[panel panel-style="panel" title="%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8BPlease%20Read%20Before%20Downloading%20NEETRAC%20Reports"]
NEETRAC reports are proprietary and confidential to its members for internal use only except as provided in NEETRAC's Publication Policy. NRECA is making the reports and other NEETRAC information available to NRECA's members through permission by NEETRAC via our membership agreement.
By accessing (downloading/viewing) any NEETRAC report, the reader agrees to abide by the restrictions as to the use and sharing of information contained in said report. The reader acknowledges that the applicable restrictions are stipulated in the NEETRAC Bylaws along with the various Application Procedures as promulgated by the NEETRAC Management Board on a regular basis. These Bylaws and Applicable Procedures are posted on the member-restricted segment of the NEETRAC website. See
neetrac.org and contact NEETRAC for more information.
[/panel]
Funding: Joint
NEETAC PROJECT#: 13-005
Date Closed: November 2016
The purpose of this project was to build a comprehensive, extensible smart power grid testbed for cyber security evaluation and experimentation with specialized capabilities to permit future evaluation of new devices and network monitoring. It sought to develop a layered approach to cyber security that focuses on detecting the insertion of unauthorized devices on the network and detecting abnormal behavior of authorized devices. It also aimed to develop advanced intrusion detection techniques to detect previously unseen attacks on the network and advanced device identification techniques to detect unauthorized devices that have been inserted into the network. In the process of conducting this research, it was discovered that there are other testbeds that can be potentially leveraged and that there is a lack of understanding of real traffic on live substation networks in the technical community. In addition, feedback from the technical advisors indicated that operators desire situational awareness of substation networks but have very little to no security expertise, although they possess basic networking skills. This project included six primary tasks:
- Build a testbed and integrate it with existing infrastructure in the GT ECE Power Systems lab
- Develop custom software / system to monitor traffic in live substation
- Characterize traffic on live substation network
- 4 Detect flaws in nodes in the network and report flaws to ICS-CERT
- Develop "monitoring portion" of the Network Monitoring and Security System
- Develop "security portion" of the Network Monitoring and Security System
Through the completion of these tasks, the first detailed substation traffic characterization study was conducted. This study discovered flaws in several different relay, monitoring, and control system devices. These flaws affected 68% of the devices of a NEETRAC member's substation equipment. The flaws were reported to ICS-CERT and Georgia Tech/NEETRAC is working with ICS-CERT and vendors to generate patches, some of which have already been made. Finally, this project developed an open source monitoring and security system that can immediately improve the security posture of members' substation networks.
