Saturday, August 8, 2009

BlackHat Smartgrid Worm Attack Simulation - Aug 27th
Live Webcast: Smart Grid Device Security - Mike Davis, IOActive

Updated 9-5-2009

Following BlackHat 2009 in July, the archived webcast below highlights critical research Mike Davis and other IOActive researchers performed on Smart Grid technology.

Davis and other IOActive researchers developed a proof-of-concept malicious code that self-propagated in a peer-to-peer fashion from one meter to the next as part of their effort to identify Smart Grid cyber security risks and threats. Webcast also addresses this attack simulation and discovered Smart Grid vulnerabilities to attack- such as susceptibilities to buffer overflows and root kits.

As one of the top Black Hat conference presentations, this has stirred up further attention to Smart Grid cyber security just as NIST is working to stand up and plow through developing related requirements and standards on an accelerated schedule. For those that missed out on the Blank Hat session, this recap is very informative.

Update 8-20-2009
Davis's Recoverable Advanced Metering Infrastructure presentation slides (23 pages, some thoughtful redactions) are now posted in the Black Hat USA 2009 Archive area.

Sunday, August 2, 2009

NIST on a roll with "Historic" Security Controls Guidance & SmartGrid 3rd Workshop Aug 3-4
-Plus: BlackHat Smartmeter Worm Attack Simulation

NIST SP800-53 Rev 3 is Final
The newly released voluminous NIST SP800-53 Revison 3 (~40 core pages plus supporting sections, 236 pages total) addresses and deliverers a unifying cyber security framework for use across governmental, civilian, and critical infrastructure entities. The focus remains establishing a solid baseline security posture across eighteen control set families Consensus developed SANS Institute - 20 Critical Security Controls - Version 2.0 provides an updated mapping to this NIST release.

NIST said the updated security control catalogue incorporates best practices in information security from the Department of Defense, intelligence community and civilian agencies to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.

Significant changes include:
  1. A simplified, six-step risk management framework
  2. Additional enhancements for advanced cyber threats;
  3. Prioritizing or sequencing security controls during implementation or deployment;
  4. New references section in revised security control structure;
  5. Supplemental guidance security requirements eliminated;
  6. Addresses risk management framework for legacy information systems and for external providers of information system services;
  7. Current threat information and known cyber attacks factored into security control baselines updates.
  8. Addresses organization-level security controls for managing information security programs;
  9. Guidance on the management of common controls within organizations; and
  10. Strategy for harmonizing Federal Information Security Management Act security standards and guidelines with international security standard ISO/IEC 27001.
  11. Tailoring industrial control systemsm, including compensating controls-  Appendix I
NERC emphasized ISO/IEC 27001 (aka ISO 17799) with the introduction of CIPs and 40+ security requirements; this major enhancement to SP 800-53 should help towards NERC CIPs getting even more NISTy.
NIST SmartGrid Workshop - Aug 3rd -4th
Third major NIST Smart Grid workshop - web/teleconference options:
A key objective of the public workshop is to engage standards development organizations (SDOs) in addressing standards-related priorities. Sessions will be devoted to discussing individual SDO perspectives on the evolving roadmap for Smart Grid interoperability standards, reaching agreement on which organizations should resolve specific standards needs, and developing plans and setting timelines for meeting these responsibilities.
Smart Meter Worm Could Spread Like A Virus - Black Hat Presentation.
At Black Hat last week, IOActive’s Mike Davis and team created a simulation demonstrating how, over a period of 24 hours, about 15,000 out of 22,000 homes had their smart meters taken over by a software worm that placed the devices under the control of the worm’s designers. More: Smart Meter Worm Could Spread Like A Virus
Some speculation- the simulation likely focused on a single managed smart grid environment (not across multiple, independent smart-grid settings). The meter manufacturer reportedly first dismissed the claims until they were proven. The vulnerabilities are similar to what happens when computers are linked over the Internet. By exploiting weaknesses in the way computers talk to each other, hackers designed attacks can size control. The Recoverable Advanced Metering Infrastructure presentation information is not posted yet in the Black Hat USA 2009 Archive area.

Black Hat and Defcon draws some of the best talent around to crack security e.g. Black Hat Researchers Find 'Free' Parking in San Francisco and more news.