protecting power grids from cyber- attacks: the inspire approach · 2011-01-20 · protecting power...
TRANSCRIPT
![Page 1: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/1.jpg)
Protecting Power Grids from Cyber-
Attacks: the INSPIRE approach
Salvatore D’AntonioUniversity of Naples “Parthenope”Consorzio Interuniversitario Nazionale per l’Informatica (CINI)
6th ETSI Security Workshop
Sophia Antipolis, January 20, 2011
![Page 2: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/2.jpg)
Setting up the scene
• Supervisory Control And Data Acquisition (SCADA) systems
are rapidly moving from closed solutions towards IP-based
integrated frameworks made of Commercial Off-The-Shelf
(COTS) components and using shared networks and standard
communication protocols
• This technological trend is bringing many advantages:
– The availability of a large base of standard and well-known
protocols
– The possibility of using shared and interconnected networks to
support distributed SCADA systems
– The deployment of IP-based services and applications on top
of SCADA systems
![Page 3: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/3.jpg)
The other side of the coin
• Evidence is showing that Critical Infrastructures are exposed
to cyber-security risks
– Cyber-spies have penetrated the U.S. electrical grid and left behind
software programs that could be used to disrupt the system [Reuters]
– IT guys of electric utility companies or of the Department of Homeland
Security lose a lot of sleep over security exposure of their SCADA
systems
• The shared communication network has become an obvious
target for disrupting a SCADA infrastructure
– An attacker may exploit a vulnerability of the wireless trunk of a SCADA
communication infrastructure to prevent real-time delivery of SCADA
messages
– This would result in the loss of monitoring information or even of the
ability to control entire portions of the SCADA system
![Page 4: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/4.jpg)
INSPIRE overview
• Two-year small or medium-scale focused
research project (STREP)
• Work programme topic addressed
– Objective ICT-SEC-2007.1.7: Critical Infrastructure – Objective ICT-SEC-2007.1.7: Critical Infrastructure
Protection (CIP)
• Start date:
– November 1, 2008
• End date:
– January 31, 2010
![Page 5: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/5.jpg)
Objectives
• To analyze vulnerabilities which affect SCADA
systems
• To design an architectural framework for
SCADA systems monitoring, diagnosis and SCADA systems monitoring, diagnosis and
remediation
• To develop diagnosis and recovery techniques,
suited for SCADA systems
• To implement traffic engineering algorithms to
provide SCADA traffic with quantitative
guarantees
![Page 6: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/6.jpg)
A bird’s eye view of the
INSPIRE framework
Monitoring
Remediation
Diagnosis
![Page 7: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/7.jpg)
INSPIRE-International
• An international cooperation has been set up between
INSPIRE and the NSF-supported project “GridStat”
(www.gridstat.net) in the area of power grid protection
• GridStat is a novel publish-subscribe, QoS-managed
middleware framework that has been designed to middleware framework that has been designed to
enhance the resilience of electric power grid’s
communication network
• GridStat researchers are actively involved in the North
American Synchrophasor Initiative (NASPI;
www.naspi.org). Synchrophasors are considered to be a
key new technology for helping power grids be more
resilient, more efficient, etc.
![Page 8: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/8.jpg)
Synchrophasor
• “ A Phasor Measurement Unit (PMU) is a device that
provides as a minimum synchrophasor and
frequency measurements for one or more three
phase AC voltage and/or current waveforms.”
![Page 9: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/9.jpg)
Frequency monitoring system
architecture
Power GridPower Grid
![Page 10: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/10.jpg)
Frequency ranges
FDR 604 (US) –
60 Hz, 110 V
FDR 808
(Italy) –50 Hz, 220 V
FDR 809
(Germany) –50 Hz, 220 V
![Page 11: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/11.jpg)
Example of anomalies
60 -> 59.6
∆ ~= 0.4
59,99 -> 59.95∆ ~= 0.04
![Page 12: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/12.jpg)
OpenPDC
• Troubles with Windows 7 and .NET 4.0
![Page 13: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/13.jpg)
SQL Injection over OpenPDC
protected override void ProcessMeasurements(IMeasurement[] measurements)
{
foreach (IMeasurement measurement in measurements)
{
// Create the command string to insert the measurement as a record in the table.
StringBuilder commandString = new
StringBuilder("INSERT INTO Measurement VALUES ('");
commandString.Append(measurement.SignalID);commandString.Append(measurement.SignalID);
commandString.Append("','");
commandString.Append((long)measurement.Timestamp);
commandString.Append("',");
commandString.Append(measurement.AdjustedValue);
commandString.Append(')');
MySqlCommand command = new MySqlCommand(commandString.ToString(),
m_connection);
command.ExecuteNonQuery();
}
m_measurementCount += measurements.Length;
}
![Page 14: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/14.jpg)
SQL Injection finding
• No sanitization of inputs
• No use of templates
• No integrity check of values coming from the
devicesdevices
=> potentially vulnerable to SQL injections
• Possibility to compromise stored values
• Possibility to insert unexpected values
• …
![Page 15: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/15.jpg)
Future work
• Development of a new generation SIEM
(Security Information and Event Management)
framework for critical service infrastructures
– Multi-level and multi-domain security event – Multi-level and multi-domain security event
processing
– Predictive security monitoring
– Trustworthy and resilient event collection
• FP7 MASSIF project– www.massif-project.eu
![Page 16: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/16.jpg)
http://www.inspire-strep.eu
More info
Coordinator:
Salvatore D’Antonio
![Page 17: Protecting Power Grids from Cyber- Attacks: the INSPIRE approach · 2011-01-20 · Protecting Power Grids from Cyber-Attacks: the INSPIRE approach ... () in the area of power grid](https://reader034.vdocuments.us/reader034/viewer/2022050404/5f81f81bbaae117e450d6a37/html5/thumbnails/17.jpg)
Thanks for your attention!Thanks for your attention!