Publication | Open Access
Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system
13
Citations
0
References
2018
Year
EngineeringInformation SecurityPower System ApplicationsControl SystemsIec 60870-5-104Attack SimulationScada SecurityCommand Injection AttacksSystems EngineeringSecurity ControlCps SecurityComputer EngineeringSmart Grid SecurityIec 60870-5-104 ProtocolData SecurityScada SystemSmart GridSecurityControl System SecurityIndustrial Informatics
IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.