Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

TL;DR

This paper explores a man-in-the-middle attack in a smart grid lab, demonstrating how false data injection can disrupt control systems and providing insights for developing detection methods.

Contribution

It presents a realistic attack scenario in a smart grid environment and analyzes attack data to aid in designing effective detection mechanisms.

Findings

Attack successfully intercepts and corrupts data in the smart grid environment.

Analysis reveals patterns useful for detection of such attacks.

Demonstrates practical applicability of the attack in a physical lab setting.

Abstract

With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middle-based attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.