Network-Level Vulnerability Assessment of Synchrophasor Measurement Devices

Vulnerability assessment forms the foundation for remediation activities that an organization develops as a part of risk assessment and mitigation. This paper presents a synchrophasor measurement device-specific cyber security vulnerability assessment at the network level. A synchrophasor network is essential for a wide-area measurement system (WAMS) that assembles time-synchronized data from multiple power network components and facilitates the processing and transferring of these data. Attackers can leverage their knowledge of firmware and protocols to disrupt or critically damage the functioning of the power system stealthily. Nevertheless, the exploitation can be curbed or controlled if the operator is aware of the vulnerabilities associated with the field devices. The authors detail their analysis on the following aspects: 1) classification of attacks in synchrophasor network; 2) type of resources and reconnaissance sufficient to launch an attack on field devices; and 3) identification, demonstration, and exploitation of synchrophasor device vulnerabilities. The work showcases exploitable vulnerabilities to understand the breadth and scope of a synchrophasor measurement device's exposure to a possible cyber attack. The reverse-engineered attack focuses on capturing essential features of packets and consuming the bandwidth during the three-way handshake among legitimate entities. The latency in packet transmission is gradually increased, which results in retransmission; thus, the legitimate connection gets terminated. Thus, the paper provides situational awareness at the device level and credible information regarding loopholes and weak links in field devices.