Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Iturbe, Eider; Rios, Erkuden; Martinez, Saturnino; Sarigiannidis, Antonios; Efstathopoulos, Georgios; Spyridis, Yannis; Sesis, Achilleas; Vakakis, Nikolaos; Tzovaras, Dimitrios; Kafetzakis, Emmanouil; Giannoulakis, Ioannis; Tzifas, Michalis; Giannakoulias, Alkiviadis; Angelopoulos, Michail; Ramos, Francisco
In: Computer Networks, 2021.
The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.
Argyropoulos, Nikolaos; Khodashenas, Pouria Sayyad; Mavropoulos, Orestis; Karapistoli, Eirini; Lytos, Anastasios; Karypidis, Paris Alexandros; Hofmann, Klaus-Peter
In: Transportation Research Procedia, 52 , pp. 307-314, 2021, ISSN: 2352-1465, (23rd EURO Working Group on Transportation Meeting, EWGT 2020, 16-18 September 2020, Paphos, Cyprus).
The proliferation of next generation mobility, promotes the use of autonomous cars, connected vehicles and electromobility. It creates novel attack surfaces for high impact cyberattacks affecting the society. Addressing the cybersecurity challenges introduced by modern vehicles requires a proactive and multi-faceted approach combining techniques originating from various domains of ICT. Emerging technologies such as 5G, LiDAR, novel in-vehicle and roadside sensors and smart charging, used in modern cars, introduce new challenges and potential security gaps in the next generation mobility ecosystem. Thus, it is critical that the domain’s cybersecurity must be approached in a structured manner from a multi-domain and multi-technology perspective. The CARAMEL H2020 project aims to address the cybersecurity challenges on the pillars upon which the next generation mobility is constructed (i.e., autonomous mobility, connected mobility, electromobility). To achieve that, advanced Artificial Intelligence (AI) and Machine Learning (ML) techniques will be utilized for the identification of anomalies and the classification of incoming signals indicating a cyber-attack or a cybersecurity risk. Apart from risk detection, methods for the mitigation of the identified risks will also be continuously incorporated to the CARAMEL solution. The final goal of CARAMEL is to create an anti-hacking platform for the European automotive cybersecurity and to demonstrate its value through extensive attack and penetration scenarios. In this paper we will expand on the unique cybersecurity-relevant characteristics of the pillars upon which the CARAMEL solution is built. Next, a number of use cases emerging from such analysis will be extracted in order to form the basis upon which the CARAMEL platform will be evaluated. Finally, we will conclude with an overview of the platform’s architectural composition.
Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Sarigiannidis, Antonios; Margounakis, Dimitrios; Tsiakalos, Apostolos; Efstathopoulos, Georgios
An Anomaly Detection Mechanism for IEC 60870-5-104 (Inproceedings)
In: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2020.
The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively.
Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Iturbe, Eider; Rios, Erkuden; Sarigiannidis, Antonios; Nikolis, Odysseas; Ioannidis, Dimosthenis; Machamint, Vasileios; Tzifas, Michalis; Giannakoulias, Alkiviadis; Angelopoulos, Michail; Papadopoulos, Anastasios; Ramos, Francisco
Secure and Private Smart Grid: The SPEAR Architecture (Inproceedings)
In: 2020 6th IEEE International Conference on Network Softwarization (NetSoft), pp. 450-456, 2020.
Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail.
Pliatsios, Dimitrios; Sarigiannidis, Panagiotis; Lagkas, Thomas; Sarigiannidis, Antonios G
In: IEEE Communications Surveys Tutorials, 22 (3), pp. 1942-1976, 2020.
Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.
Efstathopoulos, Georgios; Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Argyriou, Vasilis; Sarigiannidis, Antonios; Stamatakis, Konstantinos; Angelopoulos, Michail K; Athanasopoulos, Solon K
Operational Data Based Intrusion Detection System for Smart Grid (Inproceedings)
In: 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1-6, 2019.
With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation.