Compromising the Data Integrity of an Electrical Power Grid SCADA System

Qais Saif Qassim; Norziana Jamil; Maslina Daud; Norhamadi Ja’affar; Wan Azlan Wan Kamarulzaman; Mohammed Najah Mahdi

doi:10.1007/978-981-33-6835-4_40

Compromising the Data Integrity of an Electrical Power Grid SCADA System

Qais Saif Qassim
, Norziana Jamil
, Maslina Daud
, Norhamadi Ja’affar
, Wan Azlan Wan Kamarulzaman
, Mohammed Najah Mahdi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

Supervisory Control and Data Acquisition (SCADA) systems perform monitoring and controlling services in critical national infrastructures such as electrical power generation and distribution, transportation networks, water supply and manufacturing, and production facilities. Cyber-attacks that compromise data integrity in SCADA systems such as an unauthorised manipulation of sensor or control signals could have a severe impact on the operation of the critical national infrastructure as it misleads system operators into making wrong decisions. This work investigates the man-in-the-middle (MITM) attack that aims explicitly at compromising data integrity of SCADA systems. The IEC 60870-5-104 tele-control communication protocol is used as the subject focus because it is a commonly used communication protocol in electrical power SCADA systems for tele-control and monitoring. We conducted several MITM attacks: covering the capturing, modification and injection of control commands, on IEC 60870-5-104 in our power grid SCADA system testbed. We described and performed the attacks in detail, together with several use cases. Based on the Proof-of-Concept (POC) conducted and data that we gathered, it shows that IEC 60870-5-104 is vulnerable against MITM attacks and it can be an entry point of cyberattacks, be it sophisticated or otherwise.

Original language	English
Title of host publication	Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers
Editors	Mohammed Anbar, Nibras Abdullah, Selvakumar Manickam
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	604-626
Number of pages	23
ISBN (Print)	9789813368347
DOIs	https://doi.org/10.1007/978-981-33-6835-4_40
Publication status	Published - 2021
Externally published	Yes
Event	2nd International Conference on Advances in Cyber Security, ACeS 2020 - Penang, Malaysia Duration: Dec 8 2020 → Dec 9 2020

Publication series

Name	Communications in Computer and Information Science
Volume	1347
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	2nd International Conference on Advances in Cyber Security, ACeS 2020
Country/Territory	Malaysia
City	Penang
Period	12/8/20 → 12/9/20

Keywords

Cyber-security
IEC 60870-5-104
Man-in-the-middle
SCADA
Vulnerability

ASJC Scopus subject areas

General Computer Science
General Mathematics

Access to Document

10.1007/978-981-33-6835-4_40

Cite this

Qassim, Q. S., Jamil, N., Daud, M., Ja’affar, N., Kamarulzaman, W. A. W., & Mahdi, M. N. (2021). Compromising the Data Integrity of an Electrical Power Grid SCADA System. In M. Anbar, N. Abdullah, & S. Manickam (Eds.), Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers (pp. 604-626). (Communications in Computer and Information Science; Vol. 1347). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-33-6835-4_40

Compromising the Data Integrity of an Electrical Power Grid SCADA System. / Qassim, Qais Saif; Jamil, Norziana; Daud, Maslina et al.
Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers. ed. / Mohammed Anbar; Nibras Abdullah; Selvakumar Manickam. Springer Science and Business Media Deutschland GmbH, 2021. p. 604-626 (Communications in Computer and Information Science; Vol. 1347).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Qassim, QS, Jamil, N, Daud, M, Ja’affar, N, Kamarulzaman, WAW & Mahdi, MN 2021, Compromising the Data Integrity of an Electrical Power Grid SCADA System. in M Anbar, N Abdullah & S Manickam (eds), Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers. Communications in Computer and Information Science, vol. 1347, Springer Science and Business Media Deutschland GmbH, pp. 604-626, 2nd International Conference on Advances in Cyber Security, ACeS 2020, Penang, Malaysia, 12/8/20. https://doi.org/10.1007/978-981-33-6835-4_40

Qassim QS, Jamil N, Daud M, Ja’affar N, Kamarulzaman WAW, Mahdi MN. Compromising the Data Integrity of an Electrical Power Grid SCADA System. In Anbar M, Abdullah N, Manickam S, editors, Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2021. p. 604-626. (Communications in Computer and Information Science). doi: 10.1007/978-981-33-6835-4_40

Qassim, Qais Saif ; Jamil, Norziana ; Daud, Maslina et al. / Compromising the Data Integrity of an Electrical Power Grid SCADA System. Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers. editor / Mohammed Anbar ; Nibras Abdullah ; Selvakumar Manickam. Springer Science and Business Media Deutschland GmbH, 2021. pp. 604-626 (Communications in Computer and Information Science).

@inproceedings{367bbae6978b4838871f423cf259afd4,

title = "Compromising the Data Integrity of an Electrical Power Grid SCADA System",

abstract = "Supervisory Control and Data Acquisition (SCADA) systems perform monitoring and controlling services in critical national infrastructures such as electrical power generation and distribution, transportation networks, water supply and manufacturing, and production facilities. Cyber-attacks that compromise data integrity in SCADA systems such as an unauthorised manipulation of sensor or control signals could have a severe impact on the operation of the critical national infrastructure as it misleads system operators into making wrong decisions. This work investigates the man-in-the-middle (MITM) attack that aims explicitly at compromising data integrity of SCADA systems. The IEC 60870-5-104 tele-control communication protocol is used as the subject focus because it is a commonly used communication protocol in electrical power SCADA systems for tele-control and monitoring. We conducted several MITM attacks: covering the capturing, modification and injection of control commands, on IEC 60870-5-104 in our power grid SCADA system testbed. We described and performed the attacks in detail, together with several use cases. Based on the Proof-of-Concept (POC) conducted and data that we gathered, it shows that IEC 60870-5-104 is vulnerable against MITM attacks and it can be an entry point of cyberattacks, be it sophisticated or otherwise.",

keywords = "Cyber-security, IEC 60870-5-104, Man-in-the-middle, SCADA, Vulnerability",

author = "Qassim, \{Qais Saif\} and Norziana Jamil and Maslina Daud and Norhamadi Ja{\textquoteright}affar and Kamarulzaman, \{Wan Azlan Wan\} and Mahdi, \{Mohammed Najah\}",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Singapore Pte Ltd.; 2nd International Conference on Advances in Cyber Security, ACeS 2020 ; Conference date: 08-12-2020 Through 09-12-2020",

year = "2021",

doi = "10.1007/978-981-33-6835-4\_40",

language = "English",

isbn = "9789813368347",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "604--626",

editor = "Mohammed Anbar and Nibras Abdullah and Selvakumar Manickam",

booktitle = "Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers",

}

TY - GEN

T1 - Compromising the Data Integrity of an Electrical Power Grid SCADA System

AU - Qassim, Qais Saif

AU - Jamil, Norziana

AU - Daud, Maslina

AU - Ja’affar, Norhamadi

AU - Kamarulzaman, Wan Azlan Wan

AU - Mahdi, Mohammed Najah

PY - 2021

Y1 - 2021

N2 - Supervisory Control and Data Acquisition (SCADA) systems perform monitoring and controlling services in critical national infrastructures such as electrical power generation and distribution, transportation networks, water supply and manufacturing, and production facilities. Cyber-attacks that compromise data integrity in SCADA systems such as an unauthorised manipulation of sensor or control signals could have a severe impact on the operation of the critical national infrastructure as it misleads system operators into making wrong decisions. This work investigates the man-in-the-middle (MITM) attack that aims explicitly at compromising data integrity of SCADA systems. The IEC 60870-5-104 tele-control communication protocol is used as the subject focus because it is a commonly used communication protocol in electrical power SCADA systems for tele-control and monitoring. We conducted several MITM attacks: covering the capturing, modification and injection of control commands, on IEC 60870-5-104 in our power grid SCADA system testbed. We described and performed the attacks in detail, together with several use cases. Based on the Proof-of-Concept (POC) conducted and data that we gathered, it shows that IEC 60870-5-104 is vulnerable against MITM attacks and it can be an entry point of cyberattacks, be it sophisticated or otherwise.

AB - Supervisory Control and Data Acquisition (SCADA) systems perform monitoring and controlling services in critical national infrastructures such as electrical power generation and distribution, transportation networks, water supply and manufacturing, and production facilities. Cyber-attacks that compromise data integrity in SCADA systems such as an unauthorised manipulation of sensor or control signals could have a severe impact on the operation of the critical national infrastructure as it misleads system operators into making wrong decisions. This work investigates the man-in-the-middle (MITM) attack that aims explicitly at compromising data integrity of SCADA systems. The IEC 60870-5-104 tele-control communication protocol is used as the subject focus because it is a commonly used communication protocol in electrical power SCADA systems for tele-control and monitoring. We conducted several MITM attacks: covering the capturing, modification and injection of control commands, on IEC 60870-5-104 in our power grid SCADA system testbed. We described and performed the attacks in detail, together with several use cases. Based on the Proof-of-Concept (POC) conducted and data that we gathered, it shows that IEC 60870-5-104 is vulnerable against MITM attacks and it can be an entry point of cyberattacks, be it sophisticated or otherwise.

KW - Cyber-security

KW - IEC 60870-5-104

KW - Man-in-the-middle

KW - SCADA

KW - Vulnerability

UR - https://www.scopus.com/pages/publications/85101575520

UR - https://www.scopus.com/pages/publications/85101575520#tab=citedBy

U2 - 10.1007/978-981-33-6835-4_40

DO - 10.1007/978-981-33-6835-4_40

M3 - Conference contribution

AN - SCOPUS:85101575520

SN - 9789813368347

T3 - Communications in Computer and Information Science

SP - 604

EP - 626

BT - Advances in Cyber Security - Second International Conference, ACeS 2020, Revised Selected Papers

A2 - Anbar, Mohammed

A2 - Abdullah, Nibras

A2 - Manickam, Selvakumar

PB - Springer Science and Business Media Deutschland GmbH

T2 - 2nd International Conference on Advances in Cyber Security, ACeS 2020

Y2 - 8 December 2020 through 9 December 2020

ER -

Compromising the Data Integrity of an Electrical Power Grid SCADA System

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this