Retour aux nouvelles

14 août 2018 | International, C4ISR

HOW HACKED WATER HEATERS COULD TRIGGER MASS BLACKOUTS

WHEN THE CYBERSECURITY industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them.

At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.

Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people—a population roughly equal to Canada or California—the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners.

"Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."

The result of that botnet-induced imbalance, Soltan says, could be cascading blackouts. When demand in one part of the grid rapidly increases, it can overload the current on certain power lines, damaging them or more likely triggering devices called protective relays, which turn off the power when they sense dangerous conditions. Switching off those lines puts more load on the remaining ones, potentially leading to a chain reaction.

"Fewer lines need to carry the same flows and they get overloaded, so then the next one will be disconnected and the next one," says Soltan. "In the worst case, most or all of them are disconnected, and you have a blackout in most of your grid."

Power utility engineers, of course, expertly forecast fluctuations in electric demand on a daily basis. They plan for everything from heat waves that predictably cause spikes in air conditioner usage to the moment at the end of British soap opera episodes when hundreds of thousands of viewers all switch on their tea kettles. But the Princeton researchers' study suggests that hackers could make those demand spikes not only unpredictable, but maliciously timed.

The researchers don't actually point to any vulnerabilities in specific household devices, or suggest how exactly they might be hacked. Instead, they start from the premise that a large number of those devices could somehow be compromised and silently controlled by a hacker. That's arguably a realistic assumption, given the myriad vulnerabilities other security researchers and hackers have found in the internet of things. One talk at the Kaspersky Analyst Summit in 2016 described security flaws in air conditioners that could be used to pull off the sort of grid disturbance that the Princeton researchers describe. And real-world malicious hackers have compromised everything from refrigerators to fish tanks.

Given that assumption, the researchers ran simulations in power grid software MATPOWER and Power World to determine what sort of botnet would could disrupt what size grid. They ran most of their simulations on models of the Polish power grid from 2004 and 2008, a rare country-sized electrical system whose architecture is described in publicly available records. They found they could cause a cascading blackout of 86 percent of the power lines in the 2008 Poland grid model with just a one percent increase in demand. That would require the equivalent of 210,000 hacked air conditioners, or 42,000 electric water heaters.

The notion of an internet of things botnet large enough to pull off one of those attacks isn't entirely farfetched. The Princeton researchers point to the Mirai botnet of 600,000 hacked IoT devices, including security cameras and home routers. That zombie horde hit DNS provider Dyn with an unprecedented denial of service attack in late 2016, taking down a broad collection of websites.

Building a botnet of the same size out of more power-hungry IoT devices is probably impossible today, says Ben Miller, a former cybersecurity engineer at electric utility Constellation Energy and now the director of the threat operations center at industrial security firm Dragos. There simply aren't enough high-power smart devices in homes, he says, especially since the entire botnet would have to be within the geographic area of the target electrical grid, not distributed across the world like the Mirai botnet.

But as internet-connected air conditioners, heaters, and the smart thermostats that control them increasingly show up in homes for convenience and efficiency, a demand-based attack like the one the Princeton researchers describes could become more practical than one that targets grid operators. "It's as simple as running a botnet. When a botnet is successful, it can scale by itself. That makes the attack easier," Miller says. "It's really hard to attack all the generation sites on a grid all at once. But with a botnet you could attack all these end user devices at once and have some sort of impact."

The Princeton researchers modeled more devious techniques their imaginary IoT botnet might use to mess with power grids, too. They found it was possible to increase demand in one area while decreasing it in another, so that the total load on a system's generators remains constant while the attack overloads certain lines. That could make it even harder for utility operators to figure out the source of the disruption.

If a botnet did succeed in taking down a grid, the researchers' models showed it would be even easier to keepit down as operators attempted to bring it back online, triggering smaller scale versions of their attack in the sections or "islands" of the grid that recover first. And smaller scale attacks could force utility operators to pay for expensive backup power supplies, even if they fall short of causing actual blackouts. And the researchers point out that since the source of the demand spikes would be largely hidden from utilities, attackers could simply try them again and again, experimenting until they had the desired effect.

The owners of the actual air conditioners and water heaters might notice that their equipment was suddenly behaving strangely. But that still wouldn't immediately be apparent to the target energy utility. "Where do the consumers report it?" asks Princeton's Soltan. "They don't report it to Con Edison, they report it to the manufacturer of the smart device. But the real impact is on the power system that doesn't have any of this data."

That disconnect represents the root of the security vulnerability that utility operators need to fix, Soltan argues. Just as utilities carefully model heat waves and British tea times and keep a stock of energy in reserve to cover those demands, they now need to account for the number of potentially hackable high-powered devices on their grids, too. As high-power smart-home gadgets multiply, the consequences of IoT insecurity could someday be more than just a haywire thermostat, but entire portions of a country going dark.

https://www.wired.com/story/water-heaters-power-grid-hack-blackout/

Sur le même sujet

  • Possible New 'Engine War' Recasts Pratt As Champion Of Competition

    16 mars 2020 | International, Aérospatial

    Possible New 'Engine War' Recasts Pratt As Champion Of Competition

    By Steve Trimble Pratt & Whitney's F100 (pictured) is designed to be interchangeable with GE Aviation's F110 as the engine for the Boeing F-15 fleet. A jet engine maker is pressuring the U.S. Defense Department to scrap a plan to award a sole-source contract to a rival for a fleet of new fighters and investigate the opportunity for performance and cost improvements yielded by a competitive selection process. If that narrative sounds familiar, it is because it echoes a role GE Aviation played for more than 40 years, which included a successful bid in the 1980s to launch the “Great Engine War” over the F-15 and F-16 fleets and a failed campaign that ended almost a decade ago to establish the F136 as the alternate engine for the F-35. This time, however, the roles are reversed. Pratt & Whitney, which waged fierce lobbying campaigns against competitive engine policies for the F-15, F-16 and F-35, has switched sides in the debate. In response to the U.S. Air Force's decision to field the F-15EX into production powered solely by GE F110 engines, Pratt has filed two protests with the Government Accountability Office (GAO), which is scheduled to render judgments on both cases by early July. The Air Force sided with GE during the Great Engine War in 1984. Seeking to lower costs and motivate Pratt to resolve stall-stagnation problems with the original F100, the Air Force decided that year to split the engine contract for the F-15 and F-16 between GE's F110 and Pratt's F100. Thirty-six years later, the Air Force now worries about the schedule impact if the GAO sustains either or both of Pratt's protests of the F-15EX engine. Service officials decided to acquire the F-15EX after concluding the F-15C/Ds were too costly to sustain and because it would take too long for the Pratt F135-powered F-35A to replace all of them. Pratt's protests threaten to disrupt that schedule and erode the Air Force's original business case for the F-15EX. “If we have to do an engine competition, it will add time—2-3 years,” said Will Roper, assistant secretary of the Air Force for Acquisition, Technology and Logistics, testifying before the House Armed Services Committee on March 10. Only a decade ago, Pratt welcomed a vote by Congress in 2010 to cancel funding for the F-35 program's alternate engine, along with a decision by GE and Rolls-Royce a year later to abandon a plan to self-fund the certification of the F136. But Pratt now embraces the potential benefits of an engine competition for the F-15EX. “Our government supports competition at all levels, and we're interested in providing the F100 as a competitive alternative,” Pratt Military Engines President Matthew Bromberg told Aviation Week. “If we're not competitive in terms of capability, schedule [and] price, I get it. But after the U.S. government spent all this money creating two engines for the F-15 and F-16 platforms, why would it then not compete a 450-engine program?” Asked if the existing F100 would require additional development to meet the Air Force's requirements for the F-15EX, Bromberg replied that he cannot answer that question in the absence of a competitive process that allows Pratt access to the specifications. He also noted that the F100 exclusively powers the Air Force's existing fleet of F-15Es. The F100 and F110 were designed to fit interchangeably in the F-15, although the heavily modified Saudi Arabian F-15SA and the Qatari F-15QA from which the F-15EX was derived are exclusively powered by GE's engine. The GAO does not release complaints filed by protesters up front, but it does release the full text of decisions. It is not clear why Pratt filed two separate protests on the sole-source decision for the GE engine on the F-15EX, but Bromberg advised not reading too much into it. “I'd like to obviously be able to discuss them, but I can't because it's a legal process,” Bromberg said. “I would really view them as a single protest on a single procurement action, and that is a lack of competition.” https://aviationweek.com/defense-space/aircraft-propulsion/possible-new-engine-war-recasts-pratt-champion-competition

  • Russia’s new nuclear policy could be a path to arms control treaties

    9 juin 2020 | International, Aérospatial

    Russia’s new nuclear policy could be a path to arms control treaties

    By: Sarah Bidgood Russia recently published a new document, titled “Basic Principles of State Policy of the Russian Federation on Nuclear Deterrence.” Its release marks the first time that Russia's official policy on deterrence has been made publicly available. As others have observed, this document is an example of declaratory policy aimed primarily at a foreign audience — and should be read with this orientation in mind. Still, it contains information that helps readers better understand how Russia thinks about nuclear weapons, and this certainly makes it worth a close examination. Some of the more useful insights this document offers pertain to Russia's threat assessments and what it sees as likely pathways to nuclear use. A number of these threats line up with American declaratory policy as reflected in the 2018 Nuclear Posture Review. These overlaps are noteworthy, since the U.S. and Russia have traditionally been able to work together to mitigate mutual threats even when their bilateral relationship is in crisis. As such, they can point toward ways to get arms control back on track at a time when it is in deep trouble. One such area of overlap appears in section 19C, which covers the conditions that could allow for nuclear use. This list includes an “attack by [an] adversary against critical governmental or military sites of the Russian Federation, disruption of which would undermine nuclear forces response actions." The similarities between this language and that which appears in the 2018 NPR are considerable. That document identifies “attacks on U.S., allied, or partner civilian populations and infrastructure and attacks on U.S. or allied nuclear forces, their command and control, or warning and attack assessment capabilities” as a significant non-nuclear strategic attacks that could warrant the use of nuclear weapons. These parallels suggest that an agreement prohibiting attacks on nuclear command, control and communications systems could be of interest to both Washington and Moscow. A treaty along these lines would help to shore up crisis stability while rebuilding trust and confidence between the U.S. and Russia. It could also become a multilateral approach involving the five nuclear weapon states, which have been meeting regularly to discuss risk reduction and other topics. This would represent one of the few concrete outcomes of these discussions, which have been met with cautious enthusiasm but have so far failed to bear much fruit. Another example of mutual U.S.-Russia threats appears in section 12E of the Russian document. Here, the “uncontrolled proliferation of nuclear weapons, their delivery means, technology and equipment for their manufacture” are described as risks that nuclear deterrence is meant to neutralize. Preventing the spread of nuclear weapons seems to remain a focus of U.S. nuclear policy, too, and the 2018 NPR commits to strengthening institutions that support “verifiable, durable progress on non-proliferation.” This ongoing shared interest is an argument for renewed U.S.-Russian cooperation in this area, especially as it relates to strengthening the Nuclear Non-proliferation Treaty. There is a long history of engagement between the two largest nuclear weapon states on nonproliferation, even at times of major discord in their relationship. Successful outcomes of this cooperation include the Nuclear Non-proliferation Treaty itself, which the United States and the Soviet Union concluded 50 years ago to stop additional countries from acquiring nuclear weapons. Despite decades of joint work toward this shared goal, the rift between Washington and Moscow has now brought most bilateral efforts in this area to a halt. As some in Iran, Turkey and Germany contemplate the pursuit of nuclear weapons, it's time for the U.S. and Russia to shore up the credibility of the regime they built. Other sections of Russia's document offer additional glimpses into Moscow's perceived threats, although not all find ready analogs in U.S. declaratory policy. Many relate instead to the possibility that an adversary will carry out a conventional attack on Russia. Sections 12 and 14, for instance, reference the risks posed by adversary deployments of medium- and shorter-range cruise and ballistic missiles, non-nuclear high-precision and hypersonic weapons, strike unmanned aerial vehicles, and directed-energy weapons. They also mention the deployment of missile defense systems in space; military buildups by would-be adversaries of general-purpose force groupings that possess nuclear weapons delivery means in territories neighboring Russia; and the placement of nuclear weapons on the territories of non-nuclear weapons states, among others. There is little here that would surprise most Russia-watchers, but if the U.S. is serious about pursuing “next generation” arms control, it is useful to have a list of potential topics for discussion that go beyond ballistic missile defense. This list might also prove helpful in negotiating asymmetric treaties or in identifying confidence-building measures that cross domains. Overall, this short document does provide greater clarity with respect to Russia's deterrence strategy, but it is ambiguous on many points as well. Olga Oliker, the International Crisis Group's program director for Europe and Central Asia, noted, for instance, it does not settle the debate over whether Russia has an “escalate-to-deescalate” policy, and it is (unsurprisingly) vague about the precise circumstances under which Russia would consider using nuclear weapons. Still, despite leaving some questions unanswered, the document offers a valuable window into Russia's strengths and vulnerabilities as they appear from Moscow. While likely not the intended signal this document was meant to send, it nevertheless points to possible opportunities for engagement when other good alternatives are hard to see. https://www.defensenews.com/opinion/commentary/2020/06/08/russias-new-nuclear-policy-could-be-a-path-to-arms-control-treaties/

  • China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

    23 novembre 2024 | International, C4ISR, Sécurité

    China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

    TAG-112 hacks Tibetan websites, using fake TLS certificates to deliver Cobalt Strike malware payloads.

Toutes les nouvelles