In its essence smart grid is about turning the power grid into an internet of intelligent devices. That means that the next generation power grid will be susceptible to all the cybersecurity issues that affect the internet. This makes cybersecurity a priority for every utility that is implementing some form of a smart grid.
At the EDIST 2013 Conference in Toronto, the keynote speaker was Mikko Hypponen of F-Secure, who has been chasing cybersecurity problems since the 1990's and has been responsoble for taking down a number of internet malware exploits. He gave a very current assessment of today's cybercrime.
Cybercrime on the internet today is very different from a decade ago when it involved "kids" with no real motive, who just did it because they could.
Now there are three categories of people who indulge in cyber expolits and they all have motives.
- Criminals - organized crime groups (in MiKko's experience primarily in Russia, Ukraine, Brazil, China, but all over the world) whose motive is money
- Hacktivists - groups with a political agenda and whose motive is protest
- Governments - both totalitarian and democratic governments are involved in offensive malware with a variety of motives, espionage and military are obvious ones, but governments also target malware on their own citizens
Mikko gave an example of a criminal cyber exploit involving credit card theft but with a wrinkle. Typically when this activity is tracked to a particular account, the ISP is notified and will shutdown the account. But in this case the ISP was owned by a criminal. When notified he would promise to would look into the problem, but wouldn't take any action except charging the account owner more for hosting. Hosting would get to be very expensive for an account holder if it got a lot of attention from the credit card companies. The ISP owner bought a lot of real estate with the money he made - 155 properties have been identified. He is currently awaiting trial.
Another example of a criminal exploit is banking trojans. The best known is called "Zero-access" and has infected 9 million computers. The way it generates revenue is by interrupting your on-line banking session and displaying what appears to be a message from your national police force ( it is a different "police force" depending on the country where you are using your computer) telling you that illegal financial acitivities have been traced to your account and your access the the account has been disabled. This all sounds legit, until it goes on to say that if you pay a $100 fine, access will be restored. And it provides a legitimate way for you to transfer the money.
One of the surprising changes in cyber crime is that until recently it has involved exploits targetting computers running Windows. Millions of Windows machines are infected every year. But the 75 % of the world's servers that run Linux have not been affected. (Last quarter for the first time Linux passed Windows in number of new installations.)
But now Linux, in the form of Android on smart phones, has a malware problem. The number of devices affected by attacks currently number in the thousands, but this is increasing rapidly and involves mostly criminals, not hacktivists or governments.
One of the best known hacking by hacktivists involves a programmer who wanted to customize his Playstation software. Unwisely Sony sent its lawyers after him, which immediately became known and had the effect that Sony became a favourite target of the hacker community.
In an interesting contrast, a programmer who wanted to customize his IPhone, was hired by Apple.
The best known is the stuxnet worm that targeted Iran's uranium centrifuge equipment running Siemens Step7 software. The source of this exploit is suspected to be a Western government. Mikko presented a fascinating story about how this exploit was traced and identified from public TV broadcasts.
ARAMCO, the largest company in the world, was attacked by an expoit that shut down 75% of its computers. A Middle Eastern government is the prime suspect.
The "red october" exploit has just been identified by Kapersky and the source is suspected to be the government in the Far East. This exploit involves sending what looks like innocuous official and academic articles to government officials which then infects their computer with a trojan.
But governments also use malware against their own citizens. Mikko mentioned Syria, the previous regime in Egypt, but also the US, Germany and the UK.
In the latter cases, this typically involves trojans that are used during criminal investigation to track the communications of suspects and is similar to telephone tapping. Mikko described a fascinating example where a person suspected of criminal activity was separated from his luggage and questioned by Customs and Immigration at an airport. The questioning was bogus, but while he was being questioned, officials went through his luggage, found his computer and installed a trojan on it. He was subsequently found to be innocent. The officials then had to stage the same airport exercise to get the trojan off of his computer.
This was a fascinating presentation which I suspect created in the utilities folks in the audience a significantly heightened awareness of how seriously the cybersecurity challenge to the electirc power grid must be treated.