From Power Plant to POL – Cyber-Criminals Are on You!

POWERBOX – From Power Plant to POL – Cyber-Criminals are on You!

The Threats The Consequences Ò Hackers & Crackers Ò Population Ò Computer Criminals Ò Reputational Ò Terrorism Ò Infrastructures Ò Cyberwar Ò Regulatory Ò Industrial Espionage Ò Equipment Ò Insiders Ò Data protection and privacy Ò Safety Ò Economic

At start was the Aurora From simple to complex attacks Ò 2006 / 2007 The Aurora project Ò April 2007 – Idaho National Lab. accessed a generator – Exploit of Microsoft zero-day vulnerability to access energy – Supervisory Control & Data Acquisition (SCADA) used to company SCADA access and send commands – Origin of the attach through simple phishing – Generator destroyed through simulated “cyber attack” – Taking advantage of windows DNS vulnerability Ò Lessons learned – Physical damage can result from a cyber attack Ò August 2010 – Public / Private partnership complicated – Mutant of the “Stuxnet” worm propagated through SCADA – Lack or regulatory and guidance into Smart Grid – Discovering a new word of threats – Suspected to be the first attack from another government not involving military action Ò Aurora opened the Pandora Box

Dark Christmas for Ukraine Ransomware shutdown BWL Ò Direct attacks toward regional distribution Ò Michigan - Board of Water & Light (BWL system (Ivano-Frankivsk region) attacked through Ransomware Ò 225 000 customers impacted Ò BWL forced to shutdown all IT systems Ò Multiple modus operandi Ò FBI involved in the investigations – Phishing e-mails - BlackEnergy 3 malware Ò Several months for BWL to restore – KillDisk attacking Master Boot record – Control of Human Machin Interface (HMI) Ò Attack suspected to come from another country – Control of UPSs operation from cyber-criminal organization – Physical sabotage Ò This case is considered as part of a mechanism Ò February 25, 2016 US Dept. of Homeland to attack Energy Suppliers Security (DHS) issued a formal alert

Connecting SG to DDoS Securing the Smart Grid Ò September 2016 – OVH (France) Ò The US Department Of Energy (DOE) released – Massive Distributed Denial-of-Service DDoS attack through a number of projects and initiatives, as well 150 000 IoT devices (CCTV cameras and smart-meters) 1Tbps other governmental agencies Ò October 2016 – Dyn (USA) Ò December 2016 – White House published the – Dyn getting “tens of millions” of messages from Internet- “National Electric Grid Security And Resilience connected devices, including smart-meters Plan” Ò November 2016 – Deutsche Telekom Ò The European Network and Information Security – More than 900 000 customers knocked offline - Routers Agency (ENISA), the EU-funded SPARKS (Smart infected by a new variant of a computer worm known as Mirai Grid Protection Against Cyber Attacks – project) and many others building safer SG Ò International projects aiming to bridge US and EU into a common protection alliance in discussion

What about at board level? Conclusions Ò Power community is not used to deal with security Ò Smart Grid is a very complex architecture requiring high level of cooperation to protect Ò Hacker could access a system through industrial SCADA without any problem Ò Learning by mistake is not an option! Ò How much is PMBus secured? Ò Governmental initiatives are accelerating though political instability increasing threats at high pace Ò Is the power industry too confident? Ò Creating awareness and educating power Ò Insider threats are real (Dolphin case) designers and systems architects business critical Ò Cyber criminality is increasing faster than we Ò In front of Cyber Criminality, nothing is for granted could imagine Ò Cyber security starts at board level Ò Power industry must deploy strategies to include highest level of security in any layer of software Ò Sounds dramatic though a lot of fun ahead!

For more information Visit www.prbx.com Please contact Patrick Le Fèvre, CMCO +46 (0)158 703 00 [email protected]