given a task to search for the aforementioned cyber-attacks from network traffic captures. The key finding from the workshop is that for the domain expert it is crucial to know different kind of cyber-attack scenarios in order to detect and mitigate them in a timely manner.

Original language	English
Title of host publication	10th International Symposium on Digital Forensics and Security, ISDFS 2022
Editors	Asaf Varol, Murat Karabatak, Cihan Varol
Publisher	IEEE Institute of Electrical and Electronic Engineers
ISBN (Electronic)	978-1-66549-796-1
DOIs	https://doi.org/10.1109/ISDFS55398.2022.9800831
Publication status	Published - 2022
MoE publication type	A4 Article in a conference publication
Event	10th International Symposium on Digital Forensics and Security, ISDFS 2022 - Istanbul, Turkey Duration: 6 Jun 2022 → 7 Jun 2022

Conference

Conference	10th International Symposium on Digital Forensics and Security, ISDFS 2022
Country/Territory	Turkey
City	Istanbul
Period	6/06/22 → 7/06/22

Funding

This article is based on research conducted in the Secure Collaborative Intelligent Industrial Assets (SeCoIIA) project that aims at securing the digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. The project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 871967.

Keywords

critical infrastructure protection
cyber-attack
digital forensics
hardware-in-the-loop
power grid
sub-station

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/ISDFS55398.2022.9800831

Cite this

Parssinen, J., Raussi, P., Noponen, S., Opas, M., & Salonen, J. (2022). The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation. In A. Varol, M. Karabatak, & C. Varol (Eds.), 10th International Symposium on Digital Forensics and Security, ISDFS 2022 IEEE Institute of Electrical and Electronic Engineers. https://doi.org/10.1109/ISDFS55398.2022.9800831

@inproceedings{cd2c3f4d0e3543f69c04c94e00404673,

title = "The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation",

abstract = "Our research presented in this article comprises of network based cyber-attacks in a laboratory setup consisting of a power grid substation implemented as a hardware-in-the-loop simulation with hardware (Intelligent Electronic Devices a.k.a. IEDs), and the analysis on how these cyber-attacks can be detected using network forensics. The investigated cyber-attacks exploit the IEC 61850 MMS and GOOSE protocols, and one of the attacks has been already implemented in an existing malware. Additionally we organized a cybersecurity themed workshop for energy sector companies in Finland. The workshop participants were given a task to search for the aforementioned cyber-attacks from network traffic captures. The key finding from the workshop is that for the domain expert it is crucial to know different kind of cyber-attack scenarios in order to detect and mitigate them in a timely manner.",

keywords = "critical infrastructure protection, cyber-attack, digital forensics, hardware-in-the-loop, power grid, sub-station",

author = "Juha Parssinen and Petra Raussi and Sami Noponen and Mikael Opas and Jarno Salonen",

note = "Funding Information: This article is based on research conducted in the Secure Collaborative Intelligent Industrial Assets (SeCoIIA) project that aims at securing the digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. The project has received funding from the European Union{\textquoteright}s Horizon 2020 research and innovation programme under grant agreement No 871967. Publisher Copyright: {\textcopyright} 2022 IEEE.; 10th International Symposium on Digital Forensics and Security, ISDFS 2022 ; Conference date: 06-06-2022 Through 07-06-2022",

year = "2022",

doi = "10.1109/ISDFS55398.2022.9800831",

language = "English",

editor = "Asaf Varol and Murat Karabatak and Cihan Varol",

booktitle = "10th International Symposium on Digital Forensics and Security, ISDFS 2022",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

address = "United States",

}

Parssinen, J , Raussi, P, Noponen, S, Opas, M & Salonen, J 2022, The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation. in A Varol, M Karabatak & C Varol (eds), 10th International Symposium on Digital Forensics and Security, ISDFS 2022. IEEE Institute of Electrical and Electronic Engineers, 10th International Symposium on Digital Forensics and Security, ISDFS 2022, Istanbul, Turkey, 6/06/22. https://doi.org/10.1109/ISDFS55398.2022.9800831

The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation. / Parssinen, Juha ; Raussi, Petra; Noponen, Sami et al.
10th International Symposium on Digital Forensics and Security, ISDFS 2022. ed. / Asaf Varol; Murat Karabatak; Cihan Varol. IEEE Institute of Electrical and Electronic Engineers, 2022.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation

AU - Parssinen, Juha

AU - Raussi, Petra

AU - Noponen, Sami

AU - Opas, Mikael

AU - Salonen, Jarno

N1 - Funding Information: This article is based on research conducted in the Secure Collaborative Intelligent Industrial Assets (SeCoIIA) project that aims at securing the digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. The project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 871967. Publisher Copyright: © 2022 IEEE.

PY - 2022

Y1 - 2022

N2 - Our research presented in this article comprises of network based cyber-attacks in a laboratory setup consisting of a power grid substation implemented as a hardware-in-the-loop simulation with hardware (Intelligent Electronic Devices a.k.a. IEDs), and the analysis on how these cyber-attacks can be detected using network forensics. The investigated cyber-attacks exploit the IEC 61850 MMS and GOOSE protocols, and one of the attacks has been already implemented in an existing malware. Additionally we organized a cybersecurity themed workshop for energy sector companies in Finland. The workshop participants were given a task to search for the aforementioned cyber-attacks from network traffic captures. The key finding from the workshop is that for the domain expert it is crucial to know different kind of cyber-attack scenarios in order to detect and mitigate them in a timely manner.

AB - Our research presented in this article comprises of network based cyber-attacks in a laboratory setup consisting of a power grid substation implemented as a hardware-in-the-loop simulation with hardware (Intelligent Electronic Devices a.k.a. IEDs), and the analysis on how these cyber-attacks can be detected using network forensics. The investigated cyber-attacks exploit the IEC 61850 MMS and GOOSE protocols, and one of the attacks has been already implemented in an existing malware. Additionally we organized a cybersecurity themed workshop for energy sector companies in Finland. The workshop participants were given a task to search for the aforementioned cyber-attacks from network traffic captures. The key finding from the workshop is that for the domain expert it is crucial to know different kind of cyber-attack scenarios in order to detect and mitigate them in a timely manner.

KW - critical infrastructure protection

KW - cyber-attack

KW - digital forensics

KW - hardware-in-the-loop

KW - power grid

KW - sub-station

UR - http://www.scopus.com/inward/record.url?scp=85134224936&partnerID=8YFLogxK

U2 - 10.1109/ISDFS55398.2022.9800831

DO - 10.1109/ISDFS55398.2022.9800831

M3 - Conference article in proceedings

AN - SCOPUS:85134224936

BT - 10th International Symposium on Digital Forensics and Security, ISDFS 2022

A2 - Varol, Asaf

A2 - Karabatak, Murat

A2 - Varol, Cihan

PB - IEEE Institute of Electrical and Electronic Engineers

T2 - 10th International Symposium on Digital Forensics and Security, ISDFS 2022

Y2 - 6 June 2022 through 7 June 2022

ER -

The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation

Abstract

Conference

Funding

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Wireless 5G for Medium-Voltage Grid IEC 61850 based Protection Communication

SeCoIIA: Secure Collaborative Intelligent Industrial Assets

IntelligentEnergy testbed

Cite this

The Digital Forensics of Cyber-Attacks at Electrical Power Grid Substation

Abstract

Conference

Funding

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Research output

Wireless 5G for Medium-Voltage Grid IEC 61850 based Protection Communication

Projects

SeCoIIA: Secure Collaborative Intelligent Industrial Assets

Equipment

IntelligentEnergy testbed

Cite this