Protection of Energy Network Infrastructures Applying a Dynamic Topology Virtualization

Abstract

Rapid progress of computing and info-communication technologies (ICT) has changed the ecosystem of power production and delivery. Today, an energy network is a complex set of interrelated devices and information systems covering all areas of electric power operations and applying ICT based on open standards, such as IEC 60870, IEC 61850, and IEC 61970. According to IEC 62351, the energy networks are faced with high cybersecurity risks caused by open communications, security requirements rarely considered in the energy facilities, partial and difficult upgrades, and incompatibility of secure tools with industrial solutions. This situation results in new security challenges, e.g., denial of service attacks on the connected controllers, dispatching centers, process control systems, and terminals. IEC 62351 describes possible ways to comprehensive security in the energy networks. Most of them used in traditional networks (e.g., firewalls, intrusion detection systems) can be adapted to the energy networks. Honeypot systems as a protection measure help us to mitigate the attacks and maintain necessary security in the networks. Due to the large scale of an energy network and heterogeneity of its components, a new design, deployment, and management strategy for the honeypot systems are required. The paper suggests a new method for organizing a virtual network infrastructure of a hybrid honeypot system and a dynamic management method that adapts the network topology to the attacker’s actions according to the development graph of potential attacks. This technique allows us to dynamically build virtual networks of arbitrary scale. Because of the similarity of the virtual network to the virtualized origin and providing the level of interactivity of its nodes corresponding to real devices, this technique deploys an energy network indistinguishable from the real one for the attackers. A prototype of our honeypot system has been implemented, and experiments on it have demonstrated the more efficient use of the computing resources, the faster reaction to the attacker’s actions, and the deployment of different sizes of virtual networks for the given limits of the computing resources.