Security issues of a phasor data concentrator for smart grid infrastructure
Article, Conference object
Smart Grids, Synchrophasors, Phasor Measurement Unit, Phasor Data Concentrator, C37.118, SQL Injection, Critical Infrastructure Protection, Security, Dependable Computing
The use of PMUs (Phasor Measurement Units) for measurement and control of the power grids over wide areas is becoming fundamental to improve power system reliability. Synchrophasors, that enable a synchronized evaluation of the phasor through GPS radio clock, are being extensively deployed together with network-based PDC (Phasor Data Concentrator) applications for providing a precise and comprehensive view of the status of the entire grid. The objective of this paper is to raise the awareness about the security issues related to the adoption of such technologies in power grids. In particular, we address two main vulnerabilities of the synchrophasor networks: (i) the protocols used to exchange data between the PMU and the PDC are usually not encrypted, and (ii) PDCs do not automatically sanitize the data received from the PMU. These vulnerabilities tremendously increase the exposure of a power distribution infrastructure to threats of cyber-attacks. In the paper we present an application scenario where such vulnerabilities are exploited by performing a SQL-injection attack that compromises the database used to store PMUs data.