Session ID:

Session Classification:

Robert M. Hinden Check Point Software

HT-R35B

Intermediate

THE THREAT TO THE

SMART GRID

IS WORSE THAN WE

THINK

► Smart Grid Overview

► The Problem

► Challenges

► Solutions

OVERVIEW

► IP Networking of the Electrical

Power Network

► Substations, distribution network, transmission

networks, smart meters, homes/businesses

► Worldwide Investment

► Biggest upgrade to electrical power infrastructure in many years

► $3.4B of US Stimulus funds toward electric grid projects

► Clear Return on Investment

► Real time measurement of power consumption allowing better

coupling of generation to usage

► Remote adds/disconnects, meter reading, etc.

WHAT IS THE SMART GRID?

THE SMART GRID

(http://deepresource.files.wordpress.com/2012/04/smart-grid-concept.png)

► Networking Power Production

and Distribution Infrastructure ► NERC-CIP – Federal Critical Infrastructure protection

► IEC 61850 – How do you network Infrastructure

► IEEE 1613 – Environmental requirements for

Substations

► Smart Meters

► Allow real time power measurement and

remote disconnect / reconnect

► Home / Corporate Networks ► Gateway to electric power devices inside home

or corporation

SMART GRID COMPONENTS

THE PROBLEM

► It’s obvious that we want a secure

Smart Grid

► Who wants hackers to

turn off the power?

► The attacks are evolving faster

than the current security solutions

► Energy companies and traditional

electrical equipment vendors are not

exactly security experts

THE PROBLEM

► The problem is similar to what enterprises face today

► But the consequences of an attack are much greater

► Internet attacks where credit cards are

stolen or corporate data is compromised

are troublesome

► But they don’t cause people to die

► Attacks on the power infrastructure

have consequences ranging from

► Turning off the power

► Disruption of traffic and transportation systems

► Killing people by turning off life support in hospitals

THE PROBLEM (continued)

41% of

Incidents

reported and

investigated in

2012 were

Energy related

(82 out of 198)

US DHS INDUSTRIAL

CONTROL SYSTEMS

CERT 2012 REPORT

( http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_Oct-Dec2012.pdf )

1 http://www.euractiv.com/energy/european-renewable-power-grid-ro-news-516541 2 http://ics-cert.us-cert.gov/pdf/ICS-CERT_Monthly_Monitor_Oct-Dec2012.pdf

2012 EXAMPLES ► Cyber Attack on European Renewable Power Grid

► 5 day attack kept communication systems offline1

► Power Generation Facility

► Malware in control system2

► Virus Infection at Electric Utility

► Virus in turbine control system2

CHALLENGES

► Hard Exterior, Soft Interior model

► Firewalls around the edges

► VPNs between devices and management/data centers

► This isn’t adequate

CURRENT SMART GRID

SECURITY

► USB is a very common attack vector

► STUXNET was initially spread by infected

USB sticks

► Connection to the Internet isn’t the only

attack vector

USB STICK ATTACKS

► Remote control of

High Voltage

Switches

► Talking to one vendor

at a power tradeshow

► “we use passwords to

secure the access”

► That’s going to

work…

WiFi CONTROLLED

SWITCHES

► ICSA-12-354-01—RUGGEDCOM

► Hard-coded RSA SSL private key identified in RuggedCom’s

Rugged Operating System (ROS).

► ICSA-12-243-01 GARRETTCOM

► The Magnum MNS-6K Management Software uses an

undocumented hard-coded password

► ICSA-12-214-01 SIEMENS

► Siemens Synco OZW devices are shipped with a default

password protecting administrative functions

EQUIPMENT WITH DEFAULT

ACCESS

SOLUTIONS

► Hard Exterior / Soft Interior model is not adequate ► Attacks will come from the inside

► Broad and dynamic security measures are needed ► Malware detection

► IPS to inspect control protocols

► Anti-Bot software

► Antivirus and Anti-Malware on all control computers ► Dedicated and general purpose

► Maybe using Windows (especially XP) for controllers isn’t a good

idea

► Frequent updates of software and signatures is critical

► Security awareness of staff needs to be improved

WHAT NEEDS TO BE DONE

► The Smart Grid is the IP

Networking of the

electrical power network

► Current approaches to

Smart Grid security are

not adequate

► Broad and dynamic

security measures are

needed

SUMMARY

QUESTIONS?

THANK YOU