Design and Emulation of Physics-Centric Cyberattacks on an Electrical Power Transformer

Abstract

Read online

Malware that attack the electrical power grid consist of exploits and operations modules. The exploits are similar to those of traditional malware. These malware hack into an industrial computer and subsequently deploy operational modules. Some operational modules penetrate the operating system of the compromised industrial computer to take over computing functions and hence facilitate further attacks. Examples include interception of cryptographic keys, and generation of deceptive status data that indicate normal operation of a power transformer, while in reality the transformer is in distress due to the attacks. Other operational modules are designed to recognize and disrupt the physics of the physical equipment. We refer to these operations modules as physics-centric modules. The subject of this research is how physics-centric modules of malware can cause physical damage to power grid equipment. This research simulates a power transformer and a set of its protection algorithms. We make several contributions in this research, namely: i) we emulate in Python the protection algorithms that run on an industrial computer and monitor and protect a power transformer from a variety of faults; ii) we leverage these emulations to analyze the cyberattack surface of a power transformer; iii) with these insights at hand, we devise attack modus operandi that malware could use against a power transformer; and iv) we emulate these cyberattacks in Python to empirically observe and quantify their destructive effects on a power transformer. Our overall research findings in this paper serve the purpose of informing better defense against the physics-centric modules of malware that attack the electrical power grid.

Keywords

• Electrical power grid
• industrial control systems
• cybersecurity
• malware