Low-budget Energy Sector Cyberattacks via Open Source Exploitation

Anastasis Keliris, Charalambos Konstantinou, Marios Sazos, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018
PublisherIEEE Computer Society
Pages101-106
Number of pages6
ISBN (Electronic)9781538647561
DOIs
StatePublished - Feb 19 2019
Event26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018 - Verona, Italy
Duration: Oct 8 2018Oct 10 2018

Publication series

NameIEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC
Volume2018-October
ISSN (Print)2324-8432
ISSN (Electronic)2324-8440

Conference

Conference26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018
CountryItaly
CityVerona
Period10/8/1810/10/18

Fingerprint

Global positioning system
Critical infrastructures
Military operations
Synchronization
Open source software

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Electrical and Electronic Engineering

Cite this

Keliris, A., Konstantinou, C., Sazos, M., & Maniatakos, M. (2019). Low-budget Energy Sector Cyberattacks via Open Source Exploitation. In Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018 (pp. 101-106). [8644775] (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC; Vol. 2018-October). IEEE Computer Society. https://doi.org/10.1109/VLSI-SoC.2018.8644775

Low-budget Energy Sector Cyberattacks via Open Source Exploitation. / Keliris, Anastasis; Konstantinou, Charalambos; Sazos, Marios; Maniatakos, Michail.

Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018. IEEE Computer Society, 2019. p. 101-106 8644775 (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC; Vol. 2018-October).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Keliris, A, Konstantinou, C, Sazos, M & Maniatakos, M 2019, Low-budget Energy Sector Cyberattacks via Open Source Exploitation. in Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018., 8644775, IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC, vol. 2018-October, IEEE Computer Society, pp. 101-106, 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018, Verona, Italy, 10/8/18. https://doi.org/10.1109/VLSI-SoC.2018.8644775
Keliris A, Konstantinou C, Sazos M, Maniatakos M. Low-budget Energy Sector Cyberattacks via Open Source Exploitation. In Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018. IEEE Computer Society. 2019. p. 101-106. 8644775. (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC). https://doi.org/10.1109/VLSI-SoC.2018.8644775
Keliris, Anastasis ; Konstantinou, Charalambos ; Sazos, Marios ; Maniatakos, Michail. / Low-budget Energy Sector Cyberattacks via Open Source Exploitation. Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018. IEEE Computer Society, 2019. pp. 101-106 (IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC).
@inproceedings{850d1a9084b24ea593e140044bb8b2e0,
title = "Low-budget Energy Sector Cyberattacks via Open Source Exploitation",
abstract = "Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.",
author = "Anastasis Keliris and Charalambos Konstantinou and Marios Sazos and Michail Maniatakos",
year = "2019",
month = "2",
day = "19",
doi = "10.1109/VLSI-SoC.2018.8644775",
language = "English (US)",
series = "IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC",
publisher = "IEEE Computer Society",
pages = "101--106",
booktitle = "Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018",

}

TY - GEN

T1 - Low-budget Energy Sector Cyberattacks via Open Source Exploitation

AU - Keliris, Anastasis

AU - Konstantinou, Charalambos

AU - Sazos, Marios

AU - Maniatakos, Michail

PY - 2019/2/19

Y1 - 2019/2/19

N2 - Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

AB - Modern cyber warfare involves penetration of a nation's computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.

UR - http://www.scopus.com/inward/record.url?scp=85063028337&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063028337&partnerID=8YFLogxK

U2 - 10.1109/VLSI-SoC.2018.8644775

DO - 10.1109/VLSI-SoC.2018.8644775

M3 - Conference contribution

AN - SCOPUS:85063028337

T3 - IEEE/IFIP International Conference on VLSI and System-on-Chip, VLSI-SoC

SP - 101

EP - 106

BT - Proceedings of the 2018 26th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2018

PB - IEEE Computer Society

ER -