Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers

Power system substations have intelligent electronic devices (IEDs) that collect data and control other devices. As the bridge between the physical and cyber parts of the power system, IEDs capture some key system behaviors. Since adversaries can modify the system's behavior, physical and cyber...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE transactions on industry applications 2022-09, Vol.58 (5), p.5921-5934
Hauptverfasser:	Huang, Hao, Wlazlo, Patrick, Mao, Zeyu, Sahu, Abhijeet, Davis, Katherine, Goulart, Ana, Zonouz, Saman, Davis, Charles M.
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Automatic control Communication networks Contingency Control equipment Control systems Cyber-physical power systems cyber-physical security Cyberattack Cybersecurity Data collection DNP3 Electric power grids Electronic devices Energy management Engineering Hardware hardware-in-the-loop testbed IEC 61131 Logic Power grids Power systems Real-time systems Security Substations
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	5934
container_issue	5
container_start_page	5921
container_title	IEEE transactions on industry applications
container_volume	58
creator	Huang, Hao Wlazlo, Patrick Mao, Zeyu Sahu, Abhijeet Davis, Katherine Goulart, Ana Zonouz, Saman Davis, Charles M.
description	Power system substations have intelligent electronic devices (IEDs) that collect data and control other devices. As the bridge between the physical and cyber parts of the power system, IEDs capture some key system behaviors. Since adversaries can modify the system's behavior, physical and cyber data can be used to infer characteristics about the adversary. In this article, we present alert and control logic for hardware-based power system defense using the physical data and communication status in substation IEDs for cyber threat detection , cyber-physical contingency detection and response , and physical contingency identification and response . The proposed alert and control logic routines are implemented in an industrial real-time automation controller using IEC 61131-3 in the resilient energy systems lab testbed. The goal is to help operators identify adversaries and protect the power grid in a cyber-physical environment. The effectiveness and accuracy of logic schemes are validated under different adversarial scenarios. Comparing the proposed schemes with an intrusion detection system, Snort, our results also suggest the benefits of using cyber and physical data to identify threats. The results also suggest the use of such hardware-based schemes with software algorithms in a next-generation cyber-physical energy management system, which can implement automatic control actions to protect power grids and its physical equipment against cyber threats.
doi_str_mv	10.1109/TIA.2022.3186660
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_9808163</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9808163</ieee_id><sourcerecordid>2716349658</sourcerecordid><originalsourceid>FETCH-LOGICAL-c360t-67d725d9c0ee3bf3c26c26a6b7d8ac728a6f91850506d3d7b18791a32384d9203</originalsourceid><addsrcrecordid>eNo9kEtLAzEUhYMoWKt7wU3Q9dQ8ZjLJsoyvQkEXFXEVMpmMTR2TmqSL_nujU4QLd3G-c-7lAHCJ0QxjJG5Xi_mMIEJmFHPGGDoCEyyoKARl9TGYICRoIYQoT8FZjBuEcFnhcgLem31rgkpJ6U94Z3rjooFvNq3hn1C8rPfRajXA-WBCgsp1sPEuBT_Apf-wGloHF67bxRRspg5aZuM5OOnVEM3FYU_B68P9qnkqls-Pi2a-LDRlKBWs7mpSdUIjY2jbU01YHsXauuNK14Qr1gvMK1Qh1tGubjGvBVaUUF52giA6Bddjro_JyqhtMnqtvXNGJ4kFz8YyQzcjtA3-e2dikhu_Cy7_JUmNGS0Fq3im0Ejp4GMMppfbYL9U2EuM5G_LMrcsf1uWh5az5Wq0WGPMP56v8pxKfwDwq3ca</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2716349658</pqid></control><display><type>article</type><title>Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers</title><source>IEEE Electronic Library (IEL)</source><creator>Huang, Hao ; Wlazlo, Patrick ; Mao, Zeyu ; Sahu, Abhijeet ; Davis, Katherine ; Goulart, Ana ; Zonouz, Saman ; Davis, Charles M.</creator><creatorcontrib>Huang, Hao ; Wlazlo, Patrick ; Mao, Zeyu ; Sahu, Abhijeet ; Davis, Katherine ; Goulart, Ana ; Zonouz, Saman ; Davis, Charles M. ; Texas A & M Univ., College Station, TX (United States). Texas A & M Engineering Experiment Station</creatorcontrib><description>Power system substations have intelligent electronic devices (IEDs) that collect data and control other devices. As the bridge between the physical and cyber parts of the power system, IEDs capture some key system behaviors. Since adversaries can modify the system's behavior, physical and cyber data can be used to infer characteristics about the adversary. In this article, we present alert and control logic for hardware-based power system defense using the physical data and communication status in substation IEDs for cyber threat detection , cyber-physical contingency detection and response , and physical contingency identification and response . The proposed alert and control logic routines are implemented in an industrial real-time automation controller using IEC 61131-3 in the resilient energy systems lab testbed. The goal is to help operators identify adversaries and protect the power grid in a cyber-physical environment. The effectiveness and accuracy of logic schemes are validated under different adversarial scenarios. Comparing the proposed schemes with an intrusion detection system, Snort, our results also suggest the benefits of using cyber and physical data to identify threats. The results also suggest the use of such hardware-based schemes with software algorithms in a next-generation cyber-physical energy management system, which can implement automatic control actions to protect power grids and its physical equipment against cyber threats.</description><identifier>ISSN: 0093-9994</identifier><identifier>EISSN: 1939-9367</identifier><identifier>DOI: 10.1109/TIA.2022.3186660</identifier><identifier>CODEN: ITIACR</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Algorithms ; Automatic control ; Communication networks ; Contingency ; Control equipment ; Control systems ; Cyber-physical power systems ; cyber-physical security ; Cyberattack ; Cybersecurity ; Data collection ; DNP3 ; Electric power grids ; Electronic devices ; Energy management ; Engineering ; Hardware ; hardware-in-the-loop testbed ; IEC 61131 ; Logic ; Power grids ; Power systems ; Real-time systems ; Security ; Substations</subject><ispartof>IEEE transactions on industry applications, 2022-09, Vol.58 (5), p.5921-5934</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c360t-67d725d9c0ee3bf3c26c26a6b7d8ac728a6f91850506d3d7b18791a32384d9203</citedby><cites>FETCH-LOGICAL-c360t-67d725d9c0ee3bf3c26c26a6b7d8ac728a6f91850506d3d7b18791a32384d9203</cites><orcidid>0000-0001-9047-4047 ; 0000-0001-7184-7485 ; 0000-0002-1603-1122 ; 0000-0003-0841-5123 ; 0000-0002-7647-3758 ; 0000-0003-4855-7441 ; 0000000276473758 ; 0000000171847485 ; 0000000216031122 ; 0000000190474047 ; 0000000348557441 ; 0000000308415123</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9808163$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>230,314,777,781,793,882,27905,27906,54739</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9808163$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc><backlink>$$Uhttps://www.osti.gov/biblio/1980504$$D View this record in Osti.gov$$Hfree_for_read</backlink></links><search><creatorcontrib>Huang, Hao</creatorcontrib><creatorcontrib>Wlazlo, Patrick</creatorcontrib><creatorcontrib>Mao, Zeyu</creatorcontrib><creatorcontrib>Sahu, Abhijeet</creatorcontrib><creatorcontrib>Davis, Katherine</creatorcontrib><creatorcontrib>Goulart, Ana</creatorcontrib><creatorcontrib>Zonouz, Saman</creatorcontrib><creatorcontrib>Davis, Charles M.</creatorcontrib><creatorcontrib>Texas A & M Univ., College Station, TX (United States). Texas A & M Engineering Experiment Station</creatorcontrib><title>Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers</title><title>IEEE transactions on industry applications</title><addtitle>TIA</addtitle><description>Power system substations have intelligent electronic devices (IEDs) that collect data and control other devices. As the bridge between the physical and cyber parts of the power system, IEDs capture some key system behaviors. Since adversaries can modify the system's behavior, physical and cyber data can be used to infer characteristics about the adversary. In this article, we present alert and control logic for hardware-based power system defense using the physical data and communication status in substation IEDs for cyber threat detection , cyber-physical contingency detection and response , and physical contingency identification and response . The proposed alert and control logic routines are implemented in an industrial real-time automation controller using IEC 61131-3 in the resilient energy systems lab testbed. The goal is to help operators identify adversaries and protect the power grid in a cyber-physical environment. The effectiveness and accuracy of logic schemes are validated under different adversarial scenarios. Comparing the proposed schemes with an intrusion detection system, Snort, our results also suggest the benefits of using cyber and physical data to identify threats. The results also suggest the use of such hardware-based schemes with software algorithms in a next-generation cyber-physical energy management system, which can implement automatic control actions to protect power grids and its physical equipment against cyber threats.</description><subject>Algorithms</subject><subject>Automatic control</subject><subject>Communication networks</subject><subject>Contingency</subject><subject>Control equipment</subject><subject>Control systems</subject><subject>Cyber-physical power systems</subject><subject>cyber-physical security</subject><subject>Cyberattack</subject><subject>Cybersecurity</subject><subject>Data collection</subject><subject>DNP3</subject><subject>Electric power grids</subject><subject>Electronic devices</subject><subject>Energy management</subject><subject>Engineering</subject><subject>Hardware</subject><subject>hardware-in-the-loop testbed</subject><subject>IEC 61131</subject><subject>Logic</subject><subject>Power grids</subject><subject>Power systems</subject><subject>Real-time systems</subject><subject>Security</subject><subject>Substations</subject><issn>0093-9994</issn><issn>1939-9367</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kEtLAzEUhYMoWKt7wU3Q9dQ8ZjLJsoyvQkEXFXEVMpmMTR2TmqSL_nujU4QLd3G-c-7lAHCJ0QxjJG5Xi_mMIEJmFHPGGDoCEyyoKARl9TGYICRoIYQoT8FZjBuEcFnhcgLem31rgkpJ6U94Z3rjooFvNq3hn1C8rPfRajXA-WBCgsp1sPEuBT_Apf-wGloHF67bxRRspg5aZuM5OOnVEM3FYU_B68P9qnkqls-Pi2a-LDRlKBWs7mpSdUIjY2jbU01YHsXauuNK14Qr1gvMK1Qh1tGubjGvBVaUUF52giA6Bddjro_JyqhtMnqtvXNGJ4kFz8YyQzcjtA3-e2dikhu_Cy7_JUmNGS0Fq3im0Ejp4GMMppfbYL9U2EuM5G_LMrcsf1uWh5az5Wq0WGPMP56v8pxKfwDwq3ca</recordid><startdate>20220901</startdate><enddate>20220901</enddate><creator>Huang, Hao</creator><creator>Wlazlo, Patrick</creator><creator>Mao, Zeyu</creator><creator>Sahu, Abhijeet</creator><creator>Davis, Katherine</creator><creator>Goulart, Ana</creator><creator>Zonouz, Saman</creator><creator>Davis, Charles M.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>OTOTI</scope><orcidid>https://orcid.org/0000-0001-9047-4047</orcidid><orcidid>https://orcid.org/0000-0001-7184-7485</orcidid><orcidid>https://orcid.org/0000-0002-1603-1122</orcidid><orcidid>https://orcid.org/0000-0003-0841-5123</orcidid><orcidid>https://orcid.org/0000-0002-7647-3758</orcidid><orcidid>https://orcid.org/0000-0003-4855-7441</orcidid><orcidid>https://orcid.org/0000000276473758</orcidid><orcidid>https://orcid.org/0000000171847485</orcidid><orcidid>https://orcid.org/0000000216031122</orcidid><orcidid>https://orcid.org/0000000190474047</orcidid><orcidid>https://orcid.org/0000000348557441</orcidid><orcidid>https://orcid.org/0000000308415123</orcidid></search><sort><creationdate>20220901</creationdate><title>Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers</title><author>Huang, Hao ; Wlazlo, Patrick ; Mao, Zeyu ; Sahu, Abhijeet ; Davis, Katherine ; Goulart, Ana ; Zonouz, Saman ; Davis, Charles M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c360t-67d725d9c0ee3bf3c26c26a6b7d8ac728a6f91850506d3d7b18791a32384d9203</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Algorithms</topic><topic>Automatic control</topic><topic>Communication networks</topic><topic>Contingency</topic><topic>Control equipment</topic><topic>Control systems</topic><topic>Cyber-physical power systems</topic><topic>cyber-physical security</topic><topic>Cyberattack</topic><topic>Cybersecurity</topic><topic>Data collection</topic><topic>DNP3</topic><topic>Electric power grids</topic><topic>Electronic devices</topic><topic>Energy management</topic><topic>Engineering</topic><topic>Hardware</topic><topic>hardware-in-the-loop testbed</topic><topic>IEC 61131</topic><topic>Logic</topic><topic>Power grids</topic><topic>Power systems</topic><topic>Real-time systems</topic><topic>Security</topic><topic>Substations</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Huang, Hao</creatorcontrib><creatorcontrib>Wlazlo, Patrick</creatorcontrib><creatorcontrib>Mao, Zeyu</creatorcontrib><creatorcontrib>Sahu, Abhijeet</creatorcontrib><creatorcontrib>Davis, Katherine</creatorcontrib><creatorcontrib>Goulart, Ana</creatorcontrib><creatorcontrib>Zonouz, Saman</creatorcontrib><creatorcontrib>Davis, Charles M.</creatorcontrib><creatorcontrib>Texas A & M Univ., College Station, TX (United States). Texas A & M Engineering Experiment Station</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>OSTI.GOV</collection><jtitle>IEEE transactions on industry applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Huang, Hao</au><au>Wlazlo, Patrick</au><au>Mao, Zeyu</au><au>Sahu, Abhijeet</au><au>Davis, Katherine</au><au>Goulart, Ana</au><au>Zonouz, Saman</au><au>Davis, Charles M.</au><aucorp>Texas A & M Univ., College Station, TX (United States). Texas A & M Engineering Experiment Station</aucorp><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers</atitle><jtitle>IEEE transactions on industry applications</jtitle><stitle>TIA</stitle><date>2022-09-01</date><risdate>2022</risdate><volume>58</volume><issue>5</issue><spage>5921</spage><epage>5934</epage><pages>5921-5934</pages><issn>0093-9994</issn><eissn>1939-9367</eissn><coden>ITIACR</coden><abstract>Power system substations have intelligent electronic devices (IEDs) that collect data and control other devices. As the bridge between the physical and cyber parts of the power system, IEDs capture some key system behaviors. Since adversaries can modify the system's behavior, physical and cyber data can be used to infer characteristics about the adversary. In this article, we present alert and control logic for hardware-based power system defense using the physical data and communication status in substation IEDs for cyber threat detection , cyber-physical contingency detection and response , and physical contingency identification and response . The proposed alert and control logic routines are implemented in an industrial real-time automation controller using IEC 61131-3 in the resilient energy systems lab testbed. The goal is to help operators identify adversaries and protect the power grid in a cyber-physical environment. The effectiveness and accuracy of logic schemes are validated under different adversarial scenarios. Comparing the proposed schemes with an intrusion detection system, Snort, our results also suggest the benefits of using cyber and physical data to identify threats. The results also suggest the use of such hardware-based schemes with software algorithms in a next-generation cyber-physical energy management system, which can implement automatic control actions to protect power grids and its physical equipment against cyber threats.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TIA.2022.3186660</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0001-9047-4047</orcidid><orcidid>https://orcid.org/0000-0001-7184-7485</orcidid><orcidid>https://orcid.org/0000-0002-1603-1122</orcidid><orcidid>https://orcid.org/0000-0003-0841-5123</orcidid><orcidid>https://orcid.org/0000-0002-7647-3758</orcidid><orcidid>https://orcid.org/0000-0003-4855-7441</orcidid><orcidid>https://orcid.org/0000000276473758</orcidid><orcidid>https://orcid.org/0000000171847485</orcidid><orcidid>https://orcid.org/0000000216031122</orcidid><orcidid>https://orcid.org/0000000190474047</orcidid><orcidid>https://orcid.org/0000000348557441</orcidid><orcidid>https://orcid.org/0000000308415123</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 0093-9994
ispartof	IEEE transactions on industry applications, 2022-09, Vol.58 (5), p.5921-5934
issn	0093-9994 1939-9367
language	eng
recordid	cdi_ieee_primary_9808163
source	IEEE Electronic Library (IEL)
subjects	Algorithms Automatic control Communication networks Contingency Control equipment Control systems Cyber-physical power systems cyber-physical security Cyberattack Cybersecurity Data collection DNP3 Electric power grids Electronic devices Energy management Engineering Hardware hardware-in-the-loop testbed IEC 61131 Logic Power grids Power systems Real-time systems Security Substations
title	Cyberattack Defense With Cyber-Physical Alert and Control Logic in Industrial Controllers
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T17%3A49%3A45IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cyberattack%20Defense%20With%20Cyber-Physical%20Alert%20and%20Control%20Logic%20in%20Industrial%20Controllers&rft.jtitle=IEEE%20transactions%20on%20industry%20applications&rft.au=Huang,%20Hao&rft.aucorp=Texas%20A%20&%20M%20Univ.,%20College%20Station,%20TX%20(United%20States).%20Texas%20A%20&%20M%20Engineering%20Experiment%20Station&rft.date=2022-09-01&rft.volume=58&rft.issue=5&rft.spage=5921&rft.epage=5934&rft.pages=5921-5934&rft.issn=0093-9994&rft.eissn=1939-9367&rft.coden=ITIACR&rft_id=info:doi/10.1109/TIA.2022.3186660&rft_dat=%3Cproquest_RIE%3E2716349658%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2716349658&rft_id=info:pmid/&rft_ieee_id=9808163&rfr_iscdi=true