Use Case 1: Investigation of Versatile Cyber-attack Scenarios and Methodologies Against EPES
- Demonstration#1: A set of demonstration attacks will be carried out against SCADA systems and other applications including Enterprise Resource Planning systems and the office productivity applications. Among these we remember:
- target spear-phishing attacks via web browser, email and document transfers,
- direct attacks against operating systems and applications relying on insecure or outdated configurations
- multi-stage attacks targeting systems across such networks (including eavesdropping attack and Man-in-the-Middle attack.
Also, a set of attacks will be planned against HMI, data historian and engineering workstations, accompanied by supply chain attacks and indirect attacks, i.e., injection of malicious software updates, interference with the Human Management Interface – also known ad HMI – and engineering systems interaction with the SCADA systems , aka Denial od f Service (DoS) attack and Man-in-the-middle attack (MitM).
- Demonstration#2: This second round of demonstration includes attacks on network infrastructure and traffic among the SCADA system and RTU components, since this will normally have stringent requirements for performance such as timeliness and reliability. Hence, attack scenarios based on simple DoS may well already be effective in addition to more complex attacks such as MitM or command (and response) injection attacks or de-synchronisation attacks. Attack scenarios will concentrate on standard protocols over Industrial Ethernet (IEEE 802.3) including in particular IEC 60870-5-104 and IEC 61850 GOOSE, also taking into account their relative performance requirement characteristics.
- Demonstration#3: In this third set of attack demonstration, measurements from hard real-time components, such as SDU and aggregators, will be involved alongside with real-time communication protocols including IEC 61850 GOOSE and SV. These protocols are particularly susceptible to attacks on availability such as relatively straightforward and difficult to defend DoS attacks, including low-rate attacks e.g., targeting state machines for connection- or transaction-oriented semantics. Attacks and detection scenarios are also to consider indirect attack vectors such as manipulation of support protocols including e.g. the network time protocol or time synchronization at higher precision levels including PTP or the manipulation of GNSS reference clocks.