Electric power supply is an essential component for several sectors including manufacturing, healthcare, building management, water distribution, and transportation systems. Hence, any interruption in electric power is likely to have an undesirable impact on the overall operation of any residential or commercial ecosystem. The serious impacts of power supply interruption attacks have been realized in the recent cyber incidents such as the Ukraine power blackout. It is also evident from recent incidents that both network and process vulnerabilities are crucial for an adversary to cause an adverse impact on the operation. This paper reports an investigation into power supply interruption and malicious power generation attacks focusing on process and network vulnerabilities. The investigation was conducted in two steps: First, a vulnerability assessment was conducted on a fully operational electric power testbed. Next, the vulnerabilities discovered were exploited to perform different types of power supply interruption attacks and malicious power generation attacks. The attacks were executed using control code modification and SMA, a PV converter manufacturer, portal manipulation. The attacks reported here are useful for researchers and smart-grid operators to design and develop effective protection, detection, and response mechanisms.

中文翻译：

---

对智能电网的攻击：电源中断和恶意发电

电源是制造，医疗保健，建筑管理，配水和运输系统等多个领域的重要组成部分。因此，任何电力中断都可能对任何住宅或商业生态系统的整体运行产生不良影响。在最近的网络事件（例如乌克兰停电）中，已经意识到电源中断攻击的严重影响。从最近的事件中还可以明显看出，网络和进程漏洞对于使对手对操作造成不利影响至关重要。本文报告了针对电源中断和恶意发电攻击的调查，重点是过程和网络漏洞。该调查分两个步骤进行：首先，在完全可操作的电力测试平台上进行了漏洞评估。接下来，利用发现的漏洞执行不同类型的电源中断攻击和恶意发电攻击。使用控制代码修改和光伏转换器制造商SMA，门户操纵来执行攻击。此处报告的攻击对于研究人员和智能电网运营商设计和开发有效的保护，检测和响应机制非常有用。