CYBERSECURITY FOR DUMMIES
2 2
Todays Electric Grid
Markets and Operations Generation Transmission Distribution Customer Use
One-way flow of electricity
Centralized, bulk generation
Limited automation
Limited situational awareness
Consumers lack data to manage energy usage
Smart Grid = Electric Grid + Intelligence
Two way flow of electricity and Information
Interconnected systems
Threats to the Grid
Deliberate attacks
Disgruntled employees
Industrial espionage
Unfriendly states
Organized crime
Inadvertent threats
Equipment failures
User/Administrator errors
Natural phenomena
Weather hurricanes, earthquakes
Solar activity
Trends Impacting Security
Increasing interconnections at all levels
Insecure connections
Connectivity of control systems to other networks
Increasing reliance on automation
Reliance on external communications
Adoption of standardized technologies with known
vulnerabilities
Widespread availability of technical information about
control systems
Smart sensors and controls with enhanced capability and functionality
Top Information System Security IssuesConcern Addressed by
Bypassing Controls Authentication, Policies, Audit
Integrity Violation Encryption and message authentication
Authorization Violation Strong Authentication
Indiscretion Policies
Intercept/Alter Encryption and message authentication.
Illegitimate Use Strong authentication and policies
Information Leakage Policies
Spoof Strong authentication, sealed encryption
Masquerade Strong authentication and encryption
Availability Assessment and correction of vulnerabilities
Eavesdropping/Privacy Encryption
HACKERS AND BAD ACTORS
Hacks Happen
Measuring the allegedly interfering signals coming out of the smart meter
Attempt to stop smart meter communications by putting foil over the meter.
Images courtesy of www.flickr.com
One way to deter an attacker.
Our goal is not to prevent an attack, but to increase the level of work required for the attack to be successful and minimize any effect of the attack.
Vulnerabilities, Threats, Attacks
A vulnerability is a weakness that could be exploited
A threat is a potential occurrence with an undesirable
outcome
An attack is an intentional attempt to exploit a
vulnerability
Hardware and software attacks
Threat/Adversary Model
An Adversaries:
Capabilities
+ Resources
+ Intent
+ Motivation
+ Access
+ Risk Aversion
Threat
Example: An adversary with high capabilities and
low resources - low motivation is not a threat
SECURITY CONCEPTS
Pillars of Information Assurance
Confidentiality
Integrity
Authorization
Authentication
Non-repudiation
Availability
Confidentiality
Ensure that information is
disclosed only to those who
are authorized to view it.
Integrity
Ensure that information has
not been changed
accidentally or deliberately,
and that it is accurate and
complete.
Authentication
The process of confirming
the claimed user or device
Authorization
The approval, permission, or
empowerment to do
something.
Non-Repudiation
The ability to prove that a
specific user and only that
specific user sent a
message and that it hasn't
been modified.
Availability
Ensuring timely and
reliable access to and use
of information.
SECURITY CONTROLS
Security Controls
The safeguards or countermeasures prescribed for
an information system to protect the confidentiality,
integrity, and availability of the system and its
information.
Administrative
Physical
Technical
Administrative Controls
Policies
Change passwords ever 90 days
Personnel Screening
Background checks
System Activity Monitoring
URL monitoring
Change Control Procedures
Patch control
Security Awareness Training
Hallway posters
Physical Controls
Badge access
Cameras
Fences
Lighting
Security guards
Locks
Tamper seals
Technical Security Controls
Access Control
Audit and Accountability
Identification and Authorization
Communications Protection
System Integrity
Access Control
Access Control ensures
that resources are only
granted to those users
who are entitled to them.
Access Control uses
Authentication
Authorization
Monitoring,
User roles
User permissions.
Audit and Accountability Periodic audits determine the
adequacy of the security
requirements, ensure
compliance with security policy,
and are used to detect breaches.
Audits depend on logged events
Date and time of event
Component
Type of event
User/subject id
Non-repudiation
Identification and Authentication
Verifying the identity of a
user, process or device.
User ID/Password, Digital
Certificates, serial numbers
Uniquely identifies users
process, or devices
Communications Protection
Protect the Smart Grid System and
communications links between
components from intrusions.
Management traffic separated from
data traffic,
Limit the effects of denial-of-service
attacks
Firewalls between system boundaries.
Encryption, cryptographic hashing,
digital signatures and certificates.
System Integrity
Data have not been modified
nor deleted in an unauthorized
or undetected manner.
Software patch management,
firmware downloads, system
monitoring, software testing,
event monitoring, secure hash.
SECURITY TECHNOLOGY
Security Technology
Encryption
Asymmetric, symmetric
Encryption key management
Cryptographic Hashing
SHA (secure hash algorithm)
HMAC (hashed message authentication code)
Digital Signatures
RSA digital signatures
Elliptical Curve Cryptography (ECC) digital signatures
Certificates
Logs
Encryption Encryption combines
confusion with diffusion
Confusion obscure the
relationship between you
real message and the
encrypted message
Diffusion spread the
message out
The secret to encryption
is the key
Asymmetric and
Symmetric
Encryption Keys
Symmetric Key
encryption uses
the same key
value to encrypt
and decrypt
Asymmetric key
encryption uses
different key
values to encrypt
and decrypt
Encryption Key Management
Creating, distributing and deleting
keys securely
Symmetric key management
Asymmetric key management
Pre-placed keys, over the air key
updates
Cryptographic Hashing
A cryptographic secure hash
algorithm (SHA) takes an
arbitrary block of data and
returns a fixed-size bit string.
it is infeasible to find a message
that has a given hash,
it is infeasible to modify a message
without the hash being changed,
it is infeasible to find two different
messages with the same hash.
HMAC is a signed hash
Digital Signatures
Digital Signatures are a way to
cryptographically authenticate a
message
Signature is calculated using
the private key and sent to
the receiver
Signature can only be verified
using the public key
RSA digital signatures (DSA)
and ECC digital signatures
(ECDSA)
Digital Certificates
An electronic document
which uses a digital
signature to bind a public
key with an identity , such
as:
The name of a person
The name of an
organization,
Street address
Domain name
X.509 Certificate format
Field Name Description
Public Key Reconstruction Data Device's public key signed by the CA's private key
Subject Contains the IEEE address associated with thecertificate
Issuer Identity of the CA that issued the certificate
Attributes An extra set of data associated with the device whoseauthenticity is guaranteed by the CA.
ECC Implied Certificate format
Logs Event logs are critical to information security
HAN logs
Meter exception and normal alerts
Filed Area Router logs
Head End System
Logs need to be collected, stored and analyzed.
Date Time Priority Hostname Message
04-21-2010 17:09:30 User.Info 192.168.174.8 Wed Apr 21 21:09:29 2010 nohost sys_log.c: SN:9797 [INFO] Syslog heartbeat
04-21-2010 17:09:30 User.Info 192.168.174.8Wed Apr 21 21:09:29 2010 nohost Event Log: SN:9797 [INFO] Heartbeat Wed Apr 21
21:09:29 2010 UTC - free H 17092 - free NP 546 - NP LW 530 M 0 0 2 0 0
Layered Security
Application layer security
Ensures
