The progressively increasing automation and digitization of distribution networks for electrical energy opens up a big new range of possibilities for cyber-attacks. In order to guarantee the resilience of such critical infrastructures the implementation of effective protection mechanisms is essential. Security measures generally used today are limited to access control methods. State of the art security, however, demands “security in depth”: additional measures must be implemented that become effective if an attacker has succeeded in overcoming the access barriers. Among others this can be realized by monitoring the network traffic with the goal of detecting anomalies in the system’s behaviour. As of today such monitoring systems suitable for IT architectures of distribution systems for electrical energy do not exist.
The main objective of the project EnergyNetworkSec is researching technologies for anomaly detection in automation networks of energy distribution systems. To this end a formal model of normal system behaviour must be developed. The monitoring process uses this model to detect anomalies and set appropriate actions. Unlike conventional pattern matching methods based on statistics this project will focus on syntactic pattern matching: the normal behaviour of the system is modelled by a formal grammar and the monitoring process uses parsing algorithms to check the network traffic for compliance with the grammar. Due to the specific properties of an industrial automation system - which generally shows a highly repetitive behaviour - such an approach seems promising. So far this has not been pursued and therefore would be a substantial innovation.
When detected an anomaly in the network traffic must be classified with respect to its cause in order to decide the necessary actions. For this, too, methods from the theory of formal languages and especially from compiling and error handling can be adapted. The project includes a proof-of-concept implementation of the monitoring system.
Because of the fact that automation and digitization of distribution systems for electrical energy is already in full process - as for example the extensive roll-out of smart metering infrastructures - there is an urgent need of research in this area.
Paul Tavolato / Institut für IT Sicherheitsforschung, FH St. Pölten
RadarServices Smart IT-Security GmbH
Wels Strom GmbH Austrian Energy CERT (Bedarfsträger)
FH St. Pölten GmbH, Institut für Medienwirtschaft (GSK-Partner)
Institut für IT Sicherheitsforschung, FH St. Pölten
Matthias -Corvinus-Straße 15
A-3100 St. Pölten