TY - GEN
T1 - Stealthy Rootkit Attacks on Cyber-Physical Microgrids
T2 - 12th ACM International Conference on Future Energy Systems, e-Energy 2021
AU - Rath, Suman
AU - Zografopoulos, Ioannis
AU - Konstantinou, Charalambos
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/6/22
Y1 - 2021/6/22
N2 - Cyber-physical microgrids hold the key to a carbon-neutral power sector since they enable renewable and distributed energy resource integration, can alleviate overloaded distribution systems, and provide economic energy by generating and consuming power locally. The utilization of cyber-physical assets such as controllers, IoT sensors and actuators, and communication devices can enhance the stability and improve the control of microgrids. However, such assets, if maliciously operated, can become attack entry points and jeopardize the grid operation. Blind and uncoordinated cyber-attacks can be identified by existing security measures overcoming potential operational disruptions. However, rootkit attacks can stay hidden within cyber-physical systems and leverage system information to mask their presence. Rootkit detection is a strenuous process and requires advanced security methods due to their sophisticated operation. A careful analysis of possible rootkit target locations and their exploitation techniques is necessary to design effective threat detection and mitigation mechanisms. This paper discusses the cyber kill chain of a rootkit which can simultaneously deploy itself at multiple locations in a microgrid in a coordinated and stealthy way in order to maximize the impact on power system operations. The rootkit leverages system measurements to hide its presence and its attack impact from the detection mechanisms.
AB - Cyber-physical microgrids hold the key to a carbon-neutral power sector since they enable renewable and distributed energy resource integration, can alleviate overloaded distribution systems, and provide economic energy by generating and consuming power locally. The utilization of cyber-physical assets such as controllers, IoT sensors and actuators, and communication devices can enhance the stability and improve the control of microgrids. However, such assets, if maliciously operated, can become attack entry points and jeopardize the grid operation. Blind and uncoordinated cyber-attacks can be identified by existing security measures overcoming potential operational disruptions. However, rootkit attacks can stay hidden within cyber-physical systems and leverage system information to mask their presence. Rootkit detection is a strenuous process and requires advanced security methods due to their sophisticated operation. A careful analysis of possible rootkit target locations and their exploitation techniques is necessary to design effective threat detection and mitigation mechanisms. This paper discusses the cyber kill chain of a rootkit which can simultaneously deploy itself at multiple locations in a microgrid in a coordinated and stealthy way in order to maximize the impact on power system operations. The rootkit leverages system measurements to hide its presence and its attack impact from the detection mechanisms.
KW - coordinated cyber manipulation
KW - cyber-physical microgrid
KW - data-driven prediction
KW - intelligent malware
KW - Rootkit
KW - virtual twin
UR - http://www.scopus.com/inward/record.url?scp=85109275209&partnerID=8YFLogxK
U2 - 10.1145/3447555.3466576
DO - 10.1145/3447555.3466576
M3 - Conference contribution
AN - SCOPUS:85109275209
T3 - e-Energy 2021 - Proceedings of the 2021 12th ACM International Conference on Future Energy Systems
SP - 294
EP - 295
BT - e-Energy 2021 - Proceedings of the 2021 12th ACM International Conference on Future Energy Systems
PB - Association for Computing Machinery, Inc
Y2 - 28 June 2021 through 2 July 2021
ER -