SlideShare a Scribd company logo

The Stories We Could Tell: Lessons Learned From The Field

EnergySec
EnergySec
1 of 22
Download to read offline
Smart Grid and Control Systems Tales from the field © 2011 EnerNex. All Rights Reserved. www.enernex.com
About me 2 © 2011 EnerNex. All Rights Reserved. www.enernex.com
What is security? 3 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Why doesn’t this stuff work 4 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Smart Meters So what 5 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Other Smart Meters 6 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Metrology Data mtu Time power cost volts mtu Time power cost volts 1 4/30/2012 14:53 2.324 0.18 117.5 0 4/30/2012 14:53 4.529 0.35 117.6 1 4/30/2012 14:52 1.812 0.14 117.8 0 4/30/2012 14:52 3.88 0.3 117.9 1 4/30/2012 14:51 1.837 0.15 117.8 0 4/30/2012 14:51 3.799 0.3 117.8 1 4/30/2012 14:50 2.141 0.17 117.6 0 4/30/2012 14:50 4.322 0.34 117.5 1 4/30/2012 14:49 2.33 0.18 117.1 0 4/30/2012 14:49 5.951 0.46 117.2 1 4/30/2012 14:48 2.483 0.2 117.4 0 4/30/2012 14:48 6.007 0.47 117.4 1 4/30/2012 14:47 3.164 0.25 116.9 0 4/30/2012 14:47 7.008 0.55 116.9 1 4/30/2012 14:46 3.665 0.29 116.7 0 4/30/2012 14:46 8.064 0.63 116.7 1 4/30/2012 14:45 3.462 0.27 116.7 0 4/30/2012 14:45 8.13 0.63 116.8 1 4/30/2012 14:44 3.457 0.27 116.7 0 4/30/2012 14:44 7.562 0.59 116.8 1 4/30/2012 14:43 3.713 0.29 116.7 0 4/30/2012 14:43 7.631 0.59 116.7 1 4/30/2012 14:42 3.905 0.31 116.5 0 4/30/2012 14:42 8.145 0.63 116.6 1 4/30/2012 14:41 3.405 0.27 116.7 0 4/30/2012 14:41 7.862 0.61 116.8 1 4/30/2012 14:40 2.973 0.23 117.1 0 4/30/2012 14:40 6.566 0.51 117.2 1 4/30/2012 14:39 3.141 0.25 117.1 0 4/30/2012 14:39 5.955 0.46 117.2 1 4/30/2012 14:38 2.696 0.21 117.7 0 4/30/2012 14:38 5.647 0.44 117.7 1 4/30/2012 14:37 2.667 0.21 117.6 0 4/30/2012 14:37 5.588 0.44 117.7 1 4/30/2012 14:36 2.923 0.23 117.6 0 4/30/2012 14:36 5.679 0.44 117.6 1 4/30/2012 14:35 3.413 0.27 117.6 0 4/30/2012 14:35 6.045 0.47 117.6 7 © 2011 EnerNex. All Rights Reserved. www.enernex.com
24 Hours of Data 24 Hours Individual MTU K 9 i l 8 o w 7 a 6 t t 5 H 4 o MTU 1 u 3 MTU 2 r s 2 1 0 Time 8 © 2011 EnerNex. All Rights Reserved. www.enernex.com
One Hour of Data Chart Title 8 K 7 i l 6 o w 5 a t 4 t 3 MTU 1 H MTU 2 o 2 u r 1 s 0 Time 9 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Physical Impacts 10 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Physical Impacts 11 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Physical Security Risks: Monitoring, Logging, and Retention © 2011 EnerNex. All Rights Reserved. www.enernex.com
Leave Behind © 2011 EnerNex. All Rights Reserved. www.enernex.com
14 What to do? Place into power zone or substation Security screws Treat mobile devices like your wallet Don't advertise (labeling) Encrypt – bus, flash Alarms and logging (that work) © 2011 EnerNex. All Rights Reserved. www.enernex.com
Air Ga(s)p? 15 © 2011 EnerNex. All Rights Reserved. www.enernex.com
16 © 2011 EnerNex. All Rights Reserved. www.enernex.com
What are these? 2099e1ff8a8119093e4dc144736cbe9b Fbd7e2ff9005c42e88b90724710903e2 00000000325108002a8ae5c6f24e1b604f06c793 0000000b1267800298c278c2c4a73471956e144 0000000067e18e009da7972f1fce966f80b8b09b 17 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Anything stand out? <$SYSTEM>=644256565E1E03221A – ;Framework Security File – ; – ;If you get locked out – ;Create a User in <vulnerable system> called “Redacted" – ;with a <vulnerable system> password of “Redacted" – ;add the following line below to the user section of this file – ;<$SYSTEM>=644256565E1E03221A – ;You can now logon as user <$SYSTEM> with a password of "mpco" – ;This block of comments should be removed for greater security – [Users] – Administrator=644256565E12172C1C1A061E1506081B0121 – Engineer=624A5E565E161D261C1A0A0813 – Technician=61465858111610291B1D0C04001A – Supervisor=65491C16151601371C07001F – Operator=61405E580A0316331400001F 18 © 2011 EnerNex. All Rights Reserved. www.enernex.com
What is this? 64 42 56 56 5E 1E 03 22 1A M P C O 64 42 56 56 5E 12 17 2C 1C 1A 06 1E 15 06 08 1B 01 21 A D M I N I S T R A T O R 161D261C1A0A0813 1610291B1D0C04001A 1601371C07001F 0316331400001F 19 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Hope (help) I need your help: – IEEE (maybe an actual best practice?) – NESCOR – NIST-IR – ESC2M2 20 © 2011 EnerNex. All Rights Reserved. www.enernex.com
The Solution 21 © 2011 EnerNex. All Rights Reserved. www.enernex.com
Contact me Slade@EnerNex.com Twitter: @Slad3g LinkedIn: http://www.linkedin.com/in/mcgruff 22 © 2011 EnerNex. All Rights Reserved. www.enernex.com

Recommended

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 

Recommended

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...EnergySec
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesEnergySec
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityEnergySec
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
CIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveCIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveEnergySec
 
CIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopCIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopEnergySec
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 

More Related Content

More from EnergySec

Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...EnergySec
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesEnergySec
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityEnergySec
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
CIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveCIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveEnergySec
 
CIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopCIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopEnergySec
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 

More from EnergySec (20)

Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber Perspectives
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid Security
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
 
CIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveCIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s Perspective
 
CIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopCIP Version 5 Immersion Workshop
CIP Version 5 Immersion Workshop
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
 

The Stories We Could Tell: Lessons Learned From The Field

  • 1. Smart Grid and Control Systems Tales from the field © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 2. About me 2 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 3. What is security? 3 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 4. Why doesn’t this stuff work 4 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 5. Smart Meters So what 5 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 6. Other Smart Meters 6 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 7. Metrology Data mtu Time power cost volts mtu Time power cost volts 1 4/30/2012 14:53 2.324 0.18 117.5 0 4/30/2012 14:53 4.529 0.35 117.6 1 4/30/2012 14:52 1.812 0.14 117.8 0 4/30/2012 14:52 3.88 0.3 117.9 1 4/30/2012 14:51 1.837 0.15 117.8 0 4/30/2012 14:51 3.799 0.3 117.8 1 4/30/2012 14:50 2.141 0.17 117.6 0 4/30/2012 14:50 4.322 0.34 117.5 1 4/30/2012 14:49 2.33 0.18 117.1 0 4/30/2012 14:49 5.951 0.46 117.2 1 4/30/2012 14:48 2.483 0.2 117.4 0 4/30/2012 14:48 6.007 0.47 117.4 1 4/30/2012 14:47 3.164 0.25 116.9 0 4/30/2012 14:47 7.008 0.55 116.9 1 4/30/2012 14:46 3.665 0.29 116.7 0 4/30/2012 14:46 8.064 0.63 116.7 1 4/30/2012 14:45 3.462 0.27 116.7 0 4/30/2012 14:45 8.13 0.63 116.8 1 4/30/2012 14:44 3.457 0.27 116.7 0 4/30/2012 14:44 7.562 0.59 116.8 1 4/30/2012 14:43 3.713 0.29 116.7 0 4/30/2012 14:43 7.631 0.59 116.7 1 4/30/2012 14:42 3.905 0.31 116.5 0 4/30/2012 14:42 8.145 0.63 116.6 1 4/30/2012 14:41 3.405 0.27 116.7 0 4/30/2012 14:41 7.862 0.61 116.8 1 4/30/2012 14:40 2.973 0.23 117.1 0 4/30/2012 14:40 6.566 0.51 117.2 1 4/30/2012 14:39 3.141 0.25 117.1 0 4/30/2012 14:39 5.955 0.46 117.2 1 4/30/2012 14:38 2.696 0.21 117.7 0 4/30/2012 14:38 5.647 0.44 117.7 1 4/30/2012 14:37 2.667 0.21 117.6 0 4/30/2012 14:37 5.588 0.44 117.7 1 4/30/2012 14:36 2.923 0.23 117.6 0 4/30/2012 14:36 5.679 0.44 117.6 1 4/30/2012 14:35 3.413 0.27 117.6 0 4/30/2012 14:35 6.045 0.47 117.6 7 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 8. 24 Hours of Data 24 Hours Individual MTU K 9 i l 8 o w 7 a 6 t t 5 H 4 o MTU 1 u 3 MTU 2 r s 2 1 0 Time 8 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 9. One Hour of Data Chart Title 8 K 7 i l 6 o w 5 a t 4 t 3 MTU 1 H MTU 2 o 2 u r 1 s 0 Time 9 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 10. Physical Impacts 10 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 11. Physical Impacts 11 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 12. Physical Security Risks: Monitoring, Logging, and Retention © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 13. Leave Behind © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 14. 14 What to do? Place into power zone or substation Security screws Treat mobile devices like your wallet Don't advertise (labeling) Encrypt – bus, flash Alarms and logging (that work) © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 15. Air Ga(s)p? 15 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 16. 16 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 17. What are these? 2099e1ff8a8119093e4dc144736cbe9b Fbd7e2ff9005c42e88b90724710903e2 00000000325108002a8ae5c6f24e1b604f06c793 0000000b1267800298c278c2c4a73471956e144 0000000067e18e009da7972f1fce966f80b8b09b 17 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 18. Anything stand out? <$SYSTEM>=644256565E1E03221A – ;Framework Security File – ; – ;If you get locked out – ;Create a User in <vulnerable system> called “Redacted" – ;with a <vulnerable system> password of “Redacted" – ;add the following line below to the user section of this file – ;<$SYSTEM>=644256565E1E03221A – ;You can now logon as user <$SYSTEM> with a password of "mpco" – ;This block of comments should be removed for greater security – [Users] – Administrator=644256565E12172C1C1A061E1506081B0121 – Engineer=624A5E565E161D261C1A0A0813 – Technician=61465858111610291B1D0C04001A – Supervisor=65491C16151601371C07001F – Operator=61405E580A0316331400001F 18 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 19. What is this? 64 42 56 56 5E 1E 03 22 1A M P C O 64 42 56 56 5E 12 17 2C 1C 1A 06 1E 15 06 08 1B 01 21 A D M I N I S T R A T O R 161D261C1A0A0813 1610291B1D0C04001A 1601371C07001F 0316331400001F 19 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 20. Hope (help) I need your help: – IEEE (maybe an actual best practice?) – NESCOR – NIST-IR – ESC2M2 20 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 21. The Solution 21 © 2011 EnerNex. All Rights Reserved. www.enernex.com
  • 22. Contact me Slade@EnerNex.com Twitter: @Slad3g LinkedIn: http://www.linkedin.com/in/mcgruff 22 © 2011 EnerNex. All Rights Reserved. www.enernex.com