GoodSpeed to the Rescue for Pernicious Smart Grid Hardware/Firmware Security Problems

Very much in the spirit of an SGSB post that's turned out to be pretty popular: The Value of Black Hat to Smart Grid Security, free spirited hacker genius Travis Goodspeed is starting something that might raise a few vendors' hackles. But actually, because it may incite some anxiety, it may also get some results.

In Travis' own words, here's the raison d'etre of his new iniative, called "Smart Grid Skunkworks":  

Recent vulnerabilities found in smart meters and HAN devices have shown a number of weaknesses in the engineering practices used to build these devices and their constituent components. A vulnerability in a chip or library is fixed slowly, and it is a very rare event that the meter and thermostat vendors affected by the vulnerability are notified by their suppliers. Because of this, vulnerabilities are spreading downward through the supply chain, and the engineers of smart grid devices are left uninformed.

There are technology and business issues at work here. And more than a little corporate psychology too. 

Left alone, this seemingly intractable set of esoteric problems would likely never be solved. But that's what got Travis charged up, it seems, so much so that he dreamed up this movement and ended his call to action with:

I invite you to join me in preventing smart grid vulnerabilities before they are created.

I've given you the bookends, but you should definitely read the whole piece yourself, HERE. And then if you've got the technical chops to help, and you won't get yourself in too much hot water, this might be just the thing for you.

Photo credit: Travis Goodspeed on Flickr.com

More Smart Grid Security Fun: V2G Hacking and Cyber Car Jacking

Thanks to Forrester analyst Usman Sindhu for zeroing in on risks emerging from new sources on the Smart Grid edge. Namely, those related to our increasingly (wirelessly) wired automobiles. At the IBM Innovate conference Jack and I are attending this week, cars came into focus in a way I don't think they have before. You see, this is a conference devoted almost fully to the art and science of software, and cars are made out of steel, right?

Well, for time being, yes. But that's not the end of the story. Besides steel, the typical car of 2010 has over 200 million lines of code. And though ferrying payloads to low earth orbit and docking with the International Space Station are beyond most 2010 models' capabilities, this is far more software than it takes to run the space shuttles. With dozens of applications and interfaces, not only is each one a highly complex system in itself, but if you think about it, each is an intelligent node in a system of systems. Improvements are now rolling out with increasing frequency to safety, navigation and propulsion systems, among others.

Jack has recently developed an auto-fixation, and as he said in a presentation earlier today, the ability to monitor, diagnose, and repair many vehicular problems without expensive, inconvenient trips to the repair shop is a major win for car makers and customers alike. The way he described it, it was almost like techno-nirvana. Until, that is, he mentioned the likely frailty of the software upon which all of this great new functionality depends.

As recent recalls have demonstrated, the cost of loving what software enables is realizing what happens when it goes wrong, whether by accident or from malicious intent. For a drill down, recommend you see this from the Economist on Cars and software bugs, as well as the Discovery Channel's "This Car runs on Code". Karl Koscher et al from the University of Washington spell it out in plain English in their recent paper: "Experimental Analysis of a Modern Automobile":

While the automotive industry has always considered safety a critical engineering concern (indeed, much of this new software has been introduced specifically to increase safety, e.g., Anti-lock Brake Systems) it is not clear whether vehicle manufacturers have anticipated in their designs the possibility of an adversary. Indeed, it seems likely that this increasing degree of computerized control also brings with it a corresponding array of potential threats.

Threats from bad guys are one thing; threats from poor coding, configuration errors and other unintentional companions of complexity are likely a bigger challenge in the near term. Nevertheless, could an attacker work his/her way through less-than-secure automotive communications networks to put drivers in harm's way or adversely impact a utility? Sounds exotic, but when Vehicle-to-Grid (V2G) dreams start becoming reality, and electric cars draw their power from the grid while fulfilling important energy storage functions upon which we come to rely, this is one area we want to make sure doesn't get overlooked. In fact, just like in everything else, we'd recommend minimizing the drama and designing security in from the word go.

Photo Credit: So Fast it Hertz Blog

Grid Cascade Report: Trap or Training?

As the grid grows more complicated and more confusing, many of us are spending time thinking about the ways in which we can hopefully make it more secure, or at least more reliable, in the face of a new wave of threats and dangers. An article in the March 20th issue of the New York Times, "Academic Paper in China Sets Off Alarms in U.S." describes a new twist on an old distraction: state-sponsored attacks, in this case from China.

First off, I am not going to make any judgments about whether or not we are in the cyber-gunsites of any nations. I always assume that cyber-warfare/defense is now a common discipline in most technologically developed countries, some of which like the United States a lot, and some of which may like us a little less. If you are interested in some relatively comprehensive discussion on the topic of China's capabilities, you can take a browse at a Northrup Grumman Corporation report done for the US-China Economic and Security Review Commission, entitled, "Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation." There is a ton of information there, and a detailed analysis of practices, training, and competencies, but that is not really my issue here.

Cyber-attacks, their origins, purposes, etc. have always been notoriously difficult to divine. Once somebody is caught, there are occasional revelations; the ever-popular "disgruntled former employee", the "group of (pick a nationality) extremists", the "hackers associated with (pick a cause)". In general though, understanding the ultimate source of an attack or the mindset of the attacker is more like reading tea leaves than reading a bio. It even happens to the US, as is the case here in recent news from Iran, "Iran arrests 30 accused of U.S.-backed cyber war". That lack of real conclusive correlations in so many attacks has always led me to focus on the vulnerability, or the exploit, or the damage. What can we learn, what can we do, how can we help?

In this case, the Times' John Markoff and David Barboza are writing about the testimony given by Larry M. Wortzel, Commissioner to the afore-mentioned U.S.-China Economic and Security Review Commission, on March 10, 2010. In that testimony, there is mention made of a paper issued by two academics in China on:

"...how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S. west-coast power grid."

Now that sounds serious.

I am not going to pretend that I have taken the time to review the mathematics that underpin the researcher's report, entitled, "Cascade-based attack vulnerability on the US power grid", and I will assert up front that the formula they use in their abstract is enough to give me flashback memories of long mornings spent contemplating another vocation while in Troy, New York, but I have read it. And anyone can understand that even in their abstract, they are letting the cascade cat out of the bag, because they state that their research produced a "counterintuitive finding", that an attack on the lowest load nodes of a system would be more damaging than attacks on the highest load nodes. Who knew?

Giving away this kind of revelation seems to fly in the face of the sort of tone of the remarks that this article was a blueprint for attacks. This was a report on a surprising aspect of grid vulnerability, and for those who will actually read the report, it closes with a straightforward note on the writers' hope that these results described may "...have practical implications for protecting the key nodes selected effectively and avoid cascading-failure-induced disasters in the real world." To me that looks like well-meaning advice, not like a plot.

Back in 1982, Amory Lovins and L. Hunter Lovins published a book on cascading failures and more, entitled: "Brittle Power: Energy Strategy for National Security". It is rich in information on threats to US energy sources, and even offers relatively detailed anecdotes about the sources of risk in our national energy infrastructure. Much more recently, Amory has again written of the risks with a modern DoD-oriented view, in an NDU article entitled, "DOD’s Energy Challenge as Strategic Opportunity" where he relates that:

"the U.S. electric grid can be interrupted by a lightning bolt, rifle bullet, malicious computer program, untrimmed branch, or errant squirrel."

It would be difficult to find someone who has worked as long to elevate the discussion of energy security or its national importance, and yet many of his messages are also about inherent vulnerabilities that can topple our grid. Lovins helps us to see ways in which we are at risk, and to think about different ways to arrive at resolution.

While picking up the cited article on cascading failures, I browsed around to see what other related topics could be found there, particularly from China. There were plenty. The way I figure it, there is probably a ton of power needed in an industrializing economy growing as quickly as China's, and so they are probably investing a ton in understanding how to make that power reliable. There are a couple of other articles focused on attack strategies to exercise and understand the grid, and another about using power flow entropy as an early indicator of impending failure.

I am not so innocent as to believe that cyber warfare is not planned and practiced by nations all over the world, but there is also research and science that can be leveraged. I hope that our legislators, lobbyists, and scientists use these papers to inform the security of the Grid with at least the same enthusiasm that they present them to us as indicators of international threat.

Smiling Chinese Outlet Photo Courtesy of:

http://www.flickr.com/photos/fdecomite/ / CC BY 2.0