Showing 1–8 of 8 results for author: van der Velde, D

Towards more realistic co-simulation of cyber-physical energy distribution systems

Authors: Immanuel Hacker, Ömer Sen, Dennis van der Velde, Florian Schmidtke, Andreas Ulbig

Abstract: The increased integration of information and communications technology at the distribution grid level offers broader opportunities for active operational management concepts. At the same time, requirements for resilience against internal and external threats to the power supply, such as outages or cyberattacks, are increasing. The emerging threat landscape needs to be investigated to ensure the se… ▽ More The increased integration of information and communications technology at the distribution grid level offers broader opportunities for active operational management concepts. At the same time, requirements for resilience against internal and external threats to the power supply, such as outages or cyberattacks, are increasing. The emerging threat landscape needs to be investigated to ensure the security of supply of future distribution grids. This extended abstract presents a co-simulation environment to study communication infrastructures for the resilient operation of distribution grids. For this purpose, a communication network emulation and a power grid simulation are combined in a common modular environment. This will provide the basis for cybersecurity investigations and testing of new active operation management concepts for smart grids. Exemplary laboratory tests and attack replications will be used to demonstrate the diverse use cases of our co-simulation approach. △ Less

Submitted 14 October, 2024; originally announced October 2024.

Comments: Published at: IFAC Conference on Networked Systems 2022

Comprehensively Analyzing the Impact of Cyberattacks on Power Grids

Authors: Lennart Bader, Martin Serror, Olav Lamberts, Ömer Sen, Dennis van der Velde, Immanuel Hacker, Julian Filter, Elmar Padilla, Martin Henze

Abstract: The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrast… ▽ More The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures. △ Less

Submitted 16 May, 2023; originally announced May 2023.

Comments: 14 pages, 13 figures, accepted at EuroS&P 2023

On Specification-based Cyber-Attack Detection in Smart Grids

Authors: Ömer Sen Dennis van der Velde, Maik Lühman, Florian Sprünken, Immanuel Hacker, Andreas Ulbig, Michael Andres, Martin Henze

Abstract: The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cybe… ▽ More The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication ows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner. △ Less

Submitted 9 September, 2022; originally announced September 2022.

Journal ref: Energy Inform 5 (Suppl 1), 23 (2022)

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Authors: Ömer Sen, Dennis van der Velde, Philipp Linnartz, Immanuel Hacker, Martin Henze, Michael Andres, Andreas Ulbig

Abstract: With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat lan… ▽ More With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middle-based attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms. △ Less

Submitted 18 October, 2021; originally announced October 2021.

Comments: To be published in Proceedings of 2021 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe)

An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment

Authors: Ömer Sen, Dennis van der Velde, Sebastian N. Peters, Martin Henze

Abstract: While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulati… ▽ More While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios. △ Less

Submitted 5 October, 2021; originally announced October 2021.

Comments: To be published in Proceedings of the CIRED 2021 Conference

Towards an Approach to Contextual Detection of Multi-Stage Cyber Attacks in Smart Grids

Authors: Ömer Sen, Dennis van der Velde, Katharina A. Wehrmeister, Immanuel Hacker, Martin Henze, Michael Andres

Abstract: Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provi… ▽ More Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms. △ Less

Submitted 6 September, 2021; originally announced September 2021.

Comments: To be published in Proceedings of the 2021 International Conference on Smart Energy Systems and Technologies (SEST)

Graph-based Model of Smart Grid Architectures

Authors: Benedikt Klaer, Ömer Sen, Dennis van der Velde, Immanuel Hacker, Michael Andres, Martin Henze

Abstract: The rising use of information and communication technology in smart grids likewise increases the risk of failures that endanger the security of power supply, e.g., due to errors in the communication configuration, faulty control algorithms, or cyber-attacks. Co-simulations can be used to investigate such effects, but require precise modeling of the energy, communication, and information domain wit… ▽ More The rising use of information and communication technology in smart grids likewise increases the risk of failures that endanger the security of power supply, e.g., due to errors in the communication configuration, faulty control algorithms, or cyber-attacks. Co-simulations can be used to investigate such effects, but require precise modeling of the energy, communication, and information domain within an integrated smart grid infrastructure model. Given the complexity and lack of detailed publicly available communication network models for smart grid scenarios, there is a need for an automated and systematic approach to creating such coupled models. In this paper, we present an approach to automatically generate smart grid infrastructure models based on an arbitrary electrical distribution grid model using a generic architectural template. We demonstrate the applicability and unique features of our approach alongside examples concerning network planning, co-simulation setup, and specification of domain-specific intrusion detection systems. △ Less

Submitted 1 September, 2020; originally announced September 2020.

Comments: 6 pages, 5 figures, to be published in Proceedings of the 3rd International Conference on Smart Energy Systems and Technologies (SEST)

Methods for Actors in the Electric Power System to Prevent, Detect and React to ICT Attacks and Failures

Authors: Dennis van der Velde, Martin Henze, Philipp Kathmann, Erik Wassermann, Michael Andres, Detert Bracht, Raphael Ernst, George Hallak, Benedikt Klaer, Philipp Linnartz, Benjamin Meyer, Simon Ofner, Tobias Pletzer, Richard Sethmann

Abstract: The fundamental changes in power supply and increasing decentralization require more active grid operation and an increased integration of ICT at all power system actors. This trend raises complexity and increasingly leads to interactions between primary grid operation and ICT as well as different power system actors. For example, virtual power plants control various assets in the distribution gri… ▽ More The fundamental changes in power supply and increasing decentralization require more active grid operation and an increased integration of ICT at all power system actors. This trend raises complexity and increasingly leads to interactions between primary grid operation and ICT as well as different power system actors. For example, virtual power plants control various assets in the distribution grid via ICT to jointly market existing flexibilities. Failures of ICT or targeted attacks can thus have serious effects on security of supply and system stability. This paper presents a holistic approach to providing methods specifically for actors in the power system for prevention, detection, and reaction to ICT attacks and failures. The focus of our measures are solutions for ICT monitoring, systems for the detection of ICT attacks and intrusions in the process network, and the provision of actionable guidelines as well as a practice environment for the response to potential ICT security incidents. △ Less

Submitted 13 March, 2020; originally announced March 2020.

Comments: 6 pages, 4 figures, to be published in Proceedings of the 2020 6th IEEE International Energy Conference (ENERGYCon)