Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smart Grid Computers Susceptible To Worm Attack

Posted by timothy on from the when-the-lights-come-on-again dept.

narramissic writes "Researchers with security consultancy IOActive have created a worm that could quickly spread among Smart Grid devices, small computers connected to the power grid that give customers and power companies better control over the electricity they use. '[The worm] spread from one meter to another and then it changed the text in the LCD screen to say "pwned,"' said Travis Goodspeed, an independent security consultant who worked with the IOActive team. In the hands of a malicious hacker, this code could be used to cut power to Smart Grid devices that use a feature called 'remote disconnect,' which allows power companies to cut a customer's power via the network. The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people."

11 of 98 comments (clear)

  1. This won't affect the smart grid... by freaklabs · · Score: 5, Informative

    The attack in question is a side-channel attack that is limited to using a microcontroller with an external 802.15.4 radio that includes an encryption engine. The actual AES-128 algorithm wasn't broken. Instead the vulnerability is that the AES keys are sniffed on the exposed bus when you load the keys into the radio's registers. Contrary to popular belief, you can't take over the nation's smart grid from this attack, and it would be difficult to even take over your neighbor's meter unless you broke into his house. I have more info on my site where I respond to the hack from Travis Goodspeed. The blog post is at http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html

    Akiba
    FreakLabs Open Source Zigbee Project
    http://www.freaklabs.org/

    1. Re:This won't affect the smart grid... by smallfries · · Score: 2, Informative

      No it isn't, and if you had read the article instead of the summary before you tried to pump your own blog you would realise that what you describe is not the issue here at all. This is *not* the side-channel attack that your post talks about.

      Here are some basic clues:
      1. It's a worm
      2. It can spread from device to device over the network
      3. No external hardware is required, the exploit is purely software (see points 1 & 2).
      4. Goodspeed is not mentioned in connection with his side-channel attack on AES, but for some theoretical work on possible vulnerabilities.

      You fail.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    2. Re:This won't affect the smart grid... by freaklabs · · Score: 2, Informative

      Uhhh...I read the article. If it were a pure software exploit. It wouldn't be an expensive issue to fix as mentioned in the last line of the article.
      And if you read my blog article, you'd see that smart meters aren't able to communicate with each other and instead communicate on the utility's backhaul.
      And if you read my blog article, you'd see that Travis Goodspeed posted a blog article of his own detailing a side channel attack on 802.15.4.
      Uhhh...personally, I don't care if you read my blog or not, but since programmers normally try not to repeat themselves, you might want to check out my blog for details on this.

  2. Re:Glitch? by Scrameustache · · Score: 2, Informative

    the lines were cut by falling branches

    Apparently I had that bit upside down; it was the power lines swinging low, not branches falling: http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003#Sequence_of_events

    And here's a piece about why regulations are good and should be enforced: http://www.ontariotenants.ca/electricity/articles/2003/ts-03i08.phtml

    --

    You can't take the sky from me...

  3. Re:This shows the weakness of anything centralized by doshell · · Score: 3, Informative

    This is also a vulnerability of the Internet, with its centralized DNS name servers. I wish I was knowledgeable enough to come up with a solution to that one.

    The DNS name servers are not centralized. Perhaps you are thinking of the root servers, but those hold only a few records for the TLDs; in order to resolve "slashdot.com", the root servers only know about the ".com" part. Besides, 99% of the queries you make do not ever reach a root server, because you are using your ISP's name server, which does caching. Precisely because it would be unworkable to make every query depend on the DNS servers "above".

    The current problem with the DNS is one of security, but that has nothing to do with it being centralized (indeed I would argue it is easier to secure a centralized system than a decentralized one...)

    --
    Score: i, Imaginary
  4. Re:This shows the weakness of anything centralized by Dachannien · · Score: 3, Informative

    One, we have roughly 10,000 power plants of all types in the US.

    Two, transmission losses are roughly 10% (up from 5% 40 years ago, largely due to a failure to improve the transmission grid on par with the increase in load).

    And three, I'm pretty sure the efficiencies being talked about earlier are related to economies of scale. That is, you can build a large power plant at a cost much cheaper per unit of capacity than a corresponding number of small plants.

  5. Re:Asinine by betterunixthanunix · · Score: 2, Informative

    "Um, citation please? Nowhere in the linked article (sorry, I know I wasn't supposed to read it, but I was curious), does it say anything about being expensive to fix. In fact, it says nothing at all about repair cost, which may merely involve a firmware update which could be deployed remotely."

    From TFA:

    "Should one of these security bugs be made public, it wouldn't just be dangerous, it would also be expensive, costing utility companies big money as they went back and retrofitted their buggy systems, Pennell said."

    That would be the last sentence.

    I do not feel sorry for the utilities if they deployed a buggy system that created a national security problem. I would hope that any promise to keep the exploit secret was matched by an immediate effort on the part of the power companies to correct the problem, and to have a third party perform additional testing to discover other possible exploits; clearly, that is not what happened.

    --
    Palm trees and 8
  6. Re:This shows the weakness of anything centralized by dtmos · · Score: 4, Informative

    Decentralized power generation is a major part of the Smart Grid initiative. See, e.g., the Galvin Electricity Initiative.

    Since power generated in a grid cannot be effectively stored, it must be used when generated. This forces today's utilities into a large control problem, in which consumers' needs (in the form of measurements of line voltage and frequency, sampled throughout the network) are fed back to centralized control points and used to control the output of a relatively small number of generating plants (and current sent along individual transmission lines). Control of this system is moderately well understood, if one accepts that certain heuristics have to be used -- along with occasional human judgement. Considering its complexity, this is one of the great engineering achievements of the 20th Century.

    Decentralized power generation, however, is a completely different type of control problem. With millions of potential generators, the existing control algorithms fail completely; further, as part of the decentralized control algorithm the utility needs to communicate with each power meter (a.k.a. potential generator) in essentially real time, to control any power it may generate.

    Having a meter that bills the customer only for the net of power used and generated is termed "net metering." This exists today, but cannot achieve wide-spread use without better communication with the meters. Utilities like net metering, because they get additional generating capacity without paying for new power plants.

    The Smart Grid, with its communication to individual power meters, effectively enables net metering: Homeowners can generate their own power, use what they need locally, then sell any surplus to the utility for use by others. The meter can inform the utility how much power it is supplying at any time, a number used by the utility to maintain network stability. If the utility has no use for the power at that moment, it can refuse the offer, again by communicating with the meter.

  7. Re:lazy engineering by mangu · · Score: 4, Informative

    I miss the days when hackers were just doing things for lulz.

    Problem is old time hackers did things for money, too. Pricing details here:

    In 1971 Steve 'Woz' Wozniak designed a device called the 'Blue Box'. It allowed -- of course illegal -- phone
    calls free of charge by faking the signals used by the phone companies. His friend Steve Jobs instantly realized that there must be a huge market for something that useful. He bought the parts for $40, Woz built the boxes and Jobs sold them to his fellow students at the University of California in Berkeley for $150.

    This well known anecdote is what made me think of the market for an electricity meter hacking device. $150 in 1971 dollars would be about $800 today.

  8. Re:This shows the weakness of anything centralized by Ashriel · · Score: 2, Informative

    I would certainly classify 10% loss as a large percentage of inefficiency; in most companies I've worked with, the minimum acceptable efficiency seems to be 93-95% - granted, I'm not talking power generation and transmission in those cases.

    That is, you can build a large power plant at a cost much cheaper per unit of capacity than a corresponding number of small plants.

    Absolutely. But we're talking initial outlaying of funds here, not maintenance, upkeep, or fueling. More to the point, with generators every few blocks in a city; one or two for every town in the country, the costs are completely removed from private business and placed onto the citizens and/or local government (meaning, again, the citizens). We should be paying for our own power generation directly, rather than paying a large authorized monopoly to charge us for the maintenance and inefficiency of an unnecessary power structure.

    Such a cellular power structure is impervious to large scale failure, and with interconnects, it would become fairly difficult to cause even local power failure.

    No doubt the costs would be greater, but they'd be diffused across the entire population, and the energy itself would be cheaper, since there's no need for profit. Most importantly, I would think that the security and stability of such a system would be more than worth the additional cost.

  9. Who is really at fault by Orne · · Score: 3, Informative

    Dammit, I'm getting sick and tired of this. Since I was involved in the 2003 blackout investigation for an outside utility company, here's what happened:

    • First Energy (OH) had some lines trip. Because of a race condition in their EMS (Electric Management System), the program never recognized that the lines tripped. Their State Estimator locked up, giving the dispatchers false information. Their redundant backup had the same code, used the same inputs, and got in the same race condition, and there was no watchdog system like Tivoli to measure that the systems were not outputting data.
    • Outside companies who observed odd flows on their systems tried to commuinicate with FE regarding the trippings, but FE said that the trippings were a data error (not recognizing they were real)
    • An hour and a half later, the grid split due to additional overload trippings in FE, and it all went to hell
    • FE executives begin spinning the story so fast you could have generated electricity if you stuck magnets on them
    • In the investigation, they found that too many companies were not adequately protecting their SCADA systems (it was so convenient to put the controls on VPN so you can work on an issue remotely), despite this was not one of the root causes.
    • Six months later, the government issued a report saying every utility was at fault, gave FERC the ability to set industry standards, and gave NERC the ability to fine companies a $1 mil/day for violating those standards.
    • 5+ years later, we're all reacting to these CIP (Critical Infrastructure Protection) standards, which are all poorly defined, everyone's paranoid they may be violating something (which = fine), and so they're all overreacting by clamping down on anything that looks like a SCADA violation.

    I'm tired of all this editorializing that thinks that this stuff is related, but it's not. The root cause was incompetence at FE -- cutting budgets so hard they got rid of tree trimming, failure to communicate properly in emergency situations, and lack of situational awareness -- combined with an over-reaching government that thinks the underlying communcations networks are unsecured. The "technical glitch" was an AIX UNIX machine with poor ICCP error handling, a message queue that failed to empty, and dispatchers that weren't trained how to handle the lack of data. DHS runs one test (Aurora) where they pretend to take over a generator with SCADA, then over-excite it for like an hour before they got it to spark, then suddenly they think the whole grid's at risk so they can get more government funding to justify their existence.