Slashdot Mirror
Smart Grid Computers Susceptible To Worm Attack
narramissic writes "Researchers with security consultancy IOActive have created a worm that could quickly spread among Smart Grid devices, small computers connected to the power grid that give customers and power companies better control over the electricity they use. '[The worm] spread from one meter to another and then it changed the text in the LCD screen to say "pwned,"' said Travis Goodspeed, an independent security consultant who worked with the IOActive team. In the hands of a malicious hacker, this code could be used to cut power to Smart Grid devices that use a feature called 'remote disconnect,' which allows power companies to cut a customer's power via the network. The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people."
Pwned! Power nazi say... no electricity for j00!
This game will waste your life. Don't clicky!
I know about these.... they're running windows XP, and are on modems. They call in every now and then to get get updates from the main network.... its' the power grid from the future? More like 1990.
...they will come.
How long before there is a brisk trade in black-market meters and the little seals to make them look official? The power co owns the meter... I suspect making a filter will be unworkable ;)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If this were to happen on a large scale, large enough where I'd be without power for days, I have no problem breaking the seal on my meter and bypassing the damn thing until the power company comes by and fixes it properly.
It wasn't a glitch, it was negligence! Cheap cost cutting measures, enabled by foolish deregulation: Trees were not trimmed around critical power lines, the lines were cut by falling branches, and then a cascading failure spread through the grid.
You can't take the sky from me...
Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, Pennell said.
Let me get this straight. Pennell wants the bug to kept undisclosed because it will be too expensive for the utilities to fix. Yet, someone whose clever, maybe those folks who hacked into the grids in other countries, may do it to the utilities here in the US; which will be vulnerable because the bug is "too expensive" to fix. Meaning, that the grid is vulnerable and subject to the damage that everyone is afraid might happen since the bugs exist. I guess if the bugs are kept secret, no one else is capable of discovering them because nobody is as smart as the researchers?
OooooooKaaaaay. Riiiiiiight.
This has the potential to suck for the consumer as people could now mess with our power. But after living in several places over the last decade, and being charged $25-$100 to "turn on" my power which is effectively just a change of name on the record at the central office, I can't say I'm shedding a tear for those folks.
Sheldon
This demonstrates the weakness of centralized power grids, like big hydro, big nukes, big coal, big solar arrays beaming power down to Earth, Big solar arrays covering the desert, or any other huge centralized 'answer' to our power generation problems. They are all vulnerable to DOS attacks or attacks on central points of weakness like power lines. It takes just one well crafted weapon, whether kinetic, EMP, radiological, chemical-explosive, cyber-viral-worm, etc., to plunge large populations into darkness and chaos.
Monolithic thinking leads to monolithic engineering, (not to mention monolithic politics), that concentrate your vulnerabilities and limit your flexibility in responding to problems.
Better to have many smaller, locally distributed sources. They make it far more difficult to attack them. Looks like Edison was right and Westinghouse was wrong. At least partially. Too bad we went with Westinghouse, at least so far as the centralized generator is concerned.
This is a challenge that evolution, free markets and democracy all respond to with good answers. Authoritarian structures like organized religions, socialism/communism and autocracy in general all respond poorly to.
This is also a vulnerability of the Internet, with its centralized DNS name servers. I wish I was knowledgeable enough to come up with a solution to that one.
Comment removed based on user account deletion
This is non-news.
There is no single "Smart Grid" device technology. At present there are many proprietary solutions from many different vendors, each using different communication protocols, computer hardware and firmware, and security methods. Each one of these vendors has its products in a very, very small fraction of the utility meters in the nation, most of which, of course, have no Smart technology at all. So the fact that these guys found one architecture vulnerable to a particular stack-overflow attack is bad for the vendor(s) that use it, but not indicative of an approacing nationwide catastrophe.
Smart Grid system standards are under development, however, and those doing the development are exceedingly aware of the need for high security. The IEEE, for example, recently started a Smart Grid standardization effort, P2030, and the IEEE 802.15.4g Smart Utility Neighborhood Task Group effort is already underway. Since the utilities lose revenue -- potentially all revenue, plus destruction of capital assets -- if their equipment is cracked, they are very much a part of these standard development activities, and security is of constant concern. (There will undoubtedly be an industry consortium tasked with reviewing implementations of these standards.)
The attack in question is a side-channel attack that is limited to using a microcontroller with an external 802.15.4 radio that includes an encryption engine. The actual AES-128 algorithm wasn't broken. Instead the vulnerability is that the AES keys are sniffed on the exposed bus when you load the keys into the radio's registers. Contrary to popular belief, you can't take over the nation's smart grid from this attack, and it would be difficult to even take over your neighbor's meter unless you broke into his house. I have more info on my site where I respond to the hack from Travis Goodspeed. The blog post is at http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html
Akiba
FreakLabs Open Source Zigbee Project
http://www.freaklabs.org/
I'm interested in your bowel movements too. Could you provide updates as conditions warrant? I'm interested in texture, size, firmness etc. Also a report on the subtle changes in fragrance is a big plus in my book.
Keep those updates coming, and Thanks in advance!
Many of these devices are already deployed and it would be too dangerous to make the bugs known.
and:
Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, Pennell said.
I love how they think that not releasing this information makes them safe. This is truly scary: Not like some Internet Explorer exploit on a user's desktop - this is the power grid! Someone is telling us that a remote hacker can take-over the entire power grid, and the companies are not going to stop everything and fix it? Holy crap that's negligent!!!
It will be a heck of a lot more expensive to NOT fix this, than to fix it.
(Yeah, I know, "preaching to the choir")
Am I mistaken, or did I read somewhere that these units were running a version of MS Windows? That alone would be shocking (horrifying).
That would be problem one, securing the operating system (use Linux).
I also wonder what, if any, logging and monitoring they are utilizing, or anti-virus (I'm guessing none).
"Cause" can be defined in several different scopes. When one reads a death certificate, for instance, the cause of death could be listed as a hemorrhage in the brain, or one could say the cause was a bullet, or a drunken brawl which ended in a gun being shot, etc.
Instead of saying a wrongly set relay was *the* cause, perhaps it would be best to say it was a precipitating factor. If that relay had not been set wrong, there was a large number of factors that could have triggered a similar blackout.
I guess what the AC called "foolish regulation" was the fact that electricity prices were set by law at such a low level that discouraged investment in the power system. Low investment means, among other things, that technicians will not receive good wages, they will not be motivated enough to pay close attention on what they are doing and will commit mistakes.
Low investments also mean that companies will not build new power plants and lines. They will try to stretch existing systems to the limit, reaching a point where relatively small failures might cascade to system-wide blackouts.
Generally, when people bemoan regulation or deregulation they are looking at just one side of the issue. If you regulate, then you must make sure that the regulations will not kill the companies. If you deregulate, make sure to deregulate *everything*, including prices. The problem with what has been called "deregulation" is that removing the regulations that impose quality levels while keeping regulated prices is more or less guaranteed to cause failures in the system.
Bribe just about any good electrician
Erm... evil, maybe? :)
You can't take the sky from me...
We have done SO MANY things wrong over the last 8 years. This is but one more item. You would think that by this time, they would push to use the electrical grid itself, with a back up on the federal internet. Nope. Just more garbage that was pushed for far too long.
I prefer the "u" in honour as it seems to be missing these days.
"The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people"
The nature of the 'technical glitch' was using Windows NT SCADA units to relay info over the Internet in the middle of the Blaster worm infestation. As was demonstrated in the earlier MS SQL Server 2000 worm infestation of a nuclear power plant.
davecb5620@gmail.com
These devices aren't even close to being in the mainstream yet. Personally I don't see any reason they could ever be made "secure" because by their very nature they need to be "accessible". These devices should NOT be allowed to become popular or mainstream. It's nobody's business but yours, the bill-payer, how much electricity you're using or what you're using it for, and nobody outside of your home should be allowed to control when your HVAC or clothes dryer is running. Create more energy-efficient devices? Yes. Continue to educate the public into being more energy conscious? Absolutely. Generate more power and manage the power grid more intelligently? Yes. Shut off an 80-year-old invalid's air conditioner in the middle of a July heatwave? Absolutely NOT. Shut off someone's clothes dryer so they're late to work because all their work clothes are still sopping wet? Absolutely NOT.
Technology may be the answer, but not THIS technology.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
'An operator corrects the telemetry problem but forgets to restart the monitoring tool'
.. incrediously ... went to lunch and forgot about it.
.. One of MISO's primary system condition evaluation tools, its state estimator,
was unable to assess system conditions for most of the period between 12:37 EDT and
15:34 EDT, due to a combination of human error .. and could not issue appropriate warnings'
...
This from conclusions in the report by the investigating task force. This is BS, the reason the 'operator' disabled 'real-time status of the power system' was to 'conduct a manual check of the network' because they were fully aware an incident was in progress, in the middle of which he then
"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."
"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.
'FirstEnergy's operators were unaware for over an hour that they were looking at outdated information on the status of their portion of the power grid, according to the November report'
'no such call was made or warning given. I have confirmed that by having my staff listen to control room operator tapes'
'At 14:02 EDT
I think he means the screen froze
davecb5620@gmail.com
put the coin signal DTMF tones, on your mobile phone or MP3 player. ;-)
www.Buy-Proxy.com - A "buyer-driven" global marketplace.
I never liked the idea of the power companies having this kind of control. Maybe those little punk-asses (the kind who give hackers a bad name) are doing a public service by discouraging this sort of thing?
Then again, I expect the ones with the money invested to sweep the problem under the rug, which will eventually end in disaster when an exploit is released for all the kiddies to play with.
"The only legitimate use of a computer is to play games." - Eugene Jarvis
I hadn't been aware that "remote disconnect" was being incorporated into electric meters. Read this industry analysis of remote disconnect" for background. The "risk items" list doesn't even consider the implications of hostile attack.
The purpose of "remote disconnect" is to get more control over customers. Utilities are considering using this to enforce collection, and even for prepaid electric service. It's another way to tighten the screws on poor people, like prepaid cellular and paycheck loans.
There's another feature, current limiting - draw too much current and the power cuts off. The current limit can be set remotely. When someone gets behind on their bill, the power they can use is limited to survival levels until they pay up.
Vulnerabilities in the remote management system could be a serious problem. Will the keys be kept in a Microsoft system? If you thought it was bad when credit card numbers were stolen, what happens when someone steals the meter key database? The meters have to be physically visited, one at a time, to reset the keys. And who would do that? The meter readers get laid off when this goes in.
Could be a real problem if terrorists exploit this weakness on any day of the year except the one on which Jack Bauer is working...
The IOActive research will probably never be released publicly: Many of these devices are already deployed and it would be too dangerous to make the bugs known.
Hopefully they've tested the security of the computers that are storing this data. Wouldn't it be ironic if the IOActive computers were hacked and criminals got a hold of their worm?
I don't think your wang is even moderately tumescent.
Enjoy your erectile dysfunction.
Dammit, I'm getting sick and tired of this. Since I was involved in the 2003 blackout investigation for an outside utility company, here's what happened:
I'm tired of all this editorializing that thinks that this stuff is related, but it's not. The root cause was incompetence at FE -- cutting budgets so hard they got rid of tree trimming, failure to communicate properly in emergency situations, and lack of situational awareness -- combined with an over-reaching government that thinks the underlying communcations networks are unsecured. The "technical glitch" was an AIX UNIX machine with poor ICCP error handling, a message queue that failed to empty, and dispatchers that weren't trained how to handle the lack of data. DHS runs one test (Aurora) where they pretend to take over a generator with SCADA, then over-excite it for like an hour before they got it to spark, then suddenly they think the whole grid's at risk so they can get more government funding to justify their existence.
Umm, you are incorrectly applying TCP/IP bandwidth demand to electricity demand. If the distribution company simply wanted to disconnect customers, they have breakers already in place to take care of that. But shutting off a retail customer violates the PUC agreements, and gets the utility in hot water (even if the customer isn't paying, but that's a separate issue). Utilities already measure peak customer current, and they build their systems to handle it. It's actually a fully recoverable expence -- why would a utility company limit you when the the PUC allows them to install a new transformer and charge you for it? It's the core of the electric service agreement. Not to mention that 99% of the electric grid communications runs on a private fiber network of UNIX machines.
Smart Grid is supposed to make retail customers sensitive to wholesale real-time pricing. It's like off-peak metering on steroids.
Here's the problem: Energy is Generated at Wholesale rates, sold to a Distribution company at wholesale rates, at real-time (hourly-fluctuatiing) prices. The real-time price is the intersection of real-time demand with real-time supply (Generation), with an inelastic demand curve and a price-elastic supply. The Electric Distribution Company (EDC) sells that power to End-Use Customers (EUC) at retail rates, at annual pricing (with some itemization depending on your state's PUC/utility retail agreements). The EUC's have no market impetus to actually conserve energy -- why should they, they are paying the same price to run an air conditioner at 1PM as watching TV with the lights on at 11pm at night -- yet the wholesale prices for the EDC are vastly due to peak/offpeak conditions. At its extremes, you end up like California in 2001 where your market blows up because the EDCs are getting charged more for electricity than they collect from the EUCs.
Let's say I am an End-Use Customer running an office building. The utility comes to me and says: "I know you are on retail rates with no fluctuation in price. If you can voluntarily cut some of your demand during the middle of the day, I (the EDC) will pay you (EUC) a piece of the difference in what it would have cost me with the higher demand vs. you not consuming and me having a lower demand. All you have to do is put your air conditioning on the second circuit hooked up to a Smart Meter. When the real-time price goes above $200/MW, I (the EDC) will cut your demand, and restore it when the price comes back down." The EUC (1) makes money from the EDC, (2) pays a smaller electric bill to the EDC. The EDC pays a smaller electric bill to the Generators, and keeps their annual cost lower.
smart grid! whatever will i do without my smart devices?? i wont be able to surf the smartnet!!!
one more slashdotter turned off by buzzwords, and hence refuses to RTFA.
Good people go to bed earlier.
I always wondered why the grid had such a thing as load balancing feedback, which when the grid itself
has a sector that goes down, it kicks into overdrive by jumping on the next grids load. I understand being able to let people keep having power, but I think the thing with that is if (we have seen in the past 55 million without power) we were to have 1 or 2 failures that pushed over the limit of the next grid, the cascading effect takes place and wipes out the whole grid.
I prefer separating each sector but putting in a fail over backup generator like system that if a sector in the grid goes down, those 1000s of people are without power without risking the rest of the grid, and a backup kicks in supplying minimal power at peak or emergency times or sequence (maybe hospitals get fist dibs etc...), until the repairmen can come in and fix the problem.
Or even put a load balancing volume indicator, so that if the broken down sector comes unto another
sector's load, it can only take maximum xxx amount of power and nothing more...
I don't know if these regulations are federal or state; but in many jurisdictions (maybe all, don't know) there are laws against turning off the power when it gets too cold. Here in Kansas at least, it's actually called the Cold Weather Rule. The company has to send personnel out to turn meters on. So no, the power company is not despicably punishing the poor. Even if it wanted to, it couldn't.
Smart meters offer a lot more than simply remote disconnect. A great deal of what they offer is related to their reporting abilities. Standard meters don't communicate at all. They simply spin dials which often are still read manually. Slightly more advanced meters can report to a truck that drives down the street, or across the grid itself to the utility company. But most of the installed meters out in the world are simply dumb circuits with a spinning dial on them.
A smart meter will allow you to view your usage by hour or quarter hour, depending on how many data points your utility company wants to keep. This will allow you to participate in programs that increase off-peak usage. It's better for you and for the utility both if we can flatten the graph on power generation through the day. With smart meters, the company can offer incentive programs that reward the off-peak usage, or programs that might let you participate in other ways. You might be able to install a thermostat that talks to your smart meter and adjust it remotely. Or you might get lower rates in return for letting the utility adjust your thermostat 2 degrees either way during peak times.
When a storm blows through, the smart meters can provide an accurate measure of impact because they're all "ping"able. This will reduce restoration time, especially for those who are on their utility company's "life support" list; people who rely on power for oxygenators, or need refrigeration for meds, etc.
The company can use the smart meters to help measure line loss and know better when to upgrade old distribution lines. It will be easier to detect theft, which really costs the rate-payer.
So no. It's not a big illuminati conspiracy to beat up on poor people. If anything, it displaces meter readers, who are good hard-working people just like you.
Hot Damn! It's the Soggy Bottom Boys!