Compromising the Data Integrity of an Electrical Power Grid SCADA System

No Thumbnail Available
Qassim Q.S.
Jamil N.
Daud M.
Ja�affar N.
Kamarulzaman W.A.W.
Mahdi M.N.
Journal Title
Journal ISSN
Volume Title
Springer Science and Business Media Deutschland GmbH
Research Projects
Organizational Units
Journal Issue
Supervisory Control and Data Acquisition (SCADA) systems perform monitoring and controlling services in critical national infrastructures such as electrical power generation and distribution, transportation networks, water supply and manufacturing, and production facilities. Cyber-attacks that compromise data integrity in SCADA systems such as an unauthorised manipulation of sensor or control signals could have a severe impact on the operation of the critical national infrastructure as it misleads system operators into making wrong decisions. This work investigates the man-in-the-middle (MITM) attack that aims explicitly at compromising data integrity of SCADA systems. The IEC 60870-5-104 tele-control communication protocol is used as the subject focus because it is a commonly used communication protocol in electrical power SCADA systems for tele-control and monitoring. We conducted several MITM attacks: covering the capturing, modification and injection of control commands, on IEC 60870-5-104 in our power grid SCADA system testbed. We described and performed the attacks in detail, together with several use cases. Based on the Proof-of-Concept (POC) conducted and data that we gathered, it shows that IEC 60870-5-104 is vulnerable against MITM attacks and it can be an entry point of cyberattacks, be it sophisticated or otherwise. � 2021, Springer Nature Singapore Pte Ltd.
Critical infrastructures; Electric power plants; Electric power transmission networks; Infrastructure as a service (IaaS); Manufacture; Network security; Patient monitoring; SCADA systems; Water supply; Control and monitoring; Electrical power generation; Man-In-The-Middle (MITM) Attack; Monitoring and controlling; National infrastructure; Production facility; Supervisory control and dataacquisition systems (SCADA); Transportation network; Electric power system control