On Design and Enhancement of Smart Grid Honeypot System for Practical Collection of Threat Intelligence
Daisuke Mashima, Derek Kok, and Wei Lin, Illinois at Singapore; Muhammad Hazwan and Alvin Cheng, Custodio Technologies
The smart grid system is exposed to cyberattacks, as demonstrated by the number of real-world incidents in the last few years. The attack strategies keep evolving, and security mechanisms must identify novel attack vectors ideally before they actually hit the system. In this direction, honeypot systems for smart grid infrastructure are considered effective. While use of honeypot systems for general IT security has a history already, implementations for smart grid systems, and industrial control systems in general, are not mature yet. In this paper, we summarize our efforts for designing, implementing, and evaluating our smart grid honeypot system. We started with a prototype implementation of the virtual smart grid infrastructure using open-source tools, evaluate the realism of it from an attacker's perspective through collaboration with cybersecurity experts. We then refined the honeypot system to offer better realism as well as logging features for capture attackers' behaviours.
View the full CSET '20 program at https://www.usenix.org/conference/cset20/workshop-program