Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations

Vetrivel Subramaniam Rajkumar; Alexandru Stefanov; Shyam Musunuri; Johan de Wit

doi:10.1049/icp.2021.2146

Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations

Vetrivel Subramaniam Rajkumar, Alexandru Stefanov, Shyam Musunuri, Johan de Wit

Intelligent Electrical Power Grids

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

3 Citations (Scopus)

123 Downloads (Pure)

Abstract

Driven by power grid digitalisation, tighter coupling between the cyber and physical layers has introduced cyber security threats. This paper elucidates the emergence and possible consequences of recently identified Information Technology (IT) / Industrial Internet of Things (IIoT) vulnerabilities, i.e., Ripple20, and the threats it poses to power grid cyber security. In this paper, we investigate advanced cyber attack tactics and techniques to exploit Ripple20 and IEC 61850 vulnerabilities through various attack vectors. The presented cyber-physical attack scenarios focus on gaining unauthorised access from pole-mounted reclosers in MV networks to the control centre and substation Operational Technology (OT) systems. Subsequently, the aforementioned vulnerabilities are exploited to maliciously disconnect embedded generation, block substation protection functionality, and cause busbar faults. We then experimentally demonstrate the impact of such advanced cyber attacks on power system operation that initiate cascading failures and cause a blackout. Recommendations and mitigation techniques for advanced cyber threats in the OT domain of distribution system operators are also provided.

Original language	English
Title of host publication	CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distributio
Place of Publication	Geneva, Switzerland
Publisher	IET
Pages	3092-3096
Number of pages	5
Volume	2021
Edition	6
ISBN (Electronic)	978-1-83953-591-8
DOIs	https://doi.org/10.1049/icp.2021.2146
Publication status	Published - 2021
Event	26th International Conference and Exhibition on Electricity Distribution - Geneva, Switzerland Duration: 20 Sept 2021 → 23 Sept 2021 Conference number: 26 https://www.cired2021.org/

Conference

Conference	26th International Conference and Exhibition on Electricity Distribution
Abbreviated title	CIRED 2021
Country/Territory	Switzerland
City	Geneva
Period	20/09/21 → 23/09/21
Internet address	https://www.cired2021.org/

Bibliographical note

Online Conference

Keywords

Power Grids
Cyber Security
Digital Substations

Access to Document

10.1049/icp.2021.2146

CIRED 2021_Paper 0481Accepted author manuscript, 541 KB

Cite this

@inproceedings{25838e57733a4c91a4149b1839cd6319,

title = "Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations",

abstract = "Driven by power grid digitalisation, tighter coupling between the cyber and physical layers has introduced cyber security threats. This paper elucidates the emergence and possible consequences of recently identified Information Technology (IT) / Industrial Internet of Things (IIoT) vulnerabilities, i.e., Ripple20, and the threats it poses to power grid cyber security. In this paper, we investigate advanced cyber attack tactics and techniques to exploit Ripple20 and IEC 61850 vulnerabilities through various attack vectors. The presented cyber-physical attack scenarios focus on gaining unauthorised access from pole-mounted reclosers in MV networks to the control centre and substation Operational Technology (OT) systems. Subsequently, the aforementioned vulnerabilities are exploited to maliciously disconnect embedded generation, block substation protection functionality, and cause busbar faults. We then experimentally demonstrate the impact of such advanced cyber attacks on power system operation that initiate cascading failures and cause a blackout. Recommendations and mitigation techniques for advanced cyber threats in the OT domain of distribution system operators are also provided. ",

keywords = "Power Grids, Cyber Security, Digital Substations",

author = "{Subramaniam Rajkumar}, Vetrivel and Alexandru Stefanov and Shyam Musunuri and {de Wit}, Johan",

note = "Online Conference ; 26th International Conference and Exhibition on Electricity Distribution, CIRED 2021 ; Conference date: 20-09-2021 Through 23-09-2021",

year = "2021",

doi = "10.1049/icp.2021.2146",

language = "English",

volume = "2021",

pages = "3092--3096 ",

booktitle = "CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distributio",

publisher = "IET",

edition = "6",

url = "https://www.cired2021.org/",

}

Subramaniam Rajkumar, V , Stefanov, A, Musunuri, S & de Wit, J 2021, Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations. in CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distributio. 6 edn, vol. 2021, IET, Geneva, Switzerland , pp. 3092-3096 , 26th International Conference and Exhibition on Electricity Distribution, Geneva, Switzerland, 20/09/21. https://doi.org/10.1049/icp.2021.2146

Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations. / Subramaniam Rajkumar, Vetrivel ; Stefanov, Alexandru; Musunuri, Shyam et al.
CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distributio. Vol. 2021 6. ed. Geneva, Switzerland : IET, 2021. p. 3092-3096 .

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations

AU - Subramaniam Rajkumar, Vetrivel

AU - Stefanov, Alexandru

AU - Musunuri, Shyam

AU - de Wit, Johan

N1 - Conference code: 26

PY - 2021

Y1 - 2021

N2 - Driven by power grid digitalisation, tighter coupling between the cyber and physical layers has introduced cyber security threats. This paper elucidates the emergence and possible consequences of recently identified Information Technology (IT) / Industrial Internet of Things (IIoT) vulnerabilities, i.e., Ripple20, and the threats it poses to power grid cyber security. In this paper, we investigate advanced cyber attack tactics and techniques to exploit Ripple20 and IEC 61850 vulnerabilities through various attack vectors. The presented cyber-physical attack scenarios focus on gaining unauthorised access from pole-mounted reclosers in MV networks to the control centre and substation Operational Technology (OT) systems. Subsequently, the aforementioned vulnerabilities are exploited to maliciously disconnect embedded generation, block substation protection functionality, and cause busbar faults. We then experimentally demonstrate the impact of such advanced cyber attacks on power system operation that initiate cascading failures and cause a blackout. Recommendations and mitigation techniques for advanced cyber threats in the OT domain of distribution system operators are also provided.

AB - Driven by power grid digitalisation, tighter coupling between the cyber and physical layers has introduced cyber security threats. This paper elucidates the emergence and possible consequences of recently identified Information Technology (IT) / Industrial Internet of Things (IIoT) vulnerabilities, i.e., Ripple20, and the threats it poses to power grid cyber security. In this paper, we investigate advanced cyber attack tactics and techniques to exploit Ripple20 and IEC 61850 vulnerabilities through various attack vectors. The presented cyber-physical attack scenarios focus on gaining unauthorised access from pole-mounted reclosers in MV networks to the control centre and substation Operational Technology (OT) systems. Subsequently, the aforementioned vulnerabilities are exploited to maliciously disconnect embedded generation, block substation protection functionality, and cause busbar faults. We then experimentally demonstrate the impact of such advanced cyber attacks on power system operation that initiate cascading failures and cause a blackout. Recommendations and mitigation techniques for advanced cyber threats in the OT domain of distribution system operators are also provided.

KW - Power Grids

KW - Cyber Security

KW - Digital Substations

UR - http://www.scopus.com/inward/record.url?scp=85156135014&partnerID=8YFLogxK

U2 - 10.1049/icp.2021.2146

DO - 10.1049/icp.2021.2146

M3 - Conference contribution

VL - 2021

SP - 3092

EP - 3096

BT - CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distributio

PB - IET

CY - Geneva, Switzerland

T2 - 26th International Conference and Exhibition on Electricity Distribution

Y2 - 20 September 2021 through 23 September 2021

ER -

Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this