NYU security researchers reveal strategies to protect grid from low-budget attacks

Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them. A team of New York University researchers challenged that notion at the Black Hat USA 2017 conference in Las Vegas. They disclosed vulnerabilities in a component that combined with publicly available information provide sufficient information to model an advanced, persistent threat to the electrical grid.

Michail Maniatakos, a research professor at the NYU Tandon School of Engineering and an assistant professor of electrical and computer engineering at NYU Abu Dhabi, detailed the discovery of a security flaw in the authentication mechanism of a legacy protective relay–a component that responds to changes in flow across the grid to isolate electrical faults. The vulnerability allows an attacker with local or remote access to extract and reverse-engineer the weakly encrypted and easily accessed passwords used to reprogram the relay’s protective setpoints.

Maniatakos and his collaborators also demonstrated how information about network topology and grid components may allow adversaries to create a model of the power system–information that can be used to pinpoint the most critical nodes of the system. Examples:
Equipment suppliers market the sale of their critical equipment online, alerting potential adversaries to where their equipment is used.

The researchers were able to use Google Earth to track power lines.
 

Previous articleGeorgia Power, Westinghouse finalize service agreement for Vogtle expansion
Next articleARCOS Buys Utility Division of Macrosoft
The Clarion Energy Content Team is made up of editors from various publications, including POWERGRID International, Power Engineering, Renewable Energy World, Hydro Review, Smart Energy International, and Power Engineering International. Contact the content lead for this publication at Jennifer.Runyon@ClarionEvents.com.

No posts to display