Post on 17-Jul-2015
Session ID:
Session Classification:
Robert M. Hinden Check Point Software
HT-R35B
Intermediate
THE THREAT TO THE
SMART GRID
IS WORSE THAN WE
THINK
► IP Networking of the Electrical
Power Network
► Substations, distribution network, transmission
networks, smart meters, homes/businesses
► Worldwide Investment
► Biggest upgrade to electrical power infrastructure in many years
► $3.4B of US Stimulus funds toward electric grid projects
► Clear Return on Investment
► Real time measurement of power consumption allowing better
coupling of generation to usage
► Remote adds/disconnects, meter reading, etc.
WHAT IS THE SMART GRID?
► Networking Power Production
and Distribution Infrastructure ► NERC-CIP – Federal Critical Infrastructure protection
► IEC 61850 – How do you network Infrastructure
► IEEE 1613 – Environmental requirements for
Substations
► Smart Meters
► Allow real time power measurement and
remote disconnect / reconnect
► Home / Corporate Networks ► Gateway to electric power devices inside home
or corporation
SMART GRID COMPONENTS
► It’s obvious that we want a secure
Smart Grid
► Who wants hackers to
turn off the power?
► The attacks are evolving faster
than the current security solutions
► Energy companies and traditional
electrical equipment vendors are not
exactly security experts
THE PROBLEM
► The problem is similar to what enterprises face today
► But the consequences of an attack are much greater
► Internet attacks where credit cards are
stolen or corporate data is compromised
are troublesome
► But they don’t cause people to die
► Attacks on the power infrastructure
have consequences ranging from
► Turning off the power
► Disruption of traffic and transportation systems
► Killing people by turning off life support in hospitals
THE PROBLEM (continued)
41% of
Incidents
reported and
investigated in
2012 were
Energy related
(82 out of 198)
US DHS INDUSTRIAL
CONTROL SYSTEMS
CERT 2012 REPORT
( http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_Oct-Dec2012.pdf )
1 http://www.euractiv.com/energy/european-renewable-power-grid-ro-news-516541 2 http://ics-cert.us-cert.gov/pdf/ICS-CERT_Monthly_Monitor_Oct-Dec2012.pdf
2012 EXAMPLES ► Cyber Attack on European Renewable Power Grid
► 5 day attack kept communication systems offline1
► Power Generation Facility
► Malware in control system2
► Virus Infection at Electric Utility
► Virus in turbine control system2
► Hard Exterior, Soft Interior model
► Firewalls around the edges
► VPNs between devices and management/data centers
► This isn’t adequate
CURRENT SMART GRID
SECURITY
► USB is a very common attack vector
► STUXNET was initially spread by infected
USB sticks
► Connection to the Internet isn’t the only
attack vector
USB STICK ATTACKS
► Remote control of
High Voltage
Switches
► Talking to one vendor
at a power tradeshow
► “we use passwords to
secure the access”
► That’s going to
work…
WiFi CONTROLLED
SWITCHES
► ICSA-12-354-01—RUGGEDCOM
► Hard-coded RSA SSL private key identified in RuggedCom’s
Rugged Operating System (ROS).
► ICSA-12-243-01 GARRETTCOM
► The Magnum MNS-6K Management Software uses an
undocumented hard-coded password
► ICSA-12-214-01 SIEMENS
► Siemens Synco OZW devices are shipped with a default
password protecting administrative functions
EQUIPMENT WITH DEFAULT
ACCESS
► Hard Exterior / Soft Interior model is not adequate ► Attacks will come from the inside
► Broad and dynamic security measures are needed ► Malware detection
► IPS to inspect control protocols
► Anti-Bot software
► Antivirus and Anti-Malware on all control computers ► Dedicated and general purpose
► Maybe using Windows (especially XP) for controllers isn’t a good
idea
► Frequent updates of software and signatures is critical
► Security awareness of staff needs to be improved
WHAT NEEDS TO BE DONE
► The Smart Grid is the IP
Networking of the
electrical power network
► Current approaches to
Smart Grid security are
not adequate
► Broad and dynamic
security measures are
needed
SUMMARY