Archive for the ‘SMART GRID’ Category

Smart Meter Worm Propagation Sim Videos

August 27, 2009 Leave a comment

As a follow up on his Blackhat presentation ioactive’s mike davis was kind enough posting a couple of youtube videos where he simulated the propagation of the Smart Meter Worm.

The Simulation features 22,000 node smart-meter worm propagation using GPS points gathered from geo-coded home addresses purchased from a bulk mailing list. The simulation takes into account radio range (.001 GPS degrees for this sim) RF drop-off over distance(signal strength) and RF noise as well as packet collisions (to quarter second resolution).

As he mentioned in a recent webcast the 3 simulations below show different propagation rates/speeds as they simulate meters with different radio ranges and different scenarios for the initial worm release location with respect to the rest of the smart meter population.

For instance Meters with longer radio ranges tend to have higher collision rates…etc, thus slower.

You Tube Links:

Video 1
Video 2
Video 3


Energy Employees Fired After Reporting Security Breach

August 27, 2009 Leave a comment

Two senior Lake Worth Utilities employees were fired when they reported an unauthorized computer plugged into the power system’s mainframe on two separate occasions , The decision came after investigations showed that no security breach had occurred. Read Here

So “reporting” a security false positive is now unacceptable !!. I always thought that its part of the corporate culture /security awareness learning curve specially for non-techies. They might have taken it a bit far by taking their concerns to everyone they could think of “Including FBI and Home Land Security” causing a stir but certainly no firing is necessary, in fact it shows that they care.

Corporate Lesson #1: Turn away when you see/suspect a rouge USB or Laptop plugged into the servers

Smart Meters Worm -The Presentation from BlackHat 09

August 13, 2009 Leave a comment

The Smart Meters Worm presentation from BlackHat 09 is finally out. Due to some publication restrictions Blackhat released the “redacted” slides about a week after all the other security presentations were made public on the official Blackhat 09 website.

You Can Download the Slides from Here

Blackhat 09

Blackhat 09

Smart Grid Initiatives and Government Intervension World Wide

August 11, 2009 Leave a comment

I’m trying to link Smart Grid Initiatives “large and small” worldwide with global trends of government intervention, mandated compliance, and regulatory frameworks within the concept of “Critical Infrastructure Protection” CIP. In other words, is the world in general leaning towards mandated compliance ? or are we still seeing a fight back in favor of industry self compliance?.

I began by looking at the Smart Meters Projects Map (Created by the Energy Retail Association – UK). I noticed the following:

Smart Meter Projects World Wide

Smart Meter Projects World Wide

– About 32 Countries in Total announced Smart Metering Projects as of 2009 “See Map”, 24 (75% of the total number) reportedly have or are working on CIP programs “with different Maturity levels”.

– I evaluated what’s publicly available on the CIP programs within those 24 countries against the “ International CIIP Handbook“. and mapped the CIP programs against More or Less government Intervention.

Government CIP Involvement

Government CIP Involvement

– It’s clear that we are going towards state mandated compliance with the majority starting off from column DGovernment is a consultant” towards Column BGovernment Clearly mandates clear and Precise CIP Standards“. Except for the United States which starts from Column EIndustry Self Regulation“.
– Although enjoying the strongest momentum, the US might not be the perfect model for the rest of the world, the US road map is certainly different.
– This Blog Visitors map “see top right” show exactly the same 24 countries.

Note: The “Gov/CIP involvement” Diagram is Based on the article “Models of CIIP” by Dan Assaf. Published in elsavier’s “International Journal of Critical Infrastructure Protection” Volume 1. 2008

Security Audit and Attack Detection Toolkit

August 5, 2009 Leave a comment

Department of Energy (DOE) is funding a project known as the (Cyber Security Audit and Attack Detection Toolkit) along with security companies like Digital Bond,tenable security and others, with the aim of releasing SCADA audit templates to be used with security scanners like Nessus, NetIQ and many others ( The templates are issued in OVAL format) see below. to compare security settings in the operating system and applications, including control system applications, to an optimal security configuration developed by the control system vendors like Areva and Emerson, participating companies and asset owners. The audit files will be made available as a paid subscription service.

– Comments:

1. I really think that the audit files “that can check your systems compatibility to NERC for instance” should be open source, free and available to the public. Specially that its a government funded program, at least available to researchers and SMEs who can add, review ,contribute and validate the compatibility checks. I believe this makes more sense than making the actual vulnerabilities and exploits available “check my previous post on nessus and Core Impact” to amateurs. on the other hand The project has a second phase and it includes releasing a tool to aggregate security events from a variety of data sources on the control system network and then correlates the security events to identify cyber attacks. I can see and understand that this is an extra mile and can be a paid service.

2. Using OVAL “Open Source” as the Audit files format is a wise choice, see the list of applicable/compatible products HERE

3. The project is a good indication that vendors are starting to be more involved in cleaning the mess.

More on the project / A fact Sheet ( Cyber Security Audit and Attack Detection Toolkit )

You can see below a list of the currently available Audit files (Source – SCADApedia)

List of Audit files

Faulty Signal Shuts Down A/C AT 18,000 homes …Remotely

August 2, 2009 Leave a comment

Perhaps in a prelude to one of the Smart Grid most anticipated type of Incidents, About 18,000 Duke Energy customers participating in an energy-saving program saved more energy than expected on Monday evening.The customers are part of the “Power Manager” program that installs a load management switch next to the air conditioner. This radio-controlled device cycles the air conditioner off and on when demand is especially high.

But Monday night, an incorrect signal was sent to the boxes, a Duke Energy spokeswoman said “Instead of cycling, the boxes shut down the units for three hours.” The Incident was announced to be due to a “human error”.

Full Article (Here)

Categories: SMART GRID

Power Lines Can be Used to Steal Data

July 19, 2009 Leave a comment

A recently announced exploit is targeting the electrical grid , with no expensive pieces of equipment required, How to execute these attacks will be demonstrated at the Black Hat USA 2009 security conference in Las Vegas later this month by Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path.

Stealing Keystrokes via Electrical Lines

Stealing Keystrokes via Electrical Lines

In the power-line exploit, the attacker grabs the keyboard signals that are generated by hitting keys. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical system feeding the computer. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say.

The attack proved successful when tapping electric sockets located up to 15 meters from where the target computer was plugged in the researchers say.

“If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,” they say. “Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort,”

Comments: Applying the same technique Can a vulnerable Smart Meter be used to steal data from all the wired Computers in a house ?

Full Article HERE