Structured security testing in the smart grid

Patrick McDaniel, Stephan McLaughlin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI smart meters report real time usage data that enables efficient energy generation and use. However, aggressive deployments often outpace security efforts: new devices from a dizzying array of vendors are being introduced into grids with limited understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across multiple-vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. Our experiments with multiple vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. We provide a detailed example of one such attack as tested using our developed methodology.

Original languageEnglish (US)
Title of host publication5th International Symposium on Communications Control and Signal Processing, ISCCSP 2012
DOIs
StatePublished - 2012
Event5th International Symposium on Communications Control and Signal Processing, ISCCSP 2012 - Rome, Italy
Duration: May 2 2012May 4 2012

Publication series

Name5th International Symposium on Communications Control and Signal Processing, ISCCSP 2012

Other

Other5th International Symposium on Communications Control and Signal Processing, ISCCSP 2012
Country/TerritoryItaly
CityRome
Period5/2/125/4/12

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Signal Processing

Fingerprint

Dive into the research topics of 'Structured security testing in the smart grid'. Together they form a unique fingerprint.

Cite this