• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation
 

Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation

on

  • 700 views

Steve Parker presents to the Georgia Distribution and Transmission Automation Group starting off with a ficticious quote from Mark Twain and ending with a real one. Mr. parker's presentation hinges on ...

Steve Parker presents to the Georgia Distribution and Transmission Automation Group starting off with a ficticious quote from Mark Twain and ending with a real one. Mr. parker's presentation hinges on his hyposthese: "We have yet to see a significant cyber related outage in the North American power grid because those who have the ability to cause such, lack the motivation to do so."

Statistics

Views

Total Views
700
Views on SlideShare
678
Embed Views
22

Actions

Likes
0
Downloads
9
Comments
0

2 Embeds 22

http://www.us-nesco.org 21
http://nesco.energysec.wpengine.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • We don’t prevent the weather, we prepare for it. Likewise, cybersecurity is not a problem to be solved, it is a risk to be managed.
  • Which is it? Is the cyber threat overhyped, or under appreciated? The truth is probably somewhere in the middle.
  • Background is to provide context for my commentsTechnology since childhoodSecurity since 1996, officially since 2000Broad background across many technologiesGive brief description of each jobIntroduce background on EnergySec and NESCO
  • Everything is being made with a digital component.
  • Answer is 5.

Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation Presentation Transcript

  • Hype, Hope, andHappenstance: Cyber Threatsand Opportunities in an Age of Automation Georgia Distribution and Transmission Automation Group April 2, 2012 Forsyth, GA
  • A Quote Everybody talks about cybersecurity, but nobody does anything about it. -Mark Twain The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 2
  • A Question
  • A Hypothesis We have yet to see a significant cyber related outage in the North American power grid because those who have the ability to cause such, lack the motivation to do so. The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 4
  • About Me Security Professional by choice Nextel Communications 1997-2000 US Bank Information Security 2000-2001 PacifiCorp Security 2001-2009 WECC CIP Auditor 2009-2010 EnergySec (NESCO) 2010 - ?
  • I am not an Engineer
  • About EnergySec 7/2004: EnergySec founded as E-Sec NW 1/2008: SANS Information Sharing Award 12/2008: Incorporated as EnergySec 10/2009: 501(c)(3) nonprofit determination 4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA 7/2010: NESCO grant award from DOE 10/2010: NESCO became operational
  • The System Greatest engineering achievement of 21st century 1 Trillion watts of generation 850 Billion watts of transmission capacity 150,000 miles of high voltage transmission Ubiquitous Average uptime 99.995% (SAIDI = 244) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 8
  • Smart Gridtopia The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 9
  • But what can I do with it? Distributed Generation Demand Response Market pricing at the consumer level Frequency Response (EVs) Renewables integration Micro Grids Energy Storage The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 10
  • Automation Automated Generation Control Special Protection Systems Synchrophasor Applications Load Shedding Advanced Metering Infrastructures Centralized Control Systems The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 11
  • There’s an App for That “Get mobile access to your control system via an iPhone, iPad, Android and other smartphones and tablet devices. The Ignition Mobile Module gives you instant access to any HMI / SCADA project created with the Ignition Vision Module.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 12
  • To The Cloud! “Use any standard browser on any device to access HMI. No downloads, no tedious installs, no plug-ins. Login and you have the HMI in your hands wherever you are: factory cafeteria, or parking lot, or on the beach, or even the golf course!” “GoToMyHMI provides Secure, Easy and Fast access from any Browser to InstantHMI 6.0, ready to serve you on the cloud today. Remotely Monitor, ACK Alarms and Control your HMI for one low flat fee.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 13
  • The Double-edged Sword Email Fraud/Phishing Facebook Privacy Online Banking Online Theft Computerized Trading Market Manipulation Smart Grid ??? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 14
  • Attack Surface EMS Communication DMS Remote Access DCS Vendor Support E-Tagging Supply Chain Trading [HLWMV]ANs AGC The Cloud ICCP Mobile devices AMI SCADA The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 15
  • Logical Distance Increasing Clicky-clicky Whirly-whirly The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 16
  • Today’s Shiny Object Headline presentations at BlackHat/DefCon, DerbyCon, RootedCon, B Sides … Wall Street Journal, National Journal, CNN Too many IT trade publications to name Blockbuster films, prime time TV shows Person-on-the-street, Congress, White House The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 17
  • March 2012 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 18
  • From Obscurity to Novelty Smart Meter hacking Hacking cookbooks, fuzzers, sniffers, re versing Metasploit, Core Impact, etc Supply chain attacks Manuals available in all languages on Internet The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 19
  • Current Events Facebook Social Engineering Attack Strikes NATO http://www.informationweek.com/news/security/government/232602419 "The top military commander in NATO has been targeted by attackers wielding fake Facebook pages.” Teen Exploits Three Zero-Day Vulns for $60K Win in Google Chrome Hack Contest http://www.wired.com/threatlevel/2012/03/zero-days-for-chrome/ "The tall teen, who asked to be identified only by his handle “Pinkie Pie” … spent just a week and a half to find the vulnerabilities and craft the exploit, achieving stability only in the last hours of the contest.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 20
  • …To Name a Few The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 21
  • TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 22
  • Cybersecurity Landscape The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 23
  • People are talking 6,750,000 results
  • Point, Click, Hack “In some scarier than your average security news, thanks to several Program Logic Controllers (PLC) exploits that were added to Metasploit today, "hacking SCADA systems can be push of a button easy," tweeted HD Moore, CSO of Rapid7 and Source: Network World (http://goo.gl/K5xZ7) Chief Architect of Metasploit.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 25
  • Vulnerability Disclosure The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 26
  • Vulnerabilities
  • Air-Gaps, Unicorns and Bigfoot The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 28
  • 10,000 Reasons to Worry Source: www.wired.com/threatlevel/2012/01/10000-control-systems-online The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 29
  • Technology Landscape  A new digital world order  Lingering legacy  Widespread connectivity  Hyper-embeddedness  Cyber-kinetic impacts
  • Advantage: Adversaries Intelligent, adaptive adversaries exist, and they don’t follow the rules or compliance checklists
  • Advantage: Adversaries  Google search for “APT” – 34 hits in Jul 09 – 169 hits in Jan 10 – 1.2M+ hits June 11  Google search for “cyberwar” – 416 hits Dec 09 – 1.4M hits Feb 10 – 3.4M+ hits June 11  Welcome to the cyberarms race9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 32
  • What to do? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 33
  • Nothing New Under The Sun  Mature security practices; highly refined – Defense in Depth – Principle of Least Privilege – Segregation of Duties – Need to Know – Availability, Integrity and Confidentiality  No Silver Bullet, 100%, Total Security  Strong protection has never been easy, inexpensive or quick to implement (pick two) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 34
  • Compliance The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 35
  • There ought to be a Law…???  Laws are reactionary, not visionary.
  • Regulatory Landscape  Posse Comitatus Act, 18 U.S.C. 1385  Antitrust Laws  Sherman Antitrus Act, 15 U.S.C. 1-7  Wilson Tariff Act 15, U.S.C. 8-11    Clayton Act 5 of the Federal Trade Commission (FTC), 15 U.S.C. 12-27 Clayton Act 5 of the Federal Trade Commission (FTC), 15 U.S.C. 45(a) National Institute of Standards and Technology (NIST), Act (p. 13) 15 U.S.C. 271 Yes, this is an eye-  chart to make a Radio Act of 1912  Federal Power Act (p. 13), 16 U.S.C. 791a et seq., 824 et seq.  Radio Act of 1927  Communications Act of 1934 (p.14), 47 U.S.C. 151 et seq.    National Security Act of 1947 (p. 15), 50 U.S.C. 401 et seq. US Information and Educational Exchange Act of 1948 (Smith-Mundt Act) (p. 15), 22 U.S.C. 1431 et seq. Defense Production Act of 1950, 50 U.S.C. App. 2061 et seq. point  State Department Basic Authorities Act of 1956 (p. 17), 22 U.S.C. 2651a  Brooks Automatic Data Processing Act  Freedom of Information Act (FOIA) (p. 17), 5 U.S.C. 552  Omnibus Crime Control and Safe Streets Act of 1968 (p. 19), 42 U.S.C. Chapter 46, 3701 to 3797ee-1  Racketeer Influenced and Corrupt Organizations Act (RICO) (p. 19), 18 U.S.C. Chapter 96, 1961-1968  Federal Advisory Committee Act (p. 20), 5 U.S.C. App., 1-16  War Powers Resolution, 50 U.S.C. Chapter 33, 1541-1548.  Privacy Act of 1974 (p. 20), 5 U.S.C. 552a  Foreign Intelligence Surveillance Act of 1978 (FISA), 18 U.S.C. 2511, 2518-9,  Foreign Intelligence Surveillance Act of 1978 (FISA), 50 U.S.C. Chapter 36, 1801-1885c  Privacy Protection Act of 1980, 42 U.S.C. Chapter 21A, 2000aa-5 to 2000aa-12  Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (p. 21), 18 U.S.C. 1030  Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1030  Electronic Communications Privacy Act of 1986 (ECPA) (p. 22), 18 U.S.C. 2510- 2522, 2701-2712, 3121-3126  Department of Defense Appropriations Act, 1987 (p. 24), 10 U.S.C. 167  Computer Security Act of 1987, 15 U.S.C. 272, 278g-3, 278g-4, 278h  Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. 552a  High Performance Computing Act of 1991 (p. 24), 15 U.S.C. Chapter 81  Communications Assistance for Law Enforcement Act (CALEA) of 1994 (p. 26), 47 U.S.C. 1001 et seq.  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 37
  • Regulation is Futile Regulation kills creativity, innovation, a nd passion, all of which are needed to achieve success in cybersecurity.
  • NERC CIP in 30 SecondsCIP-002 - Figure out what needs to beprotectedCIP-003 - Establish policy and programsCIP-004 - Address personnel issuesCIP-005 - Create electronic perimetersCIP-006 - Create physical perimetersCIP-007 - Provide system level securityCIP-008 - Figure out how to respond toincidentsCIP-009 - Figure out how to recover from TM EnergySec The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3 9
  • Action vs. Attitude You can prescribe action, but not attitude
  • Activity vs. Outcome Are we doing/requiring the right things?
  • Backwards?… Maybe soCompliance spending increasing sharply while security spending is increasing slowly.Companies find $$ for compliance while cutting other critical areas.
  • Leverage NERC CIP CIP spending 25% of IT security budgets Get Smarter about spending Integrate Decisions (IT- Ops– Compliance) Secure solutions + Compliance
  • MisthinkingIt Can’tHappen
  • It Can’t Happen This is nearly always FALSE Attackers are always seeking (and finding) new ways to compromise technology Obscurity is not a defense.
  • DNS Exfiltration If you can resolve a DNS name on a system… Technique is being actively used in the wild In many cases, detection is the only defense
  • Flank Attacks RSA – Stolen 2-factor auth token data Industrial Espionage/Supply Chain Certificate Authorities Corporate Networks Partner Networks The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 47
  • Organized Attackers Underground markets Criminal infrastructure Botnets Attackers for hire The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 48
  • It Won’t Happen  It most cases, this is TRUE, but we don’t know which ones  Somebody WILL be compromised.  Everybody MIGHT be compromised  We are becoming a target
  • The Wildebeest Defense Yes, there are lions, but there are so many of us that the chances I’ll get eaten are small Can effective against isolated threats, but doesn’t help against common maladies Doesn’t work if you’re slow or weak
  • There may be more lions than you think HBGary RSA Sony Lockheed Martin NASDAQ
  • It won’t matterKinetic impactsEconomic impactsReputational impactsOthers?
  • What is Critical?
  • Culturing Security Treat security like safety The basics shouldn’t be magic Distribute the load Security is everyone’s job Social engineering is a waste of time Focus on the solution: training & awareness The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 54
  • No 100% Prevention The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 55
  • And Finally “The rumors of my death have been greatly exaggerated.” -Mark Twain The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 56
  • Thank You! Steven H Parker V.P. Technology Research and Projects, EnergySec Co-Principal Investigator, National Electric Sector Cybersecurity Organization steve@energysec.org 503.446.1214 (desk) @es_shp (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 57