Projects per year
Abstract
The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Specifically, the paper addresses reconnaissance, DDoS, man-in-the-middle and replay/reflection attacks on IEEE C37.118 and IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.
| Original language | English |
|---|---|
| Title of host publication | 4th International Symposium for ICS & SCADA Cyber Security Research 2016 |
| Publisher | BCS |
| Pages | 53-63 |
| Number of pages | 11 |
| DOIs | |
| Publication status | Published - 25 Aug 2016 |
| Event | 4th International Symposium for ICS & SCADA Cyber Security Research 2016 - Belfast, United Kingdom Duration: 23 Aug 2016 → 25 Aug 2016 http://www.ics-csr.com |
Conference
| Conference | 4th International Symposium for ICS & SCADA Cyber Security Research 2016 |
|---|---|
| Abbreviated title | ICS-CSR 2016 |
| Country/Territory | United Kingdom |
| City | Belfast |
| Period | 23/08/2016 → 25/08/2016 |
| Internet address |
Access to Document
Fingerprint
Dive into the research topics of 'Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid'. Together they form a unique fingerprint.Projects
- 1 Finished
-
R1452ECI: Converged Approach towards Resilient Industrial control systems and Cyber Assurance
Sezer, S. (PI), Laverty, D. (CoI), McLaughlin, K. (CoI), McLoone, S. (CoI) & Morrow, D. J. (CoI)
01/08/2014 → 31/12/2017
Project: Research
Activities
- 1 Membership of external research organisation
-
Research Institute in Trustworthy Industrial Control Systems (External organisation)
McLaughlin, K. (Member)
2014 → …Activity: Membership types › Membership of external research organisation
Research output
- 2 Conference contribution
-
Analysis of IEEE C37.118 and IEC 61850-90-5 Synchrophasor Communication Frameworks
Khan, R., McLaughlin, K., Laverty, D. & Sezer, S., 14 Nov 2016, Proceedings of Power and Energy Society General Meeting (PESGM), 2016. Institute of Electrical and Electronics Engineers Inc., 5 p.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
Open AccessFile45 Citations (Scopus)1874 Downloads (Pure) -
IEEE C37.118-2 Synchrophasor Communication Framework: Overview, Cyber Vulnerabilities Analysis and Performance Evaluation
Khan, R., McLaughlin, K., Laverty, D. & Sezer, S., 21 Feb 2016, Proceedings of the 2nd International Conference on Information Systems Security and Privacy. SciTePress, p. 159-170 12 p.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
File34 Citations (Scopus)3876 Downloads (Pure)