Feature Article
Addressing Cyber Security Vulnerabilities in the Power Grid Infrastructure
Ken Modeste, Principal Engineer UL The US power grid infrastructure is a vital component of modern society and commerce. However, the growing use of smart grid technologies to improve operating efficiencies and reduce consumption costs introduces new types of security concerns. Information technology and communications systems and devices allow digital and network access to otherwise physically secure facilities. These “logical” access points are just as vulnerable as physical barriers to attack or other malignant activity that could compromise, interrupt or destroy energy production or distribution. The potential impact of a power outage due to a cyber threat can perhaps best be measured by power system failures attributable to other causes. The August 2003 power outage in the northeastern US left as many as 50 million Americans in the dark for up to two days, and cost an estimated $6 billion. Some industry experts have estimated that Internetbased terrorists launching a cyber attack on the power grid infrastructure could cause blackouts lasting as long as nine to 18 months. This article discusses some of the key vulnerabilities of the logical and physical access points in the power grid infrastructure, as well as the technologies and mechanisms currently available to reduce cyber security risks. Specific risk-reduction measures discussed include biometrics, intrusion detection, video management systems and analytics, network penetration testing, security audits and assessments and intrusion prevention and detection measures. The specific areas within a power grid infrastructure where the use of smart grid technology can introduce security vulnerabilities are: 1. Design vulnerabilities in commercial off-the-shelf products 2. Implementation vulnerabilities in use of technology products 3. Secure communications 4. External infrastructure attacks 5. Internal infrastructure attacks 6. Availability and integrity Commercial off-the-shelf products typically use technologies that have known and unknown design security vulnerabilities. Although the introduction of such design vulnerabilities is mostly unintentional, manufacturers must have procedures in place to test for and identify such vulnerabilities, and to address them. Procedures include the implementation of software patches, but such patches should be evaluated to determine that they do not create new vulnerabilities or undo previously applied fixes. Addressing known design vulnerabilities in control system equipment requires a different approach than addressing issues found in other types of equipment. Any remedy designed to address control system vulnerabilities must account for the unique uptime requirements of such equipment. Manufacturers of control system equipment should also have a mechanism in place to identify known vulnerabilities in equipment that has already been deployed, and a plan to address that equipment. Finally, power utilities and system operators must remain vigilant for information from equipment manufacturers and other sources about potential design vulnerabilitie, and have plans for dealing with potential events. Anticipating the possibility of such events and developing contingency plans to minimize their impact, can reduce overall risk.
10
www.RemoteMagazine.com
How does a manufacturer evaluate products for unknown vulnerabilities? One of the most common software vulnerability tests is “fuzz” testing or “exception” testing, which involves observing the behavior of a device that has received malformed and invalid data. Product defects or vulnerabilities uncovered in this way can render a product susceptible to intrusion. Although fuzz testing takes time, it provides an important measure of the overall robustness of a device or system. Executing common vulnerability tests that are public knowledge can also identify unknown vulnerabilities. A “denial of service” attack, for example, is common, and any new product should be tested for its vulnerability to such an attack. Another approach is to examine similar devices or equipment and assess known vulnerabilities with those products. For example, a manufacturer of a wireless base station can evaluate other wireless base stations using the same technology, and assess known vulnerabilities already found in those products. This kind of investigation can often provide clues about unknown vulnerabilities in new products. Evaluating and addressing potential vulnerabilities during the product design phase is ultimately the most efficient and cost-effective method for dealing with security issues. IEC 62443-2-4 (part of the standard series IEC 62443 Industrial communication networks – Network and system security) includes a security review of the manufacturers development environment that can address security issues at the design stage. Most products and software available today offer features that can create security flaws when either enabled or disabled. The deployment of multiple devices, computers and software, each with numerous configurations options, can create a fertile environment for major security vulnerabilities. There are a number of ways to mitigate security risks associated with implementation. Standard password rules should always be employed, and default or factory passwords should always be changed. Any software that is not essential to perform the required function should be disabled or removed from a system altogether. In addition, power system operators can also conduct independent security assessments including network penetration testing, penetration testing of specific vendor equipment and a review of audit logs and security policies. Whether conducted by internal resources or by qualified, third-parties, such security assessments can identify deficiencies in the implementation of products and software and provide the information required to strengthen system defenses. Communications with the power grid infrastructure by means of public, non-dedicated media are susceptible to eavesdropping and tampering, and the encryption of communications is essential to ensure overall security. Although encryption of low-bandwidth communications can present a challenge for older systems, the higher bandwidth communications available with smart grid technologies makes encryption a viable option. The large number of potential communications connection points in a distributed network within the power grid infrastructure creates unique encryption challenges. Public key infrastructure (PKI) cryptography can be used to secure communications channels and offers safeguards against compromised systems if the keys used within PKI are lost or discovered
Unknown Design Vulnerabilities
On Overview of Smart Grid Vulnerabilities
Implementation Vulnerabilities
Known Design Vulnerabilities
Secure Communications
http://www.RemoteMagazine.com
Table of Contents for the Digital Edition of Remote - Summer 2012