Transcript Cyber Security for Smart Grids

Cyber Security for Smart Grids
Hem Thukral
Research Officer
ISGF
Cyber Security for Power Systems
• Superposition of the information infrastructure on the electrical
infrastructure
Or
• Convergence of ET, OT and IT
• Hence, an urgent need of injecting resilience and robustness into the grid
– SHAMOON, AURORA, STUXNET
• Before the advent of smart grids – security of industrial systems was
limited to prevention of online attacks
• Today’s scenario – protection of critical cyber assets
– Generation, transmission, distribution, load dispatch centres
• Hence ‘cyber-physical security’ signifies the need of the hour
ICT of the past and today
ICT of the past
• Small attack surface
– Less connectivity
• Less exposure to outside world
• Less number of attack vectors
– Less number of ways in which I can be
attacked
• Different communications media
for audio, video and data
• Motive was well known
– sabotage
ICT of today
• Larger attack surface (info infra + elec
infra = Smart Grid)
– Increased connectivity
• More exposure (smart phones, tablets,
phablets etc.)
• More attack vectors
• Same communications media for
audio, video and data.
• CLICK TO ATTACK option.
– Motive is unknown!!
3
Denial Of Service (DOS) attacks
• When Class 12 results are released, website crashes.
– Many people try to use the site.
– This is called a DOS
• Any attack could have a CASCADING EFFECT:
– Because infrastructure is shared, it is easy to STOP/DENY a service
without entering into a system.
• Eg. If my fiber is shared by 3 companies and ONE comes under
DOS, other 2 companies will also suffer
NCIIPC
•
•
•
•
Govt of India body
Reports to the National Security Advisor (NSA)
Nodal agency responsible for critical information infrastructure
Have identified some critical sectors:
–
–
–
–
–
–
Energy (power, oil, gas)
Banking and finance
Airports
Railways
Space
Defence
Types of attacks
• Internal attacks
– Employee
– Contractor
– Sub-contractor
• External attacks
– Hackers
– Natural disasters
– Man-made disasters
• Motive: revenge, boredom etc.
Definitions
•
•
•
•
•
Privacy
Integrity
Accountability
Denial of service
Zero day vulnerability
– Vulnerability detected and exploited at the same time
– No solution at that point in time
Security risks in SCADA systems
• If one hacks into a SCADA system
– Can trip feeders at will
• Security of SCADA systems is of utmost importance
• SCADA is in the category of being EXTREMELY CRITICAL
– Functioning of a utility depends on SCADA
Stuxnet attack
• A cyber attack targeted at the nuclear program of Iran
• Uranium needs to be enriched for power generation
• A large number of rotating cylinders are used
– At a SPECIFIC frequency
• WHAT STUXNET DID?
– Injected itself using a USB
– Changed the frequency of rotation at will
– Operation of enrichment was adversely affected
9
Modus Operandi
• 1. Infection
Enter into a system
(Stuxnet via USB)
7/18/2015
2. Search
Check whether a given
machine is part of the
targeted industrial control
system
3. Update
If the system isn’t a target
then do nothing.
If its is, then attempt to
access the internet and
download a more recent
version of itself (upgrade)
10
Modus Operandi
• 4. Compromise
Compromise the target
system by exploiting
vulnerabilities
(Stuxnet- Zero day
vulnerabilities; software
weakness that haven’t
been identified by security
experts )
7/18/2015
5. Control
6. Deceive & Destroy
Take control of industrial
control system
Provide false feedback to
outside world
(Stuxnet- Centrifugesmaking them spin
themselves to failure)
Destroy the intended target
11
Some questions
• What are critical and non-critical assets?
– CRITICAL ASSETS: CRITICAL FOR THE FUNCTIONING OF THE ORGANISATION
• Is open source SAFE to use?
– Check source code. Can malware be embedded in a source code?
• Whitelisting/blacklisting?
• Should Wi-Fi be used?
– Can be tapped/intruded from even 5 km!
• Should USB drives be allowed?
• Should I be allowed to access internet on my official computer?
12
Some more questions
• Are logs important to review/analyse?
– IPs are untraceable but PATTERN can be studied to identify
compromised accounts.
• Is it okay to download free movies and songs?
– Still we do it!
CYBER SECURITY IS ABOUT A MINDSET!
WE ARE AWARE BUT STILL STUBBORN!!
13
Some solutions for utilities
•
•
•
•
•
•
•
Classify their assets as critical and non-critical
Do a VTR (Vulnerabilities, Threat, Risk) analysis
Take counter-measures to harden your systems (based on the VTR analysis)
Calculate the residual risks.
Map to financial risks.
Get a sign-off from the SENIOR MANAGEMENT.
Have a INCIDENT RESPONSE PLAN
– Whom to alert? When to alert?
• Have a cyber security policy.
• Review that policy regularly.
• Update if necessary.
14
Conclusion
• Smart grids critically depend on information systems (ICS/ICT) for
their operation
• Hackers, malware, cyber criminals and state sponsored terrorism
pose serious threats to smart grids
• Need more awareness of cyber security
• Holistic and sustainable cyber security program is the need of the
hour to protect smart grids from cyber attacks
• In a smart grid, Cyber-physical security defines the need of the hour
• Social engineering is important – lethargy not a good option.
– Should not download free movies, songs etc.
15
Thank you..
16