Low-budget Energy Sector Cyberattacks via Open Source Exploitation

Anastasis Keliris; Charalambos Konstantinou; Marios Sazos; Michail Maniatakos

doi:10.1109/VLSI-SoC.2018.8644775

Low-budget Energy Sector Cyberattacks via Open Source Exploitation

Anastasis Keliris, Charalambos Konstantinou, Marios Sazos, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

Original language	English (US)
Title of host publication	Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018
Publisher	IEEE Computer Society
Pages	101-106
Number of pages	6
ISBN (Electronic)	9781538647561
DOIs	https://doi.org/10.1109/VLSI-SoC.2018.8644775
State	Published - Jul 2 2018
Event	26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018 - Verona, Italy Duration: Oct 8 2018 → Oct 10 2018

Publication series

Name	IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC
Volume	2018-October
ISSN (Print)	2324-8432
ISSN (Electronic)	2324-8440

Conference

Conference	26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018
Country/Territory	Italy
City	Verona
Period	10/8/18 → 10/10/18

ASJC Scopus subject areas

Hardware and Architecture
Software
Electrical and Electronic Engineering

Access to Document

10.1109/VLSI-SoC.2018.8644775

Cite this

Keliris, A., Konstantinou, C., Sazos, M., & Maniatakos, M. (2018). Low-budget Energy Sector Cyberattacks via Open Source Exploitation. In Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018 (pp. 101-106). Article 8644775 (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC; Vol. 2018-October). IEEE Computer Society. https://doi.org/10.1109/VLSI-SoC.2018.8644775

Low-budget Energy Sector Cyberattacks via Open Source Exploitation. / Keliris, Anastasis; Konstantinou, Charalambos; Sazos, Marios et al.
Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018. IEEE Computer Society, 2018. p. 101-106 8644775 (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC; Vol. 2018-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Keliris, A, Konstantinou, C, Sazos, M & Maniatakos, M 2018, Low-budget Energy Sector Cyberattacks via Open Source Exploitation. in Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018., 8644775, IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC, vol. 2018-October, IEEE Computer Society, pp. 101-106, 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018, Verona, Italy, 10/8/18. https://doi.org/10.1109/VLSI-SoC.2018.8644775

Keliris A, Konstantinou C, Sazos M, Maniatakos M. Low-budget Energy Sector Cyberattacks via Open Source Exploitation. In Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018. IEEE Computer Society. 2018. p. 101-106. 8644775. (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC). doi: 10.1109/VLSI-SoC.2018.8644775

@inproceedings{850d1a9084b24ea593e140044bb8b2e0,

title = "Low-budget Energy Sector Cyberattacks via Open Source Exploitation",

abstract = "Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.",

author = "Anastasis Keliris and Charalambos Konstantinou and Marios Sazos and Michail Maniatakos",

year = "2018",

month = jul,

day = "2",

doi = "10.1109/VLSI-SoC.2018.8644775",

language = "English (US)",

series = "IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC",

publisher = "IEEE Computer Society",

pages = "101--106",

booktitle = "Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018",

note = "26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018 ; Conference date: 08-10-2018 Through 10-10-2018",

}

TY - GEN

T1 - Low-budget Energy Sector Cyberattacks via Open Source Exploitation

AU - Keliris, Anastasis

AU - Konstantinou, Charalambos

AU - Sazos, Marios

AU - Maniatakos, Michail

PY - 2018/7/2

Y1 - 2018/7/2

N2 - Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

AB - Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

UR - http://www.scopus.com/inward/record.url?scp=85063028337&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063028337&partnerID=8YFLogxK

U2 - 10.1109/VLSI-SoC.2018.8644775

DO - 10.1109/VLSI-SoC.2018.8644775

M3 - Conference contribution

AN - SCOPUS:85063028337

T3 - IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC

SP - 101

EP - 106

BT - Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018

PB - IEEE Computer Society

T2 - 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018

Y2 - 8 October 2018 through 10 October 2018

ER -

Low-budget Energy Sector Cyberattacks via Open Source Exploitation

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this