The ATENA project team will evaluate its results by different cyber-attacks scenarios. The analysis will include the results of scenarios implementation for all the levels of IACS as also as all equipment used for the ATENA validation.
In ATENA, CI operators will provide use cases that will be modelled and implemented on the validation environment of IEC and also evaluated in other CI dedicated facilities (e.g. SWDE Expert Center).
Normal operation use cases
Use cases will be analysed in normal operation in order to be able to design the most valuable analysis tools to detect the behavior of CIs under cyber-attack.
- Gas turbine power station : emulation of operation of gas turbine based on real PLCs and SCADA HMI used in gas turbine operation and real procedures of the gas turbine control.
- Electrical grid transmission and distribution: several primary substations and operation of substation during different faults happening during transmission operation. The substation emulator will allow: change voltage regulator, change the busbar voltage, emulate feeder protection activation and change of circuit breaker state. The use case will contain a SCADA HMI and some RTUs.
- Customer site (smart home, smart neighbourhood) including:
- remote command and control of the on/off switches of each single appliance
- remote measurement of active power and the energy consumption of appliances;
- real time total electricity active power measurement
- power limit under each single appliance (stand-by killer mode)
- the timer for the automatic on/off switching
- climate control by Remote Control Thermostat
- visualization the real time power for each single/group of appliances.
- Physical protection of the electrical grid and customer site
Gas distribution and automatic load-shedding management
Specifically this use case will be performed with the support of CREOS in order to investigate the impact of a cyber-attack allowing initiating perturbation on distribution even a load-shedding procedure on critical customers.
- Interdependencies with Electricity CI
- Social impacts of water supply chain outage in industry and people
Communication ICT networks
- dependency of CI and ICT infrastructures
- interdependencies among CIs connected by ICT secure communication networks and services.
Cyber-attack uses cases
Exemples for electrical network and facilities
- Takeover of controls Operation Centre HMI (Human Machine Interface). In this case the attacker can open and close electrical switchers and de-energize the whole feeder or several feeders of the primary substation. The attacker can control the gas turbine or primary substations of the electrical transmission.
- Takeover of the biometric device. In this case the unauthorized person could enter inside the control room and take control of SCADA HMI.
- Takeover of the IP camera device. In this case the unauthorized person could enter inside the control room and take control of SCADA HMI.
- Takeover of SCADA and PLCs of the gas turbine control system. In this case the unauthorized person could enter inside the control room and take control of SCADA HMI.
- Takeover of electrical grid transmission part. In this case the unauthorized person could take control of primary substation SCADA.
- Takeover of electrical grid switch. In this case the unauthorized person could enter inside the control room and take control of SCADA HMI.
- Combination of cyber-attack on operation centres and field equipment.
Attack vectors uses cases
- installation of hidden rouge network components by using weak security points of the equipment chain supply.
- implementation of wrong equipment configuration that including cyber-attack possibilities by using weak security points of the equipment chain supply
- installation of cyber-attack software into different components of workstation and servers by using weak security points of the equipment chain supply
- compromission of subcontractors’ networks and applications by using weak cyber-security policy and practice of subcontractors’ services
- penetration of CIs infrastructure through compromission of weak defended laptops of subcontractors.
- Installation of cyber-attack software into preinstalled computers that will be connected to ICT networks for hardening security policy violation.
- Installation cyber-attack components into software packages by penetration into product environment of software producers.