Conference paper Open Access

Attacking IEC-60870-5-104 SCADA Systems

Panagiotis Radoglou-Grammatikis; Panagiotis Sarigiannidis; Ioannis Giannoulakis; Emmanouil Kafetzakis; Emmanouil Panaousis


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <controlfield tag="005">20200520082022.0</controlfield>
  <controlfield tag="001">3834759</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Western Macedonia</subfield>
    <subfield code="a">Panagiotis Sarigiannidis</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Eight Bells Ltd.</subfield>
    <subfield code="a">Ioannis Giannoulakis</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Eight Bells Ltd.</subfield>
    <subfield code="a">Emmanouil Kafetzakis</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Surrey</subfield>
    <subfield code="a">Emmanouil Panaousis</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">243162</subfield>
    <subfield code="z">md5:df49d9ebc2edbfaa7f1e7a579929b4b0</subfield>
    <subfield code="u">https://zenodo.org/record/3834759/files/[7] Attacking-IEC-60870-5-104-SCADA-Systems.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2019-08-29</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-h2020_spear_project</subfield>
    <subfield code="o">oai:zenodo.org:3834759</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">University of Western Macedonia</subfield>
    <subfield code="a">Panagiotis Radoglou-Grammatikis</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Attacking IEC-60870-5-104 SCADA Systems</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-h2020_spear_project</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">787011</subfield>
    <subfield code="a">SPEAR: Secure and PrivatE smArt gRid</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault&amp;#39;s risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.1109/SERVICES.2019.00022</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
</record>
101
586
views
downloads
Views 101
Downloads 586
Data volume 142.5 MB
Unique views 100
Unique downloads 553

Share

Cite as