Archive for August, 2009

Smart Meter Worm Propagation Sim Videos

August 27, 2009 Leave a comment

As a follow up on his Blackhat presentation ioactive’s mike davis was kind enough posting a couple of youtube videos where he simulated the propagation of the Smart Meter Worm.

The Simulation features 22,000 node smart-meter worm propagation using GPS points gathered from geo-coded home addresses purchased from a bulk mailing list. The simulation takes into account radio range (.001 GPS degrees for this sim) RF drop-off over distance(signal strength) and RF noise as well as packet collisions (to quarter second resolution).

As he mentioned in a recent webcast the 3 simulations below show different propagation rates/speeds as they simulate meters with different radio ranges and different scenarios for the initial worm release location with respect to the rest of the smart meter population.

For instance Meters with longer radio ranges tend to have higher collision rates…etc, thus slower.

You Tube Links:

Video 1
Video 2
Video 3

Energy Employees Fired After Reporting Security Breach

August 27, 2009 Leave a comment

Two senior Lake Worth Utilities employees were fired when they reported an unauthorized computer plugged into the power system’s mainframe on two separate occasions , The decision came after investigations showed that no security breach had occurred. Read Here

So “reporting” a security false positive is now unacceptable !!. I always thought that its part of the corporate culture /security awareness learning curve specially for non-techies. They might have taken it a bit far by taking their concerns to everyone they could think of “Including FBI and Home Land Security” causing a stir but certainly no firing is necessary, in fact it shows that they care.

Corporate Lesson #1: Turn away when you see/suspect a rouge USB or Laptop plugged into the servers

Russian Hackers Attack an Azerbaijani Energy Pipeline

August 26, 2009 Leave a comment

Aviation week reported that Russian hackers attacked servers controlling an energy pipeline carrying gas from Azerbaijan to Europe bypassing Russia. The hacker attacks caused suspension in the pipeline operations, forcing the operating company to redirect the oil through Baku-Novorossiysk Russian pipeline. Georgian websites claim that the attacks had the same IPs as those of Estonian websites DDos during the 2007 Estonian Cyber attacks.

The news are still to be confirmed.

But one question remains : If the reports are correct, Why such a system is accessible from the Internet in the first place ?

More on the story:

Energy-Aware Internet Routing

August 18, 2009 Leave a comment

An Internet-routing algorithm that tracks electricity price fluctuations could save data-hungry companies such as Google, Microsoft, and Amazon millions of dollars each year in electricity costs. By rerouting data to locations where electricity prices are lowest on a particular day. A recently completed research reported Here.

Google Data Centers (US)

Google Data Centers (US)

My Comments:
– A good idea economy wise.
– If the routing algorithm becomes publicly available/predictable, Would it be possible to predict where Google’s main Data will be located/redirected on a given day, making targeted attacks easier and more effective.

The Original MIT research paper is called ( Cutting the Electric Bill for Internet Scale Systems )

Smart Meters Worm -The Presentation from BlackHat 09

August 13, 2009 Leave a comment

The Smart Meters Worm presentation from BlackHat 09 is finally out. Due to some publication restrictions Blackhat released the “redacted” slides about a week after all the other security presentations were made public on the official Blackhat 09 website.

You Can Download the Slides from Here

Blackhat 09

Blackhat 09

Smart Grid Initiatives and Government Intervension World Wide

August 11, 2009 Leave a comment

I’m trying to link Smart Grid Initiatives “large and small” worldwide with global trends of government intervention, mandated compliance, and regulatory frameworks within the concept of “Critical Infrastructure Protection” CIP. In other words, is the world in general leaning towards mandated compliance ? or are we still seeing a fight back in favor of industry self compliance?.

I began by looking at the Smart Meters Projects Map (Created by the Energy Retail Association – UK). I noticed the following:

Smart Meter Projects World Wide

Smart Meter Projects World Wide

– About 32 Countries in Total announced Smart Metering Projects as of 2009 “See Map”, 24 (75% of the total number) reportedly have or are working on CIP programs “with different Maturity levels”.

– I evaluated what’s publicly available on the CIP programs within those 24 countries against the “ International CIIP Handbook“. and mapped the CIP programs against More or Less government Intervention.

Government CIP Involvement

Government CIP Involvement

– It’s clear that we are going towards state mandated compliance with the majority starting off from column DGovernment is a consultant” towards Column BGovernment Clearly mandates clear and Precise CIP Standards“. Except for the United States which starts from Column EIndustry Self Regulation“.
– Although enjoying the strongest momentum, the US might not be the perfect model for the rest of the world, the US road map is certainly different.
– This Blog Visitors map “see top right” show exactly the same 24 countries.

Note: The “Gov/CIP involvement” Diagram is Based on the article “Models of CIIP” by Dan Assaf. Published in elsavier’s “International Journal of Critical Infrastructure Protection” Volume 1. 2008

Security Audit and Attack Detection Toolkit

August 5, 2009 Leave a comment

Department of Energy (DOE) is funding a project known as the (Cyber Security Audit and Attack Detection Toolkit) along with security companies like Digital Bond,tenable security and others, with the aim of releasing SCADA audit templates to be used with security scanners like Nessus, NetIQ and many others ( The templates are issued in OVAL format) see below. to compare security settings in the operating system and applications, including control system applications, to an optimal security configuration developed by the control system vendors like Areva and Emerson, participating companies and asset owners. The audit files will be made available as a paid subscription service.

– Comments:

1. I really think that the audit files “that can check your systems compatibility to NERC for instance” should be open source, free and available to the public. Specially that its a government funded program, at least available to researchers and SMEs who can add, review ,contribute and validate the compatibility checks. I believe this makes more sense than making the actual vulnerabilities and exploits available “check my previous post on nessus and Core Impact” to amateurs. on the other hand The project has a second phase and it includes releasing a tool to aggregate security events from a variety of data sources on the control system network and then correlates the security events to identify cyber attacks. I can see and understand that this is an extra mile and can be a paid service.

2. Using OVAL “Open Source” as the Audit files format is a wise choice, see the list of applicable/compatible products HERE

3. The project is a good indication that vendors are starting to be more involved in cleaning the mess.

More on the project / A fact Sheet ( Cyber Security Audit and Attack Detection Toolkit )

You can see below a list of the currently available Audit files (Source – SCADApedia)

List of Audit files