Dear Reader, welcome to the seventh newsletter of the SDN-microSENSE project, an EU Funded Innovation Project. This edition provides a description of Honeypots and how these are used in Industrial Control Systems,  how Deep Learning can help in intentional islanding, along with some project news. We hope you will find the contents of this newsletter interesting, your comments and suggestions are always appreciated.

Honeypots in ICS

Different honeypot projects/concepts have emerged in recent years aiming to protect and secure industrial control systems (ICSs). The honeypots are evolving and being used as honeynets; a network of honeypots interacting with the environment as one entity, thus collecting even more knowledge about the incoming attacks. To predict future attacks and increase the level of response to incidents, it is very important to obtain all relevant information on potential attackers, their methodology, potential targets or systems of interest.

Honeypots in ICS

A honeypot is a useful tool to enhance control system security as it appears to contain information or resources of value inside the network, but actually, is isolated and monitored allowing the collection of information that can analyze the behavior of the attackers. Conpot is the ICS/SCADA server honeypot run by the development team of Conpot and The Honeynet Project [RIS13]. Conpot’s key advantage is that it can easily be updated, extended and deployed. A Siemens SIMATIC S7-200 PLC with basic functions, an input / output module and a Communication Processor CP 443-1 is used to simulate the basic configuration which allows connection to SIMATIC via ethernet [RIS13]. Conpot can also be linked to an actual HMI and enables the interaction with real ICS hardware. The software supports standard protocols for industrial management such as Modbus, HTTP, S7Comm, IEC104, SNMP, CIP, Ethernet/IP, BACnet and IPMI.

The ICSs consist of many types of control systems, including SCADA, Remotes Terminal Units (RTUs), Human Machine Interface (HMI), etc. EPES systems include industrial processes, corporate network services (web services, email, storage services, etc.), supervision systems (SCADA, etc.) and a series of industrial controlling devices such as programmable logic controllers (PLCs) and distributed control system (DCS). The industrial process is controllable by means of a control network, which enables information transmission to the RTU using industrial communication protocols (Modbus, IEC104, etc.) by wired or wireless means through HMI and control of industrial devices capable of opening or closing breakers and connectors.

Honeypot IEC60870-5-104 in SDN-microSENSE

Conpot honeypot supports IEC 60870-104[60870] for the monitoring, control and communication of energy systems. We use the RTU honeypot in SDN-microSENSE to imitate the actions of an RTU which control systems in an intelligent grid substation. In the controlling direction, more system information communications commands such as the counter interrogation command and the read command were added to the Conpot honeypot. It is a serial asynchronous protocol and is used for tele-control. It offers TCP/IP features and allows LAN network connectivity. An RTU device can function in real production systems as a master or as a slave. Therefore, the same action is imitated in an RTU honeypot.

You can find more details in the project website:
Read more

Intentional Islanding through Deep Learning architectures

In recent years, the size and complexity of Electrical Power and Energy Systems (EPES) has grown significantly, inevitably increasing the occurrences of widespread failures that have led to blackouts on the process. Due to the detrimental socioeconomic impact of such events, there is an increasing need for efficient control strategies, able to protect the grid from propagating failures and alleviate the impact of these contingencies. By integrating micro-grid architectures inside the modern EPES, system operators are able to design new techniques for enhancing the resilience and reliability of the electrical grid.

Micro-grids enable the incorporation of distributed energy resources (DERs) in the system, which typically consist of renewable energy sources that offer several modular and versatile features and can be coordinated in a decentralised manner. Micro-grids are characterised by their ability to operate connected to the main grid, but also disconnected in an autonomous islanded mode. Given their flexible nature, they have been employed to increase the stability and resilience of electrical grids in case of emergencies, through the method of intentional islanding.
During intentional islanding the grid is partitioned into several isolated, self-sustained segments, called islands, aiming to prevent further failures when the system is evolving though a cascading propagation stage. In essence, the intentional islanding problem involves the decision of which transmission lines should be disconnected, so that stable islands are formed, and there is minimum loss of supply on the process. Most current solutions rely on optimisation methods to solve the problem, however these cannot always achieve a polynomial time while satisfying all the system constraints. For this reason, we wanted to make use of the powerful fitting and generalisation capabilities offered by deep learning (DL) and provide a highly efficient solution to the problem of intentional islanding using a Graph Convolutional Network (GCN) architecture.

Read more


SDN-microSENSE participated in the webinar: Cybersecurity for Critical Infrastructures – Resilience and trust in the Health and Energy sectors.Professor Panagiotis Sarigiannidis from University of Western Macedonia respresented SDN-microSENSE in the first part. The webinar took place on 24 June 2021.

About SDN-microSENSE

SDN-microSENSE has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 833955. The information contained in this newsletter reflects only the authors’ view. EC is not responsible for any use that may be made of this information. SDN-microSENSE website
Follow us on Twitter
Copyright © 2021 SDNmicroSENSE consortium, All rights reserved.
Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list