2019
Rafael de Jesus Martins, Luis Augusto Dias Knob, Eduardo Germano da Silva, Juliano Araujo Wickboldt, Alberto Egon Schaeffer-Filho, Lisandro Zambenedetti Granville
Specialized CSIRT for Incident Response Management in Smart Grids Journal Article
In: Journal of Network and Systems Management (JNSM), 27 (1), pp. 269–285, 2019, ISSN: 1064-7570.
Abstract Links BibTeX Tags: CSIRT Incident Management SCADA Smart Grids
@article{DBLP:journals/jnsm/MartinsKSWFG19,
title = {Specialized CSIRT for Incident Response Management in Smart Grids},
author = {Rafael de Jesus Martins and Luis Augusto Dias Knob and Eduardo Germano da Silva and Juliano Araujo Wickboldt and Alberto Egon Schaeffer-Filho and Lisandro Zambenedetti Granville},
url = {https://doi.org/10.1007/s10922-018-9458-z},
doi = {10.1007/s10922-018-9458-z},
issn = {1064-7570},
year = {2019},
date = {2019-01-01},
journal = {Journal of Network and Systems Management (JNSM)},
volume = {27},
number = {1},
pages = {269--285},
abstract = {Power grids are undergoing a major modernization process, which is transforming them into Smart Grids. In such cyber-physical systems, a security incident may cause catastrophic consequences. Unfortunately, the number of reported incidents in power grids has been increasing in the last years. In this article we advocate that the adoption of Computer Security Incident Response Teams (CSIRTs) is necessary for the proper management of security incidents in Smart Grids. CSIRTs for Smart Grids must cover different parts of the grid, thus consisting of specialized response teams for handling incidents not only on the physical infrastructure, but also on the Smart Grid equipment and on the IT infrastructure. We thus propose an incident classification to assist the implementation of CSIRTs for Smart Grids, considering the specific concerns of the different response teams. We evaluate attack classifications available in the literature and review a well-known database of Smart Grid security incidents.},
keywords = {CSIRT, Incident Management, SCADA, Smart Grids},
pubstate = {published},
tppubtype = {article}
}
2016
Eduardo Germano da Silva, Anderson Santos da Silva, Juliano Araujo Wickboldt, Paul Smith, Lisandro Zambenedetti Granville, Alberto Egon Schaeffer-Filho
A One-Class NIDS for SDN-Based SCADA Systems Inproceedings
In: 40th IEEE Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, GA, USA, June 10-14, 2016, pp. 303–312, IEEE Computer Society, 2016, ISSN: 0730-3157.
Abstract Links BibTeX Tags: Anomaly Detection Network Resilience SCADA Smart Grids Software-Defined Networking (SDN)
@inproceedings{DBLP:conf/compsac/SilvaSWSGS16,
title = {A One-Class NIDS for SDN-Based SCADA Systems},
author = {Eduardo Germano da Silva and Anderson Santos da Silva and Juliano Araujo Wickboldt and Paul Smith and Lisandro Zambenedetti Granville and Alberto Egon Schaeffer-Filho},
url = {https://doi.org/10.1109/COMPSAC.2016.32},
doi = {10.1109/COMPSAC.2016.32},
issn = {0730-3157},
year = {2016},
date = {2016-01-01},
booktitle = {40th IEEE Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, GA, USA, June 10-14, 2016},
pages = {303--312},
publisher = {IEEE Computer Society},
abstract = {Power systems are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage system components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this paper, we discuss the benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also present a specific Network-Based Intrusion Detection System (NIDS) for SDN-based SCADA systems, which uses SDN to capture network information and is responsible for monitoring the communication between power grid components. Our approach relies on SDN to periodically gather statistics from network devices, which are then processed by One-Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. Our results indicate that OCC algorithms achieve an approximate accuracy of 98% and can be effectively used to detect cyber-attacks targeted against SCADA systems.},
keywords = {Anomaly Detection, Network Resilience, SCADA, Smart Grids, Software-Defined Networking (SDN)},
pubstate = {published},
tppubtype = {inproceedings}
}
2015
Eduardo Germano da Silva, Luis Augusto Dias Knob, Juliano Araujo Wickboldt, Luciano Paschoal Gaspary, Lisandro Zambenedetti Granville, Alberto Egon Schaeffer-Filho
Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study Inproceedings
In: 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, ON, Canada, 11-15 May, 2015, pp. 165–173, IEEE, 2015, ISSN: 1573-0077.
Abstract Links BibTeX Tags: Anomaly Detection Network Resilience SCADA Smart Grids Software-Defined Networking (SDN)
@inproceedings{DBLP:conf/im/SilvaKWGGF15,
title = {Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study},
author = {Eduardo Germano da Silva and Luis Augusto Dias Knob and Juliano Araujo Wickboldt and Luciano Paschoal Gaspary and Lisandro Zambenedetti Granville and Alberto Egon Schaeffer-Filho},
url = {https://doi.org/10.1109/INM.2015.7140289},
doi = {10.1109/INM.2015.7140289},
issn = {1573-0077},
year = {2015},
date = {2015-01-01},
booktitle = {14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, ON, Canada, 11-15 May, 2015},
pages = {165--173},
publisher = {IEEE},
abstract = {Power grids are responsible for the transmission and distribution of electricity to end-users. These systems are undergoing a modernization process through the use of Information and Communication Technology (ICT), transforming the electric system into Smart Grids. In this context, Supervisory Control and Data Acquisition (SCADA) systems are responsible for the management and monitoring of substations and field devices. In this paper, we investigate the use of SDN as an approach to assist in the modernization of SCADA systems. We discuss its possible benefits, such as simplified management of power system resources. Moreover, SDN can facilitate the creation of new network applications that previously, with traditional networks, were more complex to be implemented. To illustrate the benefits of the use of SDN in SCADA, we designed a mechanism that aims to prevent a possible eavesdropper from fully capturing communication flows between SCADA components. The mechanism was implemented as an SDN-based application for SCADA systems that uses multipath routing, which relies on SDN features to frequently modify communication routes between SCADA devices. Further, we performed an experimental evaluation to verify the impact and performance of the mechanism in the SCADA network.},
keywords = {Anomaly Detection, Network Resilience, SCADA, Smart Grids, Software-Defined Networking (SDN)},
pubstate = {published},
tppubtype = {inproceedings}
}