Security of Smart Grid Communication

Protection of industrial communication systems against cyber attacks has become
a great challenge during the past years due to the convergence of Operational
Technologies (OT) and Information Technologies (IT), adoption of the TCP/IP to
industrial networks, and the rising level of automation and intelligent control
of industrial processes. Security and safety of critical infrastructure systems
that include power plants, substations, water and gas distribution, traffic
control systems, etc., can be implemented on various levels. In this work we
focus on security of industrial system via high-level communication monitoring
and automated anomaly detection. The first issue that should be addressed for
cyber security of ICS communication is high-level visibility of transmitted
commands. For this taks we adopt Netflow/IPFIX technology extended by meta-data
obtained from ICS protocol headers, e.g., transmitted commands, device status,
requested objects, etc. Enhanced visiblity provides rich data for detection of
unexpected events like malfunctioning or cyber attacks. Second part of this work
introduces two technique for anomaly detection of ICS communication. The first
technique models communication sequences using probabilistic automata and observe
the frequency of their occurence. If an unknown sequence or a sequence with
unexpected frequence is found, it is considered as anomaly. The second technique
applies statistical modeling where we observe typical distribution of packet
features like inter-arrival time and direction. Using learnt distributions we
create a profile of a normal communication. When a communication deviates
significantly from the learnt profile, anomaly alarm is raised. By combination of
both technique we are able to detect common anomalies and cyber attack vectors
that are typical for smart grid communication. Application of the presented
approach can improve security of smart grid networks.