Covert channel communication through physical interdependencies in cyber-physical infrastructures

Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.