hacker trends from a smart grid perspective erwin kooi alliander it

Hacker trendsFrom a smart grid perspective

Erwin KooiAlliander IT security manager

Hacker Trends (from a Smart Grid perspective)

< 2014 in general

< 2014 in smart grid

Trends

“Where do we go from here”

< 2014 in general

< 2014 in smart grid

Trends

“Where do we go from here”

“Hacker” trends

< 2014 in general – researchers

< 2014 in general – researchers

< 2014 in general – activists

< 2014 in general – activists

< 2014 in general – activists

123456

< 2014 in general – criminals

< 2014 in general – criminals

< 2014 in general – governments

BLARNEY

BOUNDLESS INFORMANT

BULLRUN

CULTWEAVE

DEWSWEEPER

EGOTISTICAL GIRAFFE

EVILOLIVE

FALLOUT

FOXACIDGENIE IVY BELLS

MONEYROCKETSHIFTINGSHADOWYACHTSHOP

KLONDIKE

MESSIAH

MOONLIGHTPATH

OCEANARIUM

RENOIR

SHELLTRUMPET

STONE GHOST STORMBREW

TRAFFICTHIEFWHITETAMALE

< 2014 in general – governments

< 2014 in general – no attribution

Rise is spyware

Rise in non-networked malware

Rise in BGP redirects

MaaS (Malware as a Service)

Rise is spyware

Rise in non-networked malware

Rise in BGP redirects

MaaS (Malware as a Service)

< 2014 in smart grid

2013 Internet-connected PLC Austrian power grid malfunctions

2013 BMW accused of spying on AutoLib charging stations

2012 Smart meters hacked for profit by utility employees

2012 Aramco attack

2010 Stuxnet and derivates

2013 Internet-connected PLC Austrian power grid malfunctions

2013 BMW accused of spying on AutoLib charging stations

2012 Smart meters hacked for profit by utility employees

2012 Aramco attack

2010 Stuxnet and derivates

Trends

8 april 2014

Trends

Trends

Smart grids are not a target

• Most “attacks” are collateral damage or misconfiguration

• Read reports with care (understand the political landscape)…

Potential impact is huge, so “no need for security” is not an option

• Smart grid systems remain vulnerable

• Collateral damage sucks too

• Growing interest by asset owners

Smart grids are not a target

• Most “attacks” are collateral damage or misconfiguration

• Read reports with care (understand the political landscape)…

Potential impact is huge, so “no need for security” is not an option

• Smart grid systems remain vulnerable

• Collateral damage sucks too

• Growing interest by asset owners

, yet

“Where do we go from here?” (Marillion)

Build the grid for resilience (a smart grid without smart is still a grid)

This requires also non-cyber measures

This also requires close cooperation

with stakeholders (they need to “climb”)

Not everything needs to be “smart”

Build the grid for resilience (a smart grid without smart is still a grid)

This requires also non-cyber measures

This also requires close cooperation

with stakeholders (they need to “climb”)

Not everything needs to be “smart”

“Where do we go from here?”

Don’t be an attractive target, show that you care

Respond to (small) incidents

• Detect them

• Solve them

• Learn from them

Don’t be an attractive target, show that you care

Respond to (small) incidents

• Detect them

• Solve them

• Learn from them

“Where do we go from here?”

Be proactive

Know thy systems

Test them often

Demand fixes from your vendors

Expect shorter life cycles for secundary grid components

(cots is indeed cheap)

Be proactive

Know thy systems

Test them often

Demand fixes from your vendors

Expect shorter life cycles for secundary grid components

(cots is indeed cheap)

Questions?

Thank you for your attention

erwin.kooi@alliander.comerwin.kooi@alliander.com