Investigations
of threats to corporate computer hardware and software systems traditionally
have shown that the greatest number of attacks come from internal sources. Substation
control systems and IEDs are different in that information about them is less
well known to the general public.
However, the
hardware, software, architecture, and communication protocols for substations
are well known to the utilities, equipment suppliers, contractors, and
consultants throughout the industry. Often, the suppliers of hardware,
software, and services to the utility industry share the same level of trust
and access as the utility individuals themselves.
Consequently,
the concept of an insider is even more encompassing. A utility employee knows
how to access the utility’s computer systems to gather information or cause damage,
and also has the necessary access rights (keys and passwords).
The utility
must protect itself against disgruntled employees who seek to cause damage as
well as employees who are motivated by the prospect of financial gain.
Computer-based systems at substations have data of value to a utility’s competitors
as well as data of value to the competitors of utility customers (e.g., the
electric load of an industrial plant).
Corporate
employees have been bribed in the past to provide interested parties with
valuable information; we have to expect that this situation will also apply to
utility employees with access to substation systems. Furthermore, we cannot
rule out the possibility of an employee being bribed or blackmailed to cause
physical damage, or to disclose secrets that will allow other parties to cause
damage.
A second
potential threat comes from employees of suppliers of substation equipment.
These employees also have the knowledge that enables them to access or damage
substation assets. And often they have access as well. One access path is from
the diagnostic port of substation monitoring and control equipment.
It is often
the case that the manufacturer of a substation device has the ability to
establish a link with the device for the purpose of performing diagnostics via
telephone and modem (either via the Internet or else by calling the device
using the public switched telephone network).
An
unscrupulous employee of the manufacturer could use this link to cause damage
or gather confidential information. Additionally, an open link can be accessed
by an unscrupulous hacker to obtain unauthorized access to a system. This has
occurred frequently in other industries.
Another
pathway for employees of the utility or of equipment suppliers to illicitly access
computer-based substation equipment is via the communications paths into the
substation.
A third
threat is from the general public. The potential intruder might be a hacker who
is simply browsing and probing for weak links or who possibly wants to
demonstrate his prowess at penetrating corporate defenses.
Or the
threat might originate from an individual who has some grievance against the
utility or against society in general and is motivated to cause some damage.
The utility should not underestimate the motivation of an individual outsider
or amount of time that someone might dedicate to investigating vulnerabilities
in the utility’s defenses.
A fourth
threat is posed by criminals who attempt to extort money (by threatening to do
damage) or to gain access to confidential corporate records, such as maintained
in the customer database, for sale or use.
The fifth,
and arguably the most serious, threat is from terrorists or hostile foreign
powers. These antagonists have the resources to mount a serious attack.
Moreover, they can be quite knowledgeable, since the computer-based systems
that outfit a substation are sold worldwide with minimal export restrictions,
and documentation and operational training is provided to the purchaser.
The danger
from an organized hostile power is multiplied by the likelihood that an attack,
if mounted, would occur in many places simultaneously and would presumably be
coupled with other cyber, physical, or biological attacks aimed at crippling
the response capabilities.
No comments:
Post a Comment