A real-time testbed environment for cyber-physical security on the power grid

TY - GEN

T1 - A real-time testbed environment for cyber-physical security on the power grid

AU - Koutsandria, Georgia

AU - Gentz, Reinhard

AU - Jamei, Mahdi

AU - Scaglione, Anna

AU - Peisert, Sean

AU - McParland, Chuck

PY - 2015/10/16

Y1 - 2015/10/16

N2 - The trustworthiness and security of cyber-physical systems (CPSs), such as the power grid, are of paramount importance to ensure their safe operation, performance, and economic efficiency. The aim of many cyber-physical security techniques, such as network intrusion detection systems (NIDSs) for CPSs, is to ensure continuous reliable operation even in exposed network environments. But the validation of such methods goes well beyond standard network analysis, since meaningful tests must also integrate realistic understanding of the physical systems behavior and response to the network activity. Our goal in this paper is to showcase an example of a testbed environment that can support such validation. In it, real network traffic, emulating and industrial control network, interacts with simulated physical models in real-time, extending and leveraging "hardware-inthe-loop" and "cyber-in-the-loop" capabilities. The testbed is a bridge between theory and practice and offers a number of features, including network communications, data management, as well as the virtualization of cyber-physical state analytics performed by the NIDS. The traffic is captured by real network taps and is forwarded to a real data management environment, receiving also the data reports from the simulated industrial control environment. To illustrate the capabilities of our testbed we show how the data are cross-checked by a "physics aware" NIDS, identifying network traffic that does not comply with its cyber-physical security rules.

AB - The trustworthiness and security of cyber-physical systems (CPSs), such as the power grid, are of paramount importance to ensure their safe operation, performance, and economic efficiency. The aim of many cyber-physical security techniques, such as network intrusion detection systems (NIDSs) for CPSs, is to ensure continuous reliable operation even in exposed network environments. But the validation of such methods goes well beyond standard network analysis, since meaningful tests must also integrate realistic understanding of the physical systems behavior and response to the network activity. Our goal in this paper is to showcase an example of a testbed environment that can support such validation. In it, real network traffic, emulating and industrial control network, interacts with simulated physical models in real-time, extending and leveraging "hardware-inthe-loop" and "cyber-in-the-loop" capabilities. The testbed is a bridge between theory and practice and offers a number of features, including network communications, data management, as well as the virtualization of cyber-physical state analytics performed by the NIDS. The traffic is captured by real network taps and is forwarded to a real data management environment, receiving also the data reports from the simulated industrial control environment. To illustrate the capabilities of our testbed we show how the data are cross-checked by a "physics aware" NIDS, identifying network traffic that does not comply with its cyber-physical security rules.

KW - Cyber-physical security

KW - Cyber-physical systems

KW - Intrusion detection systems

KW - Power grid

KW - Testbed

UR - http://www.scopus.com/inward/record.url?scp=84964893547&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84964893547&partnerID=8YFLogxK

U2 - 10.1145/2808705.2808707

DO - 10.1145/2808705.2808707

M3 - Conference contribution

AN - SCOPUS:84964893547

SN - 9781450338271

SP - 67

EP - 78

BT - CPS-SPC 2015 - Proceedings of the 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, co-located with CCS 2015

PB - Association for Computing Machinery, Inc

ER -