engleski

A Novel Method for Cyber-Maintenance Prioritisation of Ageing Distributed Power Sources

Today’s technology allows remote control of industrial processes, which can include distributed energy sources such as solar or wind power. As these remote control systems age, security updates for them will eventually cease. This means that any vulnerabilities found after end of service life cannot be patched, often requiring physical replacement of the equipment. The second problem is the fact that these systems are usually integrated with other devices and cannot be easily replaced. Looking at the lifespan of industrial systems, it is clear that IT devices used for remote control usually have a shorter lifespan than the rest of the system. Inspiration to investigate how poor maintenance of IT devices could be abused in the future was taken from the cyber-attacks on the Ukrainian power grid, where attackers took control of power switches relays equipment and gave the command to open circuit breakers, disconnecting loads from the power grid, resulting in regional blackouts. Using a similar approach, it was hypothesised that distributed power sources may become vulnerable to cyber- attacks as they age. Since the installed power of distributed power sources per unit is relatively small, it is plausible for the attacker to identify multiple closely located distributed systems and conduct a parallel cyber-attack by disconnecting them from the power grid simultaneously during peak demand periods, with the goal of disrupting the power grid. In this work, distributed power sources that are connected to the Croatian distribution network are identified, mapped and the spatial correlation of the sources was analysed using GIS software. The goal is to develop methodology which enables easy identification of power sources that are spatially close to each other and have similar age, which makes them a likely target for potential attacks. This information can be used to prevent such attacks in the future, as it would help identify critical groups of such sources and focus maintenance efforts.

cybersecurity ; legacy system maintenance ; remote access vulnerabilities

nije evidentirano