At Issue: How to Protect the Smart Grid From Cyberattacks

Electricity systems and the smart grid are becoming big targets for hackers. Photo courtesy sylvar / Flickr CC

October 31, 2011 By

Vehicles speed toward a railroad crossing as a train approaches. But the warning lights stay off and the gates remain open. Traffic signals blink out at numerous busy intersections, snarling traffic for miles. Pressure in a residential gas line spikes but sensors fail to warn the utility. A nuclear power plant overheats but the safety systems indicate things are normal.

Such systems — termed Supervisory Control and Data Acquisition (SCADA) — run unnoticed when functioning properly, but a malfunction can mean catastrophe. And now, added to the normal vulnerabilities in any mechanical or electrical system, are some new threats. These systems are now targets of cyberattacks from individual hackers, groups with some social or political agenda — even nations intent on creating havoc.

The threat is not science fiction. In an experiment caught on video and released on the Internet, an electrical power generator is hacked and damaged remotely. According to CNN, the experiment, dubbed “Aurora,” was conducted in 2007 by the U.S. Department of Energy. “DHS acknowledged the experiment involved controlled hacking into a replica of a power plant's control system,” said a CNN article. “Sources familiar with the test said researchers changed the operating cycle of the generator, sending it out of control.”

For more than 10 years hackers have managed to disrupt, damage or stop the operation of critical infrastructure. A report from the Black Hat information security conference outlines some of the better-known incidents. In 2000, hackers gained control of Russia’s Gazprom natural gas pipeline network, and in 2003, a worm attack shut down an Ohio nuclear power plant safety system. And computers seized in Al-Qaeda training camps had data on SCADA systems for dams and other infrastructure.

According to one industry paper, less well-known but more insidious attacks have been occurring for at least five years. Perhaps the most sophisticated attack of all was a Stuxnet worm attack on Iran’s uranium enrichment program, blamed by some on the U.S. and Israel.

In September, the Department of Homeland Security released a bulletin warning of threatened attacks on infrastructure by so-called “hacktivists.”

So what can utilities and local governments do to reduce vulnerability? One common-sense approach is to avoid exposing these systems to the Internet. A tutorial by DPS Telecom says: “For security reasons, SCADA data should be kept on closed LAN/WANs without exposing sensitive data to the open Internet.”

But removing SCADA networks from the Internet might prove expensive. “Using the Internet,” reads another industry report on the subject, “makes it simple to use standard Web browsers for data presentation, thus eliminating the need for proprietary host software. It also eliminates the cost and complexity of long-distance communications.”

As systems become more complex, intelligent and networked, some security problems may be solved while others are created. Larry Karisny, a frequent contributor to Digital Communities on the subject of the smart grid, answered some questions about this arcane but essential subject.

Digital Communities: How does one differentiate between all the different types of industrial control systems?

Karisny: The capabilities between these systems are beginning to blur in functionality as the technical limits that drove the designs of these various systems are no longer as much of an issue. From legacy telephony connections to small embedded controls attached to an industrial computer via a network, we are entering a whole new world in critical infrastructure system design. When you start interconnecting these system design functions you start detecting existing security problems or need to find new ways to secure these needed power-grid upgrades.

Historically weren’t SCADA systems closed and very hard to penetrate? For example, to disrupt the electrical supply in the past, someone would have to attack the physical components?

One of the biggest fears of power grid attacks is physical. When reviewing the components of the power grid, there were potential single-operator catastrophic physical vulnerabilities found in facilities. With a single lock on a door and no way of viewing the operator, video cameras are now put in power grid locations — understanding that even physical components and human intervention can add to security vulnerabilities. Some of the most catastrophic power generation failures were caused by a combination of equipment failure and operator error and/or human error. Adding intelligence to SCADA systems can actually offer instantaneous information that could detect and detour catastrophic energy production errors. Keeping the power grid dumb is really not an option in securing today’s power grid.

Some say, “For security reasons, SCADA data should be kept on closed LAN/WANs without exposing sensitive data to the open Internet.” Is that principle being violated? If so, why?

I recently participated in a webinar Duqu, the Precursor to the Next Stuxnet hosted by Security Week with Kevin Haley, director, of Symantec Security Technology and Response. Interestingly some SCADA system breaches in Europe were stand-alone closed systems. With investigations still in process, even these seemingly closed systems were breached without access from outside networks.

As for open Internet connecting to sensitive data, the answer is not just “Don't put Internet access in” — but also keep it out. I was in an SRI International research extension and showed the research facility director 10 SSID’s capable of campus wireless Internet access, including an unsecured connection from the coffee shop down the street. Add this to your closed LAN/WAN port access with some SCADA OS [operating system] software offering backdoor vulnerabilities, and what you consider a closed system may not be closed at all.

Some regions are rolling out smart-grid projects which provide feedback to households so customers can adjust energy use, get better rates at off-peak hours, and even generate their own power and feed it into the grid to “run the meter backward.” Won't all these additional network access points increase the vulnerability of the grid to hackers?

The main business case for adding intelligence to the power grid (smart grid) was based on collecting electrical demand-side usage information. By knowing peak and off-peak electrical usage (combined with rewarding or penalizing end-user habits) peak power production capital overbuilds and production operational costs could be greatly reduced. Some estimates showed that power production could be reduced by as much as 30 percent, sometimes completely eliminating the need of building a new power plant to the grid.

In addition, if new alternative energy resources were to be added to the power grid there needs to be measured intelligence capabilities to credit the addition of these new energy sources. Without adding intelligence to the electrical demand-side network edge, these demand-side benefits in our current power grids could not be achieved.

As millions of smart grid edge devices (smart meters) were deployed, security concerns became an issue. These security concerns are nothing new to power companies. Legacy electromechanical meters have been run backward for years and are one of the main reasons (preventing electrical theft) China and India are upgrading to smart meters. We need to add network edge intelligence to our power grids while securing the collection of information from the device chip set to the local power-grid data collector. Connecting millions of these smart meters with end-to-end security needs to be done and can be. Smart grid networks should be designed to limit potential network demand-side breaches while isolating internal SCADA systems and networks from demand-side systems and networks.

What can local governments do to lower the vulnerability of critical city and county utilities and other SCADA-managed systems?

Power companies are not the only entities needing to upgrade security for their SCADA systems. SCADA is used in many critical infrastructure systems including manufacturing, production, power generation, fabrication, refining, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, public safety, civil defense, large communication systems, buildings, transportation systems, airports, ships and even space stations. As these systems begin to connect to other control systems they all need one thing in common: a private local wireless and secure IP network.

With tight city and county budgets, building a private IP network for most cities and counties is out of the question. Collaboration with multiple government agencies and private-sector communication entities needs to occur if they are to accomplish the building of this secure network supporting critical infrastructure systems and applications. Building a network for the smart grid offers a big opportunity here. The power company could be the seed anchor tenant because it already owns massive communication fiber-optic and wireless infrastructures and has deep pockets in capital investment for supporting these needed local network upgrades.

Cities and counties have the relationships with the power companies and sometimes even publicly owned assets to support these network build-outs. The smart grid should be viewed as the first step in building the networks we need in securing local SCADA critical infrastructure. Collaboration by the public and private sectors can make this happen. In addition, edge security solutions available today could allow the economical and secure sharing of these needed local wireless IP networks for multiple users and applications. These steps would address the vulnerabilities while reducing the costs of these critically needed security requirements of city and county critical infrastructure.


The Stuxnet 2, Coming to a SCADA System Near You!

Smart Grids 4
Smart Grids

Hackers Target Critical Infrastructure

October 26, 2011 By

With a new Stuxnet 2 (W32.Duqu) now found and the Department of Homeland Security warning of a possible security attack by Anonymous, it probably is a good start to define some security solutions to protect these critical infrastructure targets. Breaching these supervisory control and data acquisition systems (SCADA) could bring our country’s safety and economy to their knees.

One good thing that came out of designing intelligence for the smart grid was we that had to take a look at how to securely integrate some old, transitioning and new-grid technologies into stand-alone, local or regional control centers. A big part of these control centers are SCADA systems that monitor and control industrial, infrastructure and facility-based processes. These control systems in many more areas than the power-grid facilities. They can be found in manufacturing, production, power generation, fabrication, refining, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense sirens systems, large communication systems, buildings, airports, ships and space stations, just to name a few. Some of the debilitating security warnings that were found in the smart grid unfortunately are not limited just to power-grid SCADA infrastructure.

No matter how new or old the technology, there are tremendous concerns about how to secure these core supervisory control systems and their interconnected intelligent networks. Whether physically pulling down a mechanical switch, pushing a button on an electromechanical device or operating an intelligent smart grid from a centralized network operation center
(NOC) — they all have inherent security vulnerabilities. There are those who say that we should delay any digital intelligent modernizing of our power grid. So while moving forward, we need to do this in stages, watching security at every point.

Richard Clarkes bookCyber War warns of cyber-attacks on the smart grid but also demonstrates an existing ability to breach and take down our legacy power grid infrastructure. Simply doing nothing is not an option in securing the power grid or any critical infrastructure. Countries like India, China and Brazil are moving forward with smart-grid deployments as fast as they can. They recognize the benefits that intelligent networked systems would offer in eliminating power theft while improving their global energy cost competitiveness. They see these benefits far outweighing any catastrophic system security breach and have massive smart-grid deployment in process. So what are the real answers in addressing critical infrastructure security today? Just three things need to be done, and they need to be done simultaneously.

Evaluate Current Security Vulnerabilities

From physical security, to legacy and extended networks, there is a lot of work to be done to address critical infrastructure security. Critical infrastructure facilities can't just hunker down and hope an attack doesn't happen. From simple personal procedures to complete intrusion detection studies, the potential vulnerabilities must be targeted before they are breached. There are automated methodologies that are being developed, though, that may rapidly address these requirements.

To expedite and future-proof security evaluations, Sensus, EnerNex and the Oak Ridge National Laboratory (ORNL) are working on an advanced security demonstration project called the Automated Vulnerability Detection system (AVUD). This project is aimed at developing a cyber-security system for smart energy meters and other advanced grid technologies. The project will use a Function Extraction (FX) technology evaluation platform developed by ORNL to find and fix security issues before they actually cause problems. The initial project is targeting advanced meter infrastructure (AMI) systems. With millions of smart meters ready to deploy, this can't happen soon enough.

Focus on Prevention

If there was ever a security industry award for the best metaphor, the word “virus” perfectly explains what can happen without preventive measures in systems and network security. Just like measures against colds and flu, it seems we are now beginning to focus more on prevention than detection. This is why intrusion prevention systems (IPS) are so critical in SCADA systems. IPS can securely cloak systems with frame-to-frame encryption even to the layer 2 level. This could eliminate port and application vulnerabilities right down to the device chip set. It can eliminate man-in-the-middle (MITM) spoofing/sniffing risks or denial-of-service (DoS) vulnerabilities while enabling strong security on even legacy devices.

Because IPS is inline with the traffic flows on a network, it can shut down attempted network edge attacks, stop attacks by terminating the network connections or user/device session origination. Attack responses can include targeting from the user account, IPS address or other attribute associated with that attacker, or blocking all access to the targeted host, service or application. It seems like an obvious first choice. Don't let the security breaches in.

Detection and Prevention a Natural Mix

Then there is an intrusion detection system (IDS). This system is passive, watching packets of data traverse the network from a monitoring port, comparing the traffic to configured rules, and setting off an alarm if it detects anything suspicious. With Stuxnet 2 (W32.Duqu) now a big concern, we need systems that can detect these now more serious security attack methodologies. These new attacks are now targeting information for SCADA systems used to control machinery and other key critical infrastructure operations.

Although IDS has great value, just seeing the problem is not enough. There must be system security solutions put in place to immediately react to security breaches. This is why bundling both IPS and IDS solutions together seems to be the direction many companies are taking in their security product lines, including recent corporate mergers and acquisitions.

In Conclusion

The AVUD project by Sensus, EnerNex and the Oak Ridge National Laboratory is a good sign of public-private sector cooperation in addressing critical infrastructure security. There has been too much oversight and finger pointing in the past and not enough action. Hopefully the responsible collaboration will be used as a model of how to work together in securing our critical infrastructure. This sure will be different than the “build first, then secure it” methodologies that have been so prevalent in the past. Look at security first and prepare for the future security risks. This is almost too good to believe.