TY - GEN
T1 - A real-time testbed environment for cyber-physical security on the power grid
AU - Koutsandria, Georgia
AU - Gentz, Reinhard
AU - Jamei, Mahdi
AU - Scaglione, Anna
AU - Peisert, Sean
AU - McParland, Chuck
N1 - Funding Information:
This research was supported in part by the Director, Office of Science, and the Director, Office of Electricity Delivery and Energy Reliability, of the U.S. Department of Energy, under contract DE-AC02-05CH11231. It is also supported in part by the Department of Energy under Award Number DE-OE0000097 and by the National Science Foundation under Grant Number CCF-1018871. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reect those of the sponsors of this work.
PY - 2015/10/16
Y1 - 2015/10/16
N2 - The trustworthiness and security of cyber-physical systems (CPSs), such as the power grid, are of paramount importance to ensure their safe operation, performance, and economic efficiency. The aim of many cyber-physical security techniques, such as network intrusion detection systems (NIDSs) for CPSs, is to ensure continuous reliable operation even in exposed network environments. But the validation of such methods goes well beyond standard network analysis, since meaningful tests must also integrate realistic understanding of the physical systems behavior and response to the network activity. Our goal in this paper is to showcase an example of a testbed environment that can support such validation. In it, real network traffic, emulating and industrial control network, interacts with simulated physical models in real-time, extending and leveraging "hardware-inthe-loop" and "cyber-in-the-loop" capabilities. The testbed is a bridge between theory and practice and offers a number of features, including network communications, data management, as well as the virtualization of cyber-physical state analytics performed by the NIDS. The traffic is captured by real network taps and is forwarded to a real data management environment, receiving also the data reports from the simulated industrial control environment. To illustrate the capabilities of our testbed we show how the data are cross-checked by a "physics aware" NIDS, identifying network traffic that does not comply with its cyber-physical security rules.
AB - The trustworthiness and security of cyber-physical systems (CPSs), such as the power grid, are of paramount importance to ensure their safe operation, performance, and economic efficiency. The aim of many cyber-physical security techniques, such as network intrusion detection systems (NIDSs) for CPSs, is to ensure continuous reliable operation even in exposed network environments. But the validation of such methods goes well beyond standard network analysis, since meaningful tests must also integrate realistic understanding of the physical systems behavior and response to the network activity. Our goal in this paper is to showcase an example of a testbed environment that can support such validation. In it, real network traffic, emulating and industrial control network, interacts with simulated physical models in real-time, extending and leveraging "hardware-inthe-loop" and "cyber-in-the-loop" capabilities. The testbed is a bridge between theory and practice and offers a number of features, including network communications, data management, as well as the virtualization of cyber-physical state analytics performed by the NIDS. The traffic is captured by real network taps and is forwarded to a real data management environment, receiving also the data reports from the simulated industrial control environment. To illustrate the capabilities of our testbed we show how the data are cross-checked by a "physics aware" NIDS, identifying network traffic that does not comply with its cyber-physical security rules.
KW - Cyber-physical security
KW - Cyber-physical systems
KW - Intrusion detection systems
KW - Power grid
KW - Testbed
UR - http://www.scopus.com/inward/record.url?scp=84964893547&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964893547&partnerID=8YFLogxK
U2 - 10.1145/2808705.2808707
DO - 10.1145/2808705.2808707
M3 - Conference contribution
AN - SCOPUS:84964893547
T3 - CPS-SPC 2015 - Proceedings of the 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, co-located with CCS 2015
SP - 67
EP - 78
BT - CPS-SPC 2015 - Proceedings of the 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, co-located with CCS 2015
PB - Association for Computing Machinery, Inc
T2 - 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, CPS-SPC 2015
Y2 - 16 October 2015
ER -