Exposing vulnerabilities in electric power grids: An experimental approach

During the past few years, coordinated and targeted cyber attacks of unprecedented levels of sophistication have been conducted against critical infrastructures. Simple experiments and probes are now turning into concerted cyber operations, carried out for profit or political reasons. Examples of critical infrastructures include airports, railway networks, hospitals, energy plants and networks and dams. Among these, electric power grids are possibly the most critical assets, since virtually all the critical infrastructures strongly depend on power distribution networks for their operation. To improve the accuracy and coherence of supervisory control and data acquisition/energy management systems (SCADA/EMSs), utility operators are increasingly integrating emerging technologies for power data collection. This paper presents the results of a thorough security analysis of two key enabling technologies used for data collection in power grids: (i) phasor measurement units (PMUs) also known as synchrophasors and (ii) phasor data concentrators (PDCs). Evidence is provided to demonstrate that these technologies are vulnerable to traditional cyber attacks (due to weaknesses such as the lack of encrypted communications channels and weak password policies), as well as to emerging cyber attacks (due to the lack of input validation and sanitization).