Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them. A team of New York University researchers challenged that notion at the Black Hat USA 2017 conference in Las Vegas. They disclosed vulnerabilities in a component that combined with publicly available information provide sufficient information to model an advanced, persistent threat to the electrical grid.
Michail Maniatakos, a research professor at the NYU Tandon School of Engineering and an assistant professor of electrical and computer engineering at NYU Abu Dhabi, detailed the discovery of a security flaw in the authentication mechanism of a legacy protective relay–a component that responds to changes in flow across the grid to isolate electrical faults. The vulnerability allows an attacker with local or remote access to extract and reverse-engineer the weakly encrypted and easily accessed passwords used to reprogram the relay’s protective setpoints.
Maniatakos and his collaborators also demonstrated how information about network topology and grid components may allow adversaries to create a model of the power system–information that can be used to pinpoint the most critical nodes of the system. Examples:
Equipment suppliers market the sale of their critical equipment online, alerting potential adversaries to where their equipment is used.
The researchers were able to use Google Earth to track power lines.