Los sistemas SCADA eran considerados como seguros debido a que se encontraban aislados del exterior. Actualmente, estos sistemas operan conectados al exterior y utilizan protocolos de comunicación abierta, estandarizada y con pocas o nulas medidas de seguridad. Para poder aumentar la integración de sistemas de energía renovables y tener un manejo eficiente de la energía se planea hacer uso de los sistemas SCADA. Las vulnerabilidades de los sistemas SCADA junto con las de los dispositivos conectados a la red local del usuario representan un riesgo a la red eléctrica. En este trabajo se presentan pruebas de penetración en un ambiente controlado a un inversor inteligente bajo los mismos ataques que se utilizan en los sistemas de Tecnologías de la Información.

Palabra(s) Clave: DER, Pruebas de penetración, SCADA.

Abstract

SCADA systems were considered safe because they were isolated from the outside. Currently, these systems operate connected to the exterior and use open, standardized communication protocols with little or no security measures. To increase the integration of renewable energy systems and have an efficient management of energy, it is planned to make use of SCADA systems. The vulnerabilities of the SCADA systems together with those of the devices connected to the user's local network represent a risk to the electricity network. In this paper we present penetration tests in a controlled environment to an intelligent inverter under the same attacks that are used in conventional information systems.

Keywords: DER, Penetration testing, SCADA.

ARROW. (2016). IoT Operating Systems: https://www.arrow.com/en/research-and-events/articles/iot-operating-systems

Bruce, J. (2017). How easy is it to crack a Wi-Fi network?: https://www.makeuseof.com/tag/how-easy-is-it-to-crack-a-wifi-network-makeuseof-explains/

Cagalaban, G. (2009). SCADA Network Insecurity: Securing Critical Infrastructures through SCADA Security Exploitation. Journal of Security Engineering, 6(6), 473–482.

CEC. (2014). Recommendations for updating the technical requirements for inverters in distributed energy resources.

EPRI. (2016). Common Functions for Smart Inverters: 4th Edition.

Federal Office for Information Security. (2016). Industrial Control System Security - Top 10 Threats and Countermeasures. BSI Publications on Cyber-Security, 1–20.

Francia, G., Thornton, D., & Brookshire, T. (2012). Cyberattacks on SCADA Systems.

GAO. (2004). Critical Infrastructure Protection Challenges and Efforts to Secure Control Systems.

GE. (2012). Top 10 Cyber Vulnerabilities for Control Systems.

HP. (2015). HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack: http://www8.hp.com/in/en/hp-news/press-release.html?id=1744676#.WgTolltSxhE

ICS-CERT. (2018). US-CERT SCADA Vulnerabilities: https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities

Krutz, R. L. (2006). Securing SCADA Systems. Wiley.

Makhija, J., & Subramanyan, L. R. (2003). Comparison of protocols used in remote monitoring: DNP 3.0, IEC 870-5-101 & Modbus.

Modbus-IDA. (2012). Modbus Application Protocol Specification: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf

NERC. (2007). Top 10 Vulnerabilities of Control Systems and Their Associated Mitigations.

NI. (2015a). LabVIEW MODBUS Library: http://www.ni.com/example/29756/en/

NI. (2015b). Overview of Best Practices for Security on RIO Systems: http://www.ni.com/white-paper/13069/en/

NIST. (2012). Advanced power system management functions and information exchanges for inverter-based DER devices, modelled in IEC 61850-90-7.

Ralston, P. A. S., Graham, J. H., & Hieb, J. L. (2007). Cyber security risk assessment for SCADA and DCS networks. ISA Trans.

Seal, B. K. (2013). Smart Inverters. EPRI: http://smartgrid.epri.com/doc/Smart Inverters - Smart Grid Informational Webcast.pdf

Skopik, F., & Smith, P. (2015). Smart Grid Security - Innovative Solutions for a Modernized Grid. Elsevier Science Publishing.

Ward, M. (2016). How easy is it to hack a home network?. BBC: www.bbc.com/news/technology-35629890

Wiles, J. (2008). Techno Security’s Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure. Elsevier.

Zhu, B., Joseph, A., & Sastry, S. (2011). A taxonomy of Cyber Attacks on SCADA Systems. IEEE International Conferences on Internet of Things and Cyber, Physical and Social Computing.