RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject of this study is the cyber vulnerability of wind generators, as part of the cyberphysical system of intelligent power supply networks, Smart Grid. Wind generators produce electricity for further distribution in the network between «smart» electricity consumers, which often include autonomous power systems in medical institutions, autonomous power supply of homes, charging stations for cars, etc. Wind generators operate in two aspects: in the physical and information space. Thus, a violation of the security of the information flow of a wind generator can affect the physical performance of electricity generation, and disable equipment. The study aims to identify types of cyber threats in the wind generator network based on the analysis of known attack incidents, analysis of the Smart Grid network structure, network devices, protocols, and control mechanisms of a wind generator. The tasks of the work are: review and analyze known cyberattack incidents; review the classification of cyber threats to wind farms; consider the most common methods of attacks on the cyberphysical system of wind farms; consider ways of intrusions into the information flow of the cyberphysical system wind generator; consider resilience mechanisms of wind generators in case of a cyberattack, consider the directions of further research. The methods are a systematic approach that provides a comprehensive study of the problem, quantitative and qualitative analysis of incidents of cyber attacks on wind generators, and methods of attacks. The following results were obtained: 11 large-scale known incidents of cyber attacks on the cyberphysical systems of the energy sector and smart power supply networks were analyzed, and information flow features and structure of the wind generators were considered. Main communication interfaces of the Smart Grid network were reviewed, control mechanisms for the physical parts of the wind generator system such as automatic voltage regulator, and automatic generation control were observed, vulnerable data transmission protocols, DNP3 in particular, were analyzed, possible consequences in the case of a cyber-intrusion into the network were considered. Conclusions: wind farms, as part of the Smart Grid system, are a convenient target for cyberattacks, as the number of potential ways to interfere with the information flow of the cyberphysical system is growing due to an increase in the number of sensors, communication channels in the network. This is especially important for the further development of wind farm security systems, which at the time, are not able to provide high accuracy of intrusion detection into the information flow.

cyber threat; Smart Grid; CPS; cybersecurity; wind generators

Gadre, M., Deoskar, A. Industry 4.0 - Digital Transformation, Challenges and Benefits. International Journal of Future Generation Communication and Networking, 2020, vol. 13, no. 2, pp. 139-149.

Bobrovnikova, K., Lysenko, S., Savenko, B., Gaj, P., Savenko, O. Technique for IoT malware detection based on control flow graph analysis. Radioelectronic and Computer Systems, 2022, vol. 1, no. 11, pp. 141-153. DOI: 10.32620/reks.2022.1.11.

Bi, W., Chen, G. and Zhang, K. Profit-Oriented False Data Injection Attack Against Wind Farms and Countermeasures. IEEE Systems Journal, 2022, vol. 16, no. 3, pp. 3700-3710. DOI: 10.1109/JSYST.2021.3107910.

Culler, M., Smith, B., Cleveland, F., Morash, S., Gentle, J. Cybersecurity Guide for Distributed Wind 2021. Available at: https://resilience.inl.gov/wp-content/uploads/2021/11/21-50152_CG_for_DW_R5.pdf (accessed: 02 Jun. 2022).

Raisin, S., Jamaludin, J., Rahalim, F., Jamal, F., Hazwani, N., Zaini, S., Naeem, B. Cyber-Physical System (CPS) Application - A REVIEW. Reka elkomika: Jurnal Pengabdian kepada Masyarakat, 2020, vol. 1, no. 2, pp. 52-65. DOI: 10.26760/rekaelkomika.v1i2.52-65.

Passeri, P. April 2021 Cyber Attack Statistics. Available at: https://www.hackmageddon.com/2021/05/12/april-2021-cyber-attacks-statistics/ (accessed: 02 Jun. 2022).

Holembo, V., Bochkar'ov, O. Pidkhody do pobudovy kontseptual'nykh modeley kiberfizychnykh system [Approaches to the construction of conceptual models of cyberphysical systems]. Publishing house of the "Lviv Polytechnic" National University, 2017, no. 1, pp. 168-178.

Major Cyber Attacks in Review: June 2022. Available at: https://socradar.io/major-cyber-attacks-in-review-june-2022/. (accessed: 02 Jun. 2022).

Desarnaud, G. Cyber Attacks and Energy Infrastructures: Anticipating Risks, Etudes de l’Ifri. Available at: https://www.ifri.org/en/publications/etudes-de-lifri/cyber-attacks-and-energy-infrastructures-anticipating-risks. (accessed: 02 Jun. 2022).

Millman, R., Energy companies targeted by Laziok Trojan. Available at: https://www.itpro.co.uk/security/24338/energy-companies-targeted-by-laziok-trojan. (accessed: 02 Jun. 2022).

Paganini, P. Recent power outages in Turkey were also caused by cyber attacks. Available at: https://securityaffairs.co/wordpress/55176/hacking/power-outages-turkey.html. (accessed: 03 Jun. 2022).

Sobczak, B. First-of-a-kind U.S. grid cyberattack hit wind, solar. Available at: https://www.wind-watch.org/news/2019/11/02/first-of-a-kind-u-s-grid-cyberattack-hit-wind-solar/. (accessed: 03 Jun. 2022).

Collier, K., Strickler, L. Energy Department says it was hacked in suspected Russian campaign. Available at: https://www.nbcnews.com/news/us-news/department-energy-says-it-was-hacked-suspected-russian-campaign-n1251630. (accessed: 03 Jun. 2022).

Bannister, A. Wind turbine giant Vestas confirms data breach following ‘cybersecurity incident’. Availible at: https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incident (accessed: 03 Jun. 2022).

Cyber Attacks on the Power Grid. Industroyer2. Available at: https://securityboulevard.com/2022/05/cyber-attacks-on-the-power-grid/. (accessed: 04 Jun. 2022).

Akoto, P. Enercon: Thousands of wind turbines need new hardware. Access mode: https://www.energate-messenger.com/news/220914/enercon-thousands-of-wind-turbines-need-new-hardware. – 04 Jun. 2022.

Deutsche Windtechnik hit by cyber attack. Availible at: https://renews.biz/77220/deutsche-windtechnik-hit-by-cyber-attack/ (Accessed 03 Jun. 2022).

David, B. Wind Turbine Giant Nordex Hit By Cyber-Attack. Available at: https://www.infosecurity-magazine.com/news/wind-turbine-nordex-cyber-attack/#:~:text=German%20wind%20turbine%20manufacturer%2C%20Nordex%20Group%2C%20was%20hit,to%20Nordex%2C%20and%20response%20measures%20were%20taken%20quickly./ (accessed: 03 Jun. 2022).

Threat landscape for industrial automation systems. Vulnerabilities identified in 2019. Available at: https://ics-cert.kaspersky.com/publications/reports/2020/04/24/threat-landscape-for-industrial-automation-systems-vulnerabilities-identified-in-2019/. (accessed: 04 Jun. 2022).

Nikolopoulos, D., Moraitis, G., Bouziotas, D., Lykou, A., Karavokiros, G., Makropoulos, C. Cyber-Physical Stress-Testing Platform for Water Distribution Networks. Journal of Environmental Engineering, 2020, vol. 146, no. 7, 22 p. DOI: 10.1061/(ASCE)EE.1943-7870.0001722.

Kamchatnyy, M. Osnovni oznaky ponyattya “kiberviyna” u suchasnomu mizhnarodnomu pravi [The main features of the concept of “cyberwar” in contemporary international law]. Al'manakh mizhnarodnoho prava – Almanac of international law, 2017, no. 15, pp. 12-22.

Chto takoye Khaktivizm? Kampanii, kotoryye sformirovali dvizheniye [What is Hacktivism? Companies that formed the movement]. Available at: https://www.securitylab.ru/blog/company/PandaSecurityRus/348956.php. (accessed: 03 Jun. 2022).

Kryminalʹna vidpovidalʹnistʹ za kiberzlochyny [Criminal liability for cybercrime]. Available at: https://wiki.legalaid.gov.ua/index.php/Кримінальна_відповідальність_за_кіберзлочини. (Accessed: 03 Jun. 2022).

What is the Morris worm? History and modern impact. Available at: https://www.okta.com/uk/identity-101/morris-worm/ (accessed: 03 Jun 2022).

Entsyklopediya zahroz ESET. Shcho take troyan? [ESET Threat encyclopedy. What is a Trojan?]. Available at: https://www.eset.com/ua/support/information/entsiklopediya-ugroz/troyan/. (accessed: 03 Jun. 2022).

Injection attacks. Available at: https://www.ibm.com/docs/en/snips/4.6.0?topic=categories-injection-attacks. (accessed: 04 Jun. 2022).

What is a man-in-the-middle-attack? Available at: https://www.ionos.com/digitalguide/server/security/man-in-the-middle-attack-an-overview-of-attack-patterns/. (accessed: 04 Jun. 2022).

Alotaibi, F., Lisitsa, A. Matrix profile for DDoS attacks detection. Proceedings of the 16th Conference on Computer Science and Intelligence Systems, September 2–5, 2021. ACSIS, 2021, vol. 25, pp. 357-361. DOI: 10.15439/2021F114.

Fakhivtsi z kiberzakhystu rozpovily pro oznaky zlomu akauntiv v sotsmerezhakh [Cyber defense experts spoke about the signs of hacking accounts in social networks]. Available at: https://www.unian.ua/science/10963961-fahivci-z-kiberzahistu-rozpovili-pro-oznaki-zlomu-akauntiv-v-socmerezhah.html. (accessed: 04 Jun. 2022).

Lee, K., Whiting, B. Banking Systems, Types and Components. Available at: https://study.com/academy/lesson/banking-system-definition-types.html. (accessed: 04 Jun. 2022).

Femi, J. G. Smart Water Management System. International Journal of Smart Sensor and Adhoc Network, 2022, vol. 3, no. 2, pp. 9-16. DOI: 10.47893/IJSSAN.2022.1213.

Kostrov, D. "Umnyye seti elektrosnabzheniya" (smart grid) i problemy s kiberbezopasnost′yu ["Smart grids" (smart grid) and problems with cybersecurity]. Available at: https://lib.itsec.ru/articles2/in-ch-sec/umnye-seti-elektrosnabzheniya-smart-grid-i-problemy-s-kiberbezopasnostyu. (Accessed: 04 Jun. 2022).

Al-Badi, A. H., Ahshan, R., Hosseinzadeh, N., Ghorbani, R., Hossain, E. Survey of Smart Grid Concepts and Technological Demonstrations Worldwide Emphasizing on the Oman Perspective. Applied System Innovation, 2020, vol. 3, no. 1. 27 p. DOI: 10.3390/asi3010005.

Goud, N. Utah Wind and Solar Power Generation hit by a Cyber Attack. Available at: https://www.cybersecurity-insiders.com/utah-wind-and-solar-power-generation-hit-by-a-cyber-attack/. (Accessed: 05 Jun. 2022).

Young, S. N., Peschel, J. M. Review of Human–Machine Interfaces for Small Unmanned Systems With Robotic Manipulators, IEEE Transactions on Human-Machine Systems, 2020, vol. 50, no. 2, pp. 131-143. DOI: 10.1109/THMS.2020.2969380.

Abrahamsen, F. E., Ai, Y., Cheffena, M. Communication Technologies for Smart Grid: A Comprehensive Survey. Sensors, 2021, vol. 21, no. 23, article no. 8087. 24 p. DOI: 10.3390/s21238087.

etap iCE™ - Intelligent Control Enterprise Hardware. Available at: https://etap.com/product/etapiCE-DAC-Hardware. (Accessed: 05 Jun. 2022).

Tan, S., Guerrero, J., Xie, P. et al. Brief Survey on Attack Detection Method for Cyber-Physical Systems. IEEE Systems Journal, 2020, vol. 14, no. 4, pp. 5329-5339. DOI: 10.1109/JSYST.2020.2991258.

Roadmap for Wind Cybersecurity. U.S. Department of Energy (DOE) Energy Efficiency and Renewable Energy (EERE). Wind Energy Technologies Office, 2020. 84 p.

Yohanandhan, R. V., Elavarasan, R., Manoharan, O., Mihet-Popa, I. Cyber-Physical Power System (CPPS): A Review on Modeling, Simulation, and Analysis With Cyber Security Applications. IEEE Access, 2020, vol. 8, pp. 151019-151064. DOI: 10.1109/ACCESS.2020.3016826.

Ponochovniy, Y. L., Kharchenko, V. S. Metodolohiya zabezpechennya harantozdatnosti informatsiyno-keruyuchykh system z vykorystannyam bahatotsil'ovykh stratehiy obsluhovuvannya [Dependability assurance methodology of information and control systems using multipurpose service strategies]. Radioelektronni i komp'uterni sistemi - Radioelectronic and computer systems, 2020, no. 3(95), pp. 43-58. DOI: 10.32620/reks.2020.3.05.

Odarushchenko, O. M., Odarushchenko, O. B., Kharchenko, V. S. Markovs'ki modeli otsinyuvannya funktsional'noyi bezpeky prohramno-tekhnichnykh kompleksiv na samodiahnostovnykh prohramovnykh platformakh z urakhuvannyam pomylok zasobiv kontrolyu [Markov models for functional safety assessment of instrumentation and control systems based on self-checking programmable platforms]. Radioelektronni i komp'uterni sistemi - Radioelectronic and computer systems, 2019, no. 4(92), pp. 17-29. DOI: 10.32620/reks.2019.4.02

Mohammadpourfard, M., Genc, I., Lakshminarayana, S., Konstantinou, C., Attack Detection and Localization in Smart Grid with Image-based Deep Learning. 2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), 2021, pp. 121-126. DOI: 10.1109/SmartGridComm51999.2021.9631994.

Rashed, M., Gondal, I., Kamruzzaman, J., Islam, S. State Estimation within IED Based Smart Grid Using Kalman Estimates. Electronics, 2021, vol. 10, no. 15, article no. 1783. 6 p. DOI: 10.3390/electronics10151783.

Fursov, I. I., Shmatko, O. V. Analiz statystychnykh pokaznykiv dyspersiyi, asymetriyi ta ekstsesu pry vyznachenni porushenʹ informatsiynoyi bezpeky kiberfizychnykh system vitrovykh heneratoriv [Analysis of statistical indicators of variance, asymmetry and excess in determining information security violations of cyberphysical systems of wind turbines]. Radioelektronni i komp'uterni sistemi – Radioelectronic and computer systems, 2021, no. 4, pp. 132-144. DOI: 10.32620/reks.2021.4.11.

Lysenko, S. M., Kharchenko, V. S., Bobrovnikova, K. Y., Shchuka, R. V. Computer systems resilience in the presence of cyber threats: taxonomy and ontology [Rezyl’yentnist’ kom’’yuternukh system v umovakh kiberzahroz: taksonomiya ta ontolohiya]. Radioelektronni i komp'uterni sistemi - Radioelectronic and computer systems, 2020, no. 1(93), pp. 17-28. DOI: 10.32620/reks.2020.1.02.

Rehmani, M. H., Davy, A., Jennings, B., Assi, C. Software-Defined Networks-Based Smart Grid Communication: A ComprehensiveSurvey. IEEE Communications Surveys & Tutorials, 2019, vol. 21, iss. 3, pp. 2637-2670. DOI: 10.1109/COMST.2019.2908266.

Raza, N., Akbar, Q. M, Soofi, A., Akbar, S. Study of Smart Grid communication network architectures and technologies. Journal of Computer and Communications, 2019, vol. 7, no. 3, pp. 19-29. DOI: 10.4236/jcc.2019.73003.