TY - GEN
T1 - Low-budget Energy Sector Cyberattacks via Open Source Exploitation
AU - Keliris, Anastasis
AU - Konstantinou, Charalambos
AU - Sazos, Marios
AU - Maniatakos, Michail
PY - 2018/7/2
Y1 - 2018/7/2
N2 - Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.
AB - Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.
UR - http://www.scopus.com/inward/record.url?scp=85063028337&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063028337&partnerID=8YFLogxK
U2 - 10.1109/VLSI-SoC.2018.8644775
DO - 10.1109/VLSI-SoC.2018.8644775
M3 - Conference contribution
AN - SCOPUS:85063028337
T3 - IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC
SP - 101
EP - 106
BT - Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018
PB - IEEE Computer Society
T2 - 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018
Y2 - 8 October 2018 through 10 October 2018
ER -