Abstract
Power grids are undergoing a major modernization process, which is transforming them into Smart Grids. In such cyber-physical systems, a security incident may cause catastrophic consequences. Unfortunately, the number of reported incidents in power grids has been increasing in the last years. In this article we advocate that the adoption of Computer Security Incident Response Teams (CSIRTs) is necessary for the proper management of security incidents in Smart Grids. CSIRTs for Smart Grids must cover different parts of the grid, thus consisting of specialized response teams for handling incidents not only on the physical infrastructure, but also on the Smart Grid equipment and on the IT infrastructure. We thus propose an incident classification to assist the implementation of CSIRTs for Smart Grids, considering the specific concerns of the different response teams. We evaluate attack classifications available in the literature and review a well-known database of Smart Grid security incidents.
References
Yan, Y., Qian, Y., Sharif, H., Tipper, D.: A survey on smart grid communication infrastructures: motivations, requirements and challenges. IEEE Commun. Surv. Tutor. 15(1), 5–20 (2013)
Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: Scada security in the light of cyber-warfare. Comput. Secur. 31(4), 418–436 (2012)
Rahimi, F., Ipakchi, A.: Demand response as a market resource under the smart grid paradigm. IEEE Trans. Smart Grid 1(1), 82–88 (2010)
Bou-Harb, E., Fachkha, C., Pourzandi, M., Debbabi, M., Assi, C.: Communication security for smart grid distribution networks. IEEE Commun. Mag. 51(1), 42–49 (2013)
Chen, P.-Y., Cheng, S.-M., Chen, K.-C.: Smart attacks in smart grid communication networks. IEEE Commun. Mag. 50(8), 24–29 (2012)
Tãÿndel, I.A., Line, M.B., Jaatun, M.G.: Information security incident management: current practice as reported in the literature. Comput. Secur. 45(0), 42–57 (2014)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. In: NIST special publication, pp. 800–882 (2011)
Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber attacks on scada systems. In: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, ser. ITHINGSCPSCOM ’11, pp. 380–388. IEEE Computer Society, Washington (2011)
Wang, W., Lu, Z.: Survey cyber security in the smart grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013). https://doi.org/10.1016/j.comnet.2012.12.017
Igure, V., Laughter, S., Williams, R.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)
Fleury, T., Khurana, H., Welch, V.: Critical Infrastructure Protection II. Towards a Taxonomy of Attacks Against Energy Control Systems, pp. 71–85. Springer, Boston (2008)
Silva, E., Knob, L., Wickboldt, J., Gaspary, L., Granville, L., Schaeffer-Filho, A.: Capitalizing on SDN-based SCADA systems: an anti-eavesdropping case-study. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 165–173 (2015)
Finster, S., Baumgart, I.: Privacy-aware smart metering: a survey. IEEE Commun. Surv. Tutor. 16(3), 1732–1745 (2014)
Wermann, A., Bortolozzo, M., Silva, E., Schaeffer-Filho, A., Gaspary, L., Barcellos, A.: ASTORIA: a framework for attack simulation and evaluation in smart grids. In: Network Operations and Management Symposium (NOMS), 2016 IFIP/IEEE, (2016, to appear)
Swales, A.: Open modbus/tcp specification. Schneider Electr. 29, 1–25 (1999)
Clarke, G.R., Reynders, D., Wright, E.: Practical modern SCADA protocols: DNP3, 60870.5 and related systems. Newnes (2004)
Needham, R.M.: Denial of service. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, ser. CCS ’93, pp. 151–153. ACM, New York (1993). https://doi.org/10.1145/168588.168607
Al-Shurman, M., Yoo, S.-M., Park, S.: Black hole attack in mobile ad hoc networks. In: Proceedings of the 42nd Annual Southeast Regional Conference, ser. ACM-SE 42, pp. 96–97. ACM, New York (2004). https://doi.org/10.1145/986537.986560
Ericsson, G.: Cyber security and power system communication—essential parts of a smart grid infrastructure. IEEE Trans. Power Deliv. 25(3), 1501–1507 (2010)
Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management. J. Inf. Secur. 4(02), 92 (2013)
Brownlee, N., Guttman, E.: RFC 2350-expectations for computer security incident response. Internet RFCs (1998)
Chen, R., Sharman, R., Rao, H.R., Upadhyaya, S.J.: Coordination in emergency response management. Commun. ACM 51(5), 66–73 (2008). https://doi.org/10.1145/1342327.1342340
Grance, B.K.T., Kent, K., Kim, B.: Computer security incident handling guide, recommendations of the national institute of standards and technology NIST800-61 (2004). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf. Accessed 20 Apr 2018
Ruefle, R., Dorofee, A., Mundie, D., Householder, A., Murray, M., Perl, S.: Computer security incident response team development and evolution. IEEE Secur. Priv. 12(5), 16–26 (2014)
West-Brown, M.J., Stikvoort, D., Kossakowski, K.-P., Killcrece, G., Ruefle, R.: Handbook for Computer Security Incident Response Teams (CSIRTs). Technical Report, Software Engineering Institute, Carnegie-Mellon University, Pittsburgh (2003)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16–16 (2011)
Dufkova, A., Budd, J., Homola, J., Marden, M.: Good practice guide for certs in the area of industrial control systems. In: European Network and Information Security Agency (ENISA) (2013)
RISIDATA: RISI: the repository of industrial security incidents (2016). http://www.risidata.com. Accessed 20 Apr 2018
Dell Incorporated: Dell security annual threat report. Technical Report, Dell Incorporated (2015). https://software.dell.com/whitepaper/dell-network-security-threat-report-2014874708. Accessed 19 Jul 2017
Time: Florida’s blackout: a warning sign? Time (2008)
Chikuni, E., Dondo, M.: Investigating the security of electrical power systems scada. AFRICON 2007, 1–7 (2007)
McClanahan, R.H.: SCADA and IP: is network convergence really here? IEEE Ind. Appl. Mag. 9(2), 29–36 (2003)
Barbosa, R.R.R.: Anomaly detection in SCADA systems: a network based approach. Ph.D. dissertation, University of Twente, Enschede (2014). http://doc.utwente.nl/90271/. Accessed 20 Apr 2018
Cardenas, A.A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS ’11, pp. 355–366. ACM, New York (2011). https://doi.org/10.1145/1966913.1966959
Parthasarathy, S., Kundur, D.: Bloom filter based intrusion detection for smart grid scada. In: 2012 25th IEEE Canadian Conference on Electrical Computer Engineering (CCECE), pp. 1–6 (2012)
Asif, M., Al-Harthi, Y.: Intrusion detection system using honey token based encrypted pointers to mitigate cyber threats for critical infrastructure networks. In 2014 IEEE International Conference on Systems, Man and Cybernetics (SMC), pp. 1266–1270 (2014)
Acknowledgements
This work is supported by ProSeG - Information Security, Protection and Resilience in Smart Grids, a research project funded by MCTI/CNPq/CT-ENERG # 33/2013.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Martins, R.J., Knob, L.A.D., da Silva, E.G. et al. Specialized CSIRT for Incident Response Management in Smart Grids. J Netw Syst Manage 27, 269–285 (2019). https://doi.org/10.1007/s10922-018-9458-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-018-9458-z