copyright © sel 2002 critical infrastructure interdependencies and emerging threats to electric...
TRANSCRIPT
Copyright © SEL 2002
Critical Infrastructure Interdependencies and Emerging
Threats to Electric Power
Dr. Edmund O. Schweitzer, III
Schweitzer Engineering Laboratories
Portions of this work were funded by grant #60NANB1D0116 from theNational Institute of Standards and Technology, U.S. Dept. of Commerce.
Cyber Attacks Against Electric Utilities
Several Attacks on Utility Financial Systems Environmentalists Caught Hacking Utility IT
System Recreational Hackers Took Over Utility
Server to Play Games Insider Threat Against Texas Power Grid Insider Caught Hacking British Nuclear
Power Station Controls Cal-ISO Hacked via China Telecom
Infrastructure Interdependency Studies
NSA “Eligible Receiver”Power, banking, finance, transportation, and defense all interrelated and at risk
DOE “Black Ice”Simulated 2002 Olympic attack shows telecomm, water, gas, and transport failures
Sandia National Lab SimulationsCascading small events worse than massive event
More Attacks to Come
30 to 40 Attack Scripts Posted on Internet Every Month (ITL Bulletin, NIST)
13 Countries With Nationally Sponsored Information Warfare Efforts (G. Tenet, CIA)
Increasing Electronic Attacks in North America (IA Newsletter, DOD)
Utilities Suffer More Attacks Than Manufacturing (Riptech, Inc.)
SEL Passwords First in Digital Protective Relays Best in Digital Protective Relays P(90,6) = 906 = 531,440,000,000 Password
Combinations
SEL GE-UR Siemens7SA511
Alstom LFZR
ABB 2000R
Siemens 7SJ600
(#char, length) P(90,6) P(10,10) P(10,6) P(26,4) P(14,4) P(2,3)
Combinations 531 B 1 B 1 M 456 K 38 K 8
Access Levels 2,3,4 2 1 2 2 1
Password Defaults
OTTERTAIL
null 000000 AAAA 0000 -+-
SEL History of Security
First Microprocessor Relays: 1984
Password Protection From “Day One” Access: 3x wrong alarm
2access: every attempt alarm
Monitor Your Alarm Contacts!
Last 3 Years: Campaign for Awareness
“Concerns About Intrusions Into Remotely Accessible Substation Controllers and SCADA Systems”
“Safeguarding IEDs, Substations, and SCADA Systems Against Electronic Intrusions”
“Tools for Protecting Electric Power Systems From Electronic Intrusions”
SEL Campaign For AwarenessConference Papers on www.selinc.com
“Using Passwords to Secure Relays, Controllers, and SCADA Systems From Unauthorized Access”
“Setting and Using Secure Dial-Back Modems With SEL Relays and Communications Processors”
“Low Cost Authentication Devices for Secure Modem and Network Connections”
SEL Campaign For AwarenessApplication Guides on www.selinc.com
Safeguarding IEDs, Substations, SCADA, and Information Systems Against Cyber Attacks and Electronic Intrusions SEL University Seminar
Industrial Applications of Information Security to Protect the Electric Power Infrastructure National Institute of Standards and Technology
Critical Infrastructure Protection Grant
SEL Campaign For AwarenessSeminars and Research Projects
NIST Critical InfrastructureProtection Grant
SEL – Research Lead, Primary Contractor
WSU and UI – Subcontractors
Five Grant Objectives
1. Harden substations
2. Apply Internet protocol security
3. Assess security and survivability
4. Prototype secure information infrastructure
5. Foster InfoSec awareness in utilities
Electronic Access Vulnerabilities
Netw orkInterface
SubstationController
Remote SCADA
ATM / Fram e Relay
Local Control
IED
IED
IED
IED
IED
Netw orkInterface
Remote Access
Router
Modem
Router
Remote Access
5
4
Internet
1
3
2
Telecomm
Remote Access
Modem
Securing Substation Communications
Netw orkInterface
SubstationController
Remote SCADA
ATM / Fram e RelayIED
IED
IED
IED
IED
Netw orkInterface
VPN Router
Modem
VPN Router
Remote Access
Internet
LockCrypto
Remote Access
Crypto
Crypto
Crypto
Crypto
Local Control
Crypto
Telecomm
Remote Access
Modem
Key
Low Cost Authentication Devices
Proximity Reader and Badge Token Key Generators
Programmable Buttons Fingerprint Scanner
Low Cost Secure Modem Devices
Modem Key / Lock
Matched Crypto-Modems
Programmable Password-Controlled Modem
Protect Your SystemsStop Accidental / Deliberate Mis-Settings
Physical Access Controls
Access Warning Statements
Verify Settings (e.g., “Are You Sure?”)
Two-Tiered Controls (Show / Set)
Electronic Red Tags
Electronic User Authentication
Password / PIN Access Controls Teach password / PIN security Advocate strong passwords Monitor compliance
Different Passwords / PINs for Differing Locales, Equipment, and Systems
Protect Your SystemsStop Unauthorized Access
Change Password / PINs Immediately Upon Contractor installation and / or
maintenance
Suspected intrusions
Personnel turnover or conflict
Protect Your SystemsStop Unauthorized Access
Protect Your SystemsDetect Intrusions
Monitor Events for Intrusion and Functionality
Monitor Alarm Contacts
Audit / Access Logs
Automate Alarm Responses Audio and visual indicators Auto-transmit warnings
Protect Your Systems Stop Network Attacks
Multifactor Authentication / Access Control
Automated Lock-Outs
Proactive Log Analyses
Separation of Functionality
Data Packet Encryption
Protect Your Systems Stop Network Attacks
Virus Scanners
Firewalls
Intrusion Detection Systems
Internet Protocol Security (IPSec)
Virtual Private Networks (HW or SW)
Public Key Certificates
Open IssuesWill RTO’s Affect Reliability?
New Management Layer
More People Involved
Bigger System to Operate
New Single Point of Failure / Attack
Population and Load Growing
Generation Not Near Loads
No New Line Construction in 15 Years
T&D Pushed to Critical System Limits
Open IssuesTransmission Shortage
Industry Action Items
Recognize the Problems
Campaign for Awareness
Apply Information Security Principles
Test Fail-Over Systems and Emergency Services
Promote and Build New Transmission Lines
Design Redundant Controls and SCADA Systems
Social Effects of Inaction Loss of Economic
Opportunity
Higher Energy Prices
Less Reliable Service
Jeopardize Critical Infrastructures
Hurts the Poor and Vulnerable the Most