Upload
clubhack
View
1.469
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options. We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
Citation preview
SMART GRID SECURITY
Who am I ?
Falgun Rathod A Security Researcher An Investigator Managing Director & Founder – Cyber
Octet (P) Ltd. Co-Chairman – PR Group of Companies (Cyber Octet (P) Ltd. & Elecorev
Technogies (P) Ltd.) (IT & Security) (Electronics &
AI)
SCADA
Automated Metering Infra
What’s a “Smart Grid?”
Smart Grid is a developing Network of new Technologies, equipment, and controls working together to respond immediately to our 21st Century demand for electricity.
Technology Used Integrated Communication Sensing Smart Meters Phasor Measurement Units Advanced Components Advanced Control Decision Support System Smart Power Generation
What’s a “Smart Grid?”
SmartGrid
GAO Report – Released January 2011
Regulatory Policyand Rule-making
Data, Analytics, and Information
Smart Meters and
Communications
DistributedAnd Renewable
Energy
Sensors and
Grid Control
Demand Response
Custom Applications
New Devices
and Systems
Open andUbiquitousCommunication
SGCN
Plug In Electric Hybrid
Vehicles
Supported By…
Security
Guided By…
Enterprise Integration
Energy Efficiency
EnhancedFlexibility &
ControlCongestion
Management
Generation
VoltageStability
Results…
Another View – Smart Grid Communications Network
PAST HARD-WIRED CONTROL
PRESENTSCADA / RF ENABLED
NEAR FUTURESMART GRID / RF PERVASIVE
Intense financial pressure to reduce staffing; hence more “remote” RF
Computerization and RF control common in all industries
Project implementation excellence not always followed by outstanding security operations
SCADA hacking can cause ‘ “wholesale” damage to neighborhoods and equipment
Uncertain regulatory, audit, and liability landscape
Control inside-the-home of all appliances
Wide use of 802.x, ZigBee, X10 methodologies
Uncertain Software Provenance, Packaged Code and Offshore Development Zero-Day Attacks
Increased organized crime/ terrorist focus
Potential for damage to, and “net” theft by, every customer
Revenue/Risk Asymmetry for each customer
Transition to IP and Windows “Monoculture” for RF devices
Increased public and regulatory Scrutiny
Most controls are “hard wired” AND require manual intervention
Lesser public availability of RF devices
Little capability for damage to or financial benefit from RF attacks
Cost-plus charging – “If we need it, we’ll do it! If we can’t do it, we’ll buy it!”
Clear regulatory and
financial landscape
Evolution of Electrical Utility Risks
GRIDS can be Hacked :P
Example from 2006 SANS SCADA Security Summit, INL
Overview of Cyber Security – Threats
Internet
Internet
Admin
Acct
Opens Email with Malware
Admin
Send e-mail with
malware
1. Hacker sends an e-mail with malware
2. E-mail recipient opens the e-mail and the malware gets installed quietly
3. Using the information that malware gets, hacker is able to take control of the e-mail recipient’s PC!
4. Hacker performs an ARP (Address Resolution Protocol) Scan
5. Once the Slave Database is found, hacker sends an SQL EXEC command
6. Performs another ARP Scan
7. Takes control of RTU
Slave Database
Operator
Operator
MasterDB
RTU
PerformARP Scan
SQLEXEC
PerformARP Scan
Take
s Contro
l of R
TU
Example from AMRAWebinar, Nov ’06“The Active Attacker”
Overview of Cyber Security – Threats
U N I V E R S I T YU N I V E R S I T Y
AMI WAN AMI WAN AMI WAN
Communications Network(WAN)
Communications Network(WAN)
Data Management
Systems(MDM/R)
Retailers3rd Parties
AMCC (Advanced
Metering Control Computer)
Attacker
Cyber Penetration
Attacker Controls the Head
End
Attacker Performs Remote
Disconnect
Cyber Security Challenges
The challenge is complex and continuously changing
Legacy systems need to be protected Number and geographic location of end
points Relationship to physical security Systems are 7x24 and critical The human element / social engineering
Cyber Solutions - Defense in Depth
Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Physical Security
Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711 (Serial Connections) NAC Scanning
Monitoring Management Processes
IDS Intrusion Detection SystemIPS Intrusion Prevention SystemDMZ DeMilitarized ZoneVPN Virtual Private Network (encrypted)AV Anti-Virus (anti-malware)NAC Network Admission Control
“LAYERS” OF CONCERN
Physical Layer Security Natural Disasters
Snow Storms Hurricanes Solar Flares Geomagnetic Storms Earthquakes Flooding Volcanoes
Recognize that Location of the Smart Grid Components Can Be Affected by the Surrounding Environment
Physical Layer Security (2)
Steal the Meters – Sell the Devices
RESPONSE: METER “LASTGASP” ALERTS WHEN
DISCONNECTED
Physical Layer Security (3)
Tamper with the Meter
Cause Meter to Stop Reading - Disconnect Cause Meter to Mis-Read (or Reverse) Inject Malware Modify Encryption Modify Authentication Mechanism
• July 2009 – Black Hat Conference
• IOActive, Seattle InfoSec Firm
• Proof of Concept – 24 Hours Caused 15,000 of 22,000 Home Smart Meters Taken Over by Malware/Worm
Physical & Cyber
Opening the Meter
Accessing Exposed Ports and Connectors Intercept Data Between Microcontroller and Radio
Infrared Port Attack/Hack
Cyber Layer Security
The Biggest Opportunity for Trouble “The Last Mile” Issues Remember – Added Complexity Causes Concerns
“Last Mile”
Broadband Power Line Systems
Power Line Carrier Systems
Public Switched Telephone Network (PSTN)
Cat5/6 Network Connection Radio Frequency
WiMax ZigBee 6LoWPAN 802.11x Cellular
(CDMA/EVDO, GSM, LTE)
Cyber Attacks
Remember C I A Confidentiality Attacks
Reading, “Sniffing” the data Integrity Attacks
Changing the Data Availability Attacks
Denial of Service – Prevent Use of Service
Confidentiality Attacks
Buffer Overflow
Inject Data that is too “Big” for the Meter/System Predominantly Caused by Bad Software Development
Snooping / Sniffing
Reading / Capturing the Data between Meter and Collector and Vice Versa Also Internal to Meter Between Microcontroller and Radio A Reason for Encryption – “Cleartext is Bad”
Hacking the Encryption
Some Protocols Easy to Break Causes – Weak Keys, Weak Protocols, Weak Initialization Vectors Man-in-Middle Attack “Bit Flipping” Attacks (Weak Integrity Functions)
Breaking Into Password Storage on Devices “Race Condition” Exploits
A race condition is of interest to a hacker when the race conditioncan be utilized to gain privileged system access.
Integrity Attacks
Key: Change the Data Replay Attacks (Man-in-the-
Middle) Why?
Change the Bill (Up or Down) Modify Usage Data Use Data for Fraud Use as Alias
“Gee Officer, I wasn’t home that night!”
Availability Attacks Denial of Service (DoS) Attacks
Examples: Georgia Cyber War, Estonia Cyber War Spoofing
Pretending You are Another Meter Meter Authentication Weaknesses
Manipulate Meter to Collector
Or Manipulate Collector to Meter
Name Resolution Attacks
Meter Name Cache Poisoning Denial of Service Attacks Against DNS Servers Reroute Meter Traffic to Another Meter or Collector or Network
Hold Ransom
Before Super Bowl? Over a Community/Neighborhood?
Wartime Reserve
Chipset Backdoor “Pre-Attack” in Smart Meters
http://www.aclaratech.com/AclaraRF/PublishingImages/starsystem_th.jpg
Privacy Attacks
http://www.dora.state.co.us/puc/DocketsDecisions/DocketFilings/09I-593EG/09I-593EG_Spring2009Report-SmartGridPrivacy.pdf
Privacy Attacks (2)
Determine Lifestyles Determine Best Time to Rob Use Info to “Sell” Services (e.g., “I’m here to fix your broken refrigerator,
Ma’m!)
http://www.baystatetech.org/graphics/major-app.jpg
STORAGE ISSUESA Paradigm Shift
www.smartgridnews.com
Microsoft Clip Art Online
“Data Avalanche!” – Numerous Data Fields and Classes
Simple Data Fields – KWH Used Since Last Reading
Read Every ~15 Minutes or More FrequentlyMinimal Data Accumulation
Automatic ReadingRead Monthly (or Less Frequently)
“Smart” Digital Meters & “Smart” Sensors
Analog Meters or Simple Digital Meters Manually Read or Use “Drive By” Reading
The Future Smart GridToday’s Environment
www.smartgridnews.comCircuit Breaker
ENHayden - Used with Permission
Relays – ENHayden -- Used with Permission
Costs for More Data Centers and Storage
Error Handling
Data Analytics and Business Intelligence Resources
Security of Data – Static and Dynamic…Stored or in Transit
Privacy of Data – Consider EU Privacy Laws
Consumer Education Requirements
Auditing, Reporting, Regulatory Impacts
Storage Considerations
What To Do? #1: DON’T GIVE UP! #2: DON’T IGNORE THE THREATS! #3: LEARN AND STUDY – DO THREAT MODELING #4: INCLUDE SECURITY, IT, UTILITY OPERATIONS
IN PLANNING AND SOLUTION DEVELOPMENT #5: WORK WITH SECURITY EXPERTS
& CONSULTANTS #6: ASK HARD QUESTIONS #7: BUILD DEFENSE-IN-DEPTH IN EVERY PHASE OF
YOUR SMART GRID SOLUTION #8: INCIDENT RESPONSE SET UP, PRACTICED #9: STORAGE – PLAN, IDENTIFY CONTINGENCIES,
LOOK OUTSIDE THE BOX #10: INCLUDE SECURITY EARLY, OFTEN
QUESTIONS?