Reverse Engineering of a Power Distribution Network based on the Standard IEC-61850

29 January 2024 | Sala Stringa | 11:00 | Mariano Ceccato (UNIVR) 

Abstract

Recent cyber-attacks on industrial control systems caused remarkable economic and physic damages to critical infrastructures and highlighted the pressing concern of assessing their cyber security posture. Typically, the first step in an attack campaign is “reconnaissance,” i.e., gathering information about the target, a prerequisite to plan and implement subsequent offensive tasks. Our objective is to quantify how much information an attacker can infer about one of the most critical infrastructures, a power distribution network. Our point of view is black box. In fact, no preliminary knowledge of the network is required, besides the fact that it adopts the protocol IEC 61850, an international standard for power networks. Our approach is totally passive, because only network captures are needed (i.e., only network sniffing) and no packets are injected to avoid intrusion detection systems. Our experimental validation shows that the complete layout of a power distribution primary cabin can be inferred, including all the devices (sensors and actuators) and their connection. This was sufficient to mount a proof-of-concept attack campaign, potentially able to permanently compromise the infrastructure.

Bio
Mariano Ceccato is Associate Professor in the Computer Science Department at University of Verona, where he teaches Software Engineering and Cyber Security. He is the contact person for the Computer Science Park that hosts spin-offs and companies collaborating with the Department. Until 2019, he was tenured researcher in Fondazione Bruno Kessler, Trento. He received a PhD in Computer Science from the University of Trento in 2006. He was principal investigator of several publicly funded research projects and private industrial innovation projects. He is the author or coauthor of over 100 research papers published in international journals and conferences/workshops. He was visiting research scientist in the Software Verification and Validation Laboratory Centre for ICT Security, Reliability, and Trust (SnT), University of Luxembourg.