Cyber-attack TTP analysis for EPES systems

TL;DR

This paper analyzes advanced cyber-attack techniques targeting critical electrical power systems, demonstrating how adversaries exploit vulnerabilities in smart meters and PLCs within a Greek power plant.

Contribution

It provides a detailed analysis of cyber-attack TTPs on EPES systems and demonstrates their practical exploitation in a real-world power plant setting.

Findings

Adversaries can remotely exploit smart meters and PLCs.

Advanced TTPs pose significant security risks to EPES.

Demonstration in a Greek power plant confirms real-world applicability.

Abstract

The electrical grid consists of legacy systems that were built with no security in mind. As we move towards the Industry 4.0 area though, a high-degree of automation and connectivity provides: 1) fast and flexible configuration and updates as well as 2) easier maintenance and handling of mis-configurations and operational errors. Even though considerations are present about the security implications of the Industry 4.0 era in the electrical grid, electricity stakeholders deem their infrastructures as secure since they are isolated and allow no external connections. However, external connections are not the only security risk for electrical utilities. The Tactics, Techniques and Procedures (TTPs) that are employed by adversaries to perform cyber-attack towards the critical Electrical Power and Energy System (EPES) infrastructures are gradually becoming highly advanced and sophisticated. In this article, we elaborate on these techniques and demonstrate them in a Power Plant of a major utility company within the Greek area. The demonstrated TTPs allow exploiting and executing remote commands in smart meters as well as Programmable Logic Controllers (PLCs) that are responsible for the power generator operation.