The document discusses the concept of smart grids, emphasizing their reliance on advanced technologies and communication systems to efficiently manage electricity demand. It highlights the importance of cybersecurity, detailing various threats like hacking and malware attacks on smart grid infrastructure, along with proposed defense strategies. The document concludes with recommendations for enhancing security and managing risks, advocating for comprehensive planning and collaboration with security experts.

1. SMART GRID
SECURITY

2. Who am I ?
 Falgun Rathod
 A Security Researcher
 An Investigator
 Managing Director & Founder – Cyber Octet
(P) Ltd.
 Co-Chairman – PR Group of Companies
(Cyber Octet (P) Ltd. & Elecorev Technogies
(P) Ltd.)
(IT & Security) (Electronics & AI)

3. SCADA

4. Automated Metering Infra

5. What‟s a “Smart Grid?”
 Smart Grid is a developing Network of new
Technologies, equipment, and controls working
together to respond immediately to our 21st
Century demand for electricity.
 Technology Used
 Integrated Communication
 Sensing
 Smart Meters
 Phasor Measurement Units
 Advanced Components
 Advanced Control
 Decision Support System
 Smart Power Generation

6. What‟s a “Smart Grid?”

7. SmartGrid

8. GAO Report – Released January 2011

9. Another View – Smart Grid
Communications Network
Sensors Regulatory Policy
and and Rule- making
Grid Control Enhanced
Plug In Electric Flexibility & Control Congestion
Hybrid Vehicles Management
Guided By…
Distributed
And Renewable
Energy
Energy
SGCN Results… Efficiency
Demand
Response
Supported By…
Data, Analytics,
and Information
Smart Meters and
Communications Security
Open and
Ubiquitous
New Communication
Devices Voltage
and
Systems Stability
Generation Custom
Applications Enterprise
Integration

10. Evolution of Electrical Utility Risks
PAST PRESENT NEAR FUTURE
HARD-WIRED CONTROL SCADA / RF ENABLED SMART GRID / RF PERVASIVE
 Most controls are “hard  Intense financial  Control inside-the-home of all
wired” AND require pressure to reduce appliances
manual intervention staffing; hence more  Wide use of 802.x, ZigBee, X10
“remote” RF methodologies
 Lesser public
availability of RF  Computerization and RF  Uncertain Software Provenance,
devices control common in all Packaged Code and Offshore
industries Development Zero-Day Attacks
 Little capability for
damage to or financial  Project implementation  Increased organized crime/
benefit from RF attacks excellence not always terrorist focus
followed by outstanding
 Cost-plus charging – “If security operations  Potential for damage to, and
we need it, we‟ll do it! If “net” theft by, every customer
we can‟t do it, we‟ll buy  SCADA hacking can
it!” cause  Revenue/Risk Asymmetry for
„ “wholesale” damage each customer
 Clear regulatory and to neighborhoods and  Transition to IP and Windows
financial landscape equipment “Monoculture” for RF devices
 Uncertain regulatory,  Increased public and regulatory
audit, and liability Scrutiny
landscape

11. GRIDS can be Hacked :P

12. Overview of Cyber Security – Threats
Admin Operator
Perform
SQL
Admin
ARP Scan
EXEC
Opens Email
Send e-mail
with Malware
with malware
Acct Operator
Internet
4. 1. Hacker sends anan ARP (Address
Hacker performs e-mail with malware
Resolution Protocol) Scan Master
2.E-mail recipient opens the e-mail and the
DB
5. Once the Slaveinstalled quietlyfound, hacker
malware gets Database is
3. Using the information command
sends an SQL EXEC that malware Slave Database
gets, hacker is able to take control of the e-
6. Performs another ARP Scan RTU
mail recipient‟s PC!
7. Takes control of RTU
Example from 2006 SANS SCADA Security Summit, INL

13. Overview of Cyber Security – Threats
Cyber
Penetration
Attacker Communications
Controls the
Performs Network
(WAN)
Head End
Remote
AMCC
Attacker Disconnect
(Advanced Metering
Control Computer) Communications
Network
(WAN) Retailers
3rd Parties
AMI WAN AMI WAN AMI WAN
Data Management
Systems
(MDM/R)
U N IV ER S IT Y
Example from AMRA
Webinar, Nov ’06
“The Active Attacker”

14. Cyber Security Challenges
 The challenge is complex and continuously
changing
 Legacy systems need to be protected
 Number and geographic location of end points
 Relationship to physical security
 Systems are 7x24 and critical
 The human element / social engineering

15. Cyber Solutions - Defense in Depth
 Perimeter Protection
 Firewall, IPS, VPN, AV
 Host IDS, Host AV
 DMZ
 Physical Security
 Interior Security
 Firewall, IDS, VPN, AV
 Host IDS, Host AV
 IEEE P1711 (Serial Connections)
 NAC
 Scanning IDS Intrusion Detection System
IPS Intrusion Prevention System
 Monitoring
DMZ DeMilitarized Zone
 Management VPN Virtual Private Network (encrypted)
 Processes AV Anti-Virus (anti-malware)
NAC Network Admission Control

16. “LAYERS” OF CONCERN

17. Physical Layer Security
 Natural Disasters
 Snow Storms
 Hurricanes
 Solar Flares
 Geomagnetic Storms
 Earthquakes
 Flooding
 Volcanoes
 Recognize that Location of the Smart
Grid Components Can Be Affected by
the Surrounding Environment

18. Physical Layer Security (2)
 Steal the Meters – Sell the Devices
RESPONSE: METER “LAST
GASP” ALERTS WHEN
DISCONNECTED

19. Physical Layer Security (3)
 Tamper with the Meter
 Cause Meter to Stop Reading - Disconnect
 Cause Meter to Mis-Read (or Reverse)
 Inject Malware
 Modify Encryption
 Modify Authentication Mechanism
• July 2009 – Black Hat Conference
• IOActive, Seattle InfoSec Firm
• Proof of Concept – 24 Hours Caused 15,000 of 22,000
Home Smart Meters Taken Over by Malware/Worm

20. Physical & Cyber
 Opening the Meter
 Accessing Exposed Ports and Connectors
 Intercept Data Between Microcontroller and Radio
 Infrared Port Attack/Hack

21. Cyber Layer Security
 The Biggest Opportunity for Trouble
 “The Last Mile” Issues
 Remember – Added Complexity Causes Concerns

22. “Last Mile”
 Broadband Power Line
Systems
 Power Line Carrier
Systems
 Public Switched
Telephone Network
(PSTN)
 Cat5/6 Network
Connection
 Radio Frequency
 WiMax
 ZigBee
 6LoWPAN
 802.11x
 Cellular
(CDMA/EVDO,
GSM, LTE)

24. Cyber Attacks
 Remember C I A
 Confidentiality Attacks
 Reading, “Sniffing” the data
 Integrity Attacks
 Changing the Data
 Availability Attacks
 Denial of Service – Prevent Use of Service

25. Confidentiality Attacks
 Buffer Overflow
 Inject Data that is too “Big” for the Meter/System
 Predominantly Caused by Bad Software Development
 Snooping / Sniffing
 Reading / Capturing the Data between Meter and Collector and Vice Versa
 Also Internal to Meter Between Microcontroller and Radio
 A Reason for Encryption – “Cleartext is Bad”
 Hacking the Encryption
 Some Protocols Easy to Break
 Causes – Weak Keys, Weak Protocols, Weak Initialization Vectors
 Man-in-Middle Attack
 “Bit Flipping” Attacks (Weak Integrity Functions)
 Breaking Into Password Storage on Devices
 “Race Condition” Exploits
 A race condition is of interest to a hacker when the race condition
can be utilized to gain privileged system access.

26. Integrity Attacks
 Key: Change the Data
 Replay Attacks (Man-in-the-
Middle)
 Why?
 Change the Bill (Up or Down)
 Modify Usage Data
 Use Data for Fraud
 Use as Alias
 “Gee Officer, I wasn‟t home that night!”

27. Availability Attacks
 Denial of Service (DoS) Attacks
 Examples: Georgia Cyber War, Estonia Cyber War
 Spoofing
 Pretending You are Another Meter
 Meter Authentication Weaknesses
 Manipulate Meter to Collector
Or
 Manipulate Collector to Meter
 Name Resolution Attacks
 Meter Name Cache Poisoning
 Denial of Service Attacks Against DNS Servers
 Reroute Meter Traffic to Another Meter or Collector or Network
 Hold Ransom
 Before Super Bowl?
 Over a Community/Neighborhood?
 Wartime Reserve
 Chipset Backdoor “Pre-Attack” in Smart Meters
http://www.aclaratech.com/AclaraRF/PublishingI
mages/starsystem_th.jpg

28. Privacy Attacks
http://www.dora.state.co.us/puc/DocketsDecisions/DocketFilings/09I-593EG/09I-593EG_Spring2009Report-SmartGridPrivacy.pdf

29. Privacy Attacks (2)
 Determine Lifestyles
 Determine Best Time to Rob
 Use Info to “Sell” Services (e.g., “I‟m here to fix your broken
refrigerator, Ma‟m!)
http://www.baystatetech.org/graphics/major-app.jpg

30. STORAGE ISSUES
A Paradigm Shift Microsoft Clip Art Online
www.smartgridnews.com
Today’s Environment The Future Smart Grid
Analog Meters or Simple Digital Meters “Smart” Digital Meters & “Smart”
Manually Read or Use “Drive By” Reading Sensors
Read Monthly (or Less Frequently) Automatic Reading
Read Every ~15 Minutes or More
Minimal Data Accumulation
Frequently
Simple Data Fields – KWH Used Since “Data Avalanche!” – Numerous Data
Last Reading Fields and Classes
www.smartgridnews.com
Circuit Breaker Relays – ENHayden
ENHayden - Used -- Used with
with Permission Permission

31. Storage Considerations
Costs for More Data Centers and Storage
Error Handling
Data Analytics and Business Intelligence Resources
Security of Data – Static and Dynamic…
Stored or in Transit
Privacy of Data – Consider EU Privacy Laws
Consumer Education Requirements
Auditing, Reporting, Regulatory Impacts

32. What To Do?
 #1: DON‟T GIVE UP!
 #2: DON‟T IGNORE THE THREATS!
 #3: LEARN AND STUDY – DO THREAT MODELING
 #4: INCLUDE SECURITY, IT, UTILITY OPERATIONS
IN PLANNING AND SOLUTION DEVELOPMENT
 #5: WORK WITH SECURITY EXPERTS
& CONSULTANTS
 #6: ASK HARD QUESTIONS
 #7: BUILD DEFENSE-IN-DEPTH IN EVERY PHASE
OF
YOUR SMART GRID SOLUTION
 #8: INCIDENT RESPONSE SET UP, PRACTICED
 #9: STORAGE – PLAN, IDENTIFY CONTINGENCIES,
LOOK OUTSIDE THE BOX
 #10: INCLUDE SECURITY EARLY, OFTEN

33. QUESTIONS?

34. Thanks
 You can mail me on falgun911@gmail.com for
related queries.