Advertisement

Blog

How Many Vulnerable Points Can the Smart Grid Have?

The answer to the question in the headline, it turns out, is many. So many, in fact, that the consensus is to just give up. Your system is vulnerable. Someone, somewhere, can get into your system as you're reading this, turn on your printer, turn on your camera, snap a picture of you, draw a funny picture on it, and then send it through your printer as you look on in confusion. This has, yes, actually happened to me.

There are so many vulnerabilities along the grid that trying to fix all the little holes could drive software engineers crazy. So, to keep us all sane, let's focus on minimizing the damage instead of eliminating it altogether.

There are three points of entry for the smart grid:

  1. The consumer segment:
  2. This segment includes devices like your phone or tablet or computer.

  3. The concentrator segment:
  4. This segment includes your router or a wireless gateway. This segment manages maybe a dozen or so consumer devices.

  5. The backend:
  6. This segment includes a few servers that manage thousands of concentrators. When the backend goes down, whole regions can go dark.

Of course, while the most important point along the grid is the backend, the most vulnerable point is the consumer segment. It's the most vulnerable because security hinders a user's ability to enjoy his product, so we as consumers often ignore security. But really, if a hacker gets access to your phone, you're the only one affected. So instead of spending millions of dollars and hours trying to save us from ourselves, doesn't it make more sense to focus on the backend, where, if a hacker gets access, thousands of systems could be affected?

{complink 2134|Freescale Semiconductor Inc.} agrees, and its QoriQ T4240 with Layerscape addresses these issues with Trust 1.1 and 2.0. Freescale defines a secure product as something that satisfies four requirements:

  1. It has an irreversible configuration, which means that it has a secure boot and is tamper-resistant because the code has been hardwired into the silicon.
  2. It is uniquely identifiable with strong authorization requirements.
  3. There are runtime integrity checks.
  4. It has secure communication channels.

As a result, the right code will only work with the right security key. No security key means the product is effectively bricked. And with Freescale, if its product senses tampering, then the flash that stores all the authorization codes will be wiped so the codes cannot be stolen.

Considering that anywhere from 50 percent to 73 percent of passwords are used over and over again, credential stealing can become a serious problem. Freescale's solution eliminates the possibility of credential stealing by assuming the possibility of a security breach and minimizing the damage from the start.

Keep in mind that these security measures aren't for your phone or computer, but for enterprise-level servers that handle thousands of smaller systems, ensuring that the backend stays up so we can keep using our phones.

Security should be happening on the backend, and the people at the Freescale Technology Forum agreed. It was quite refreshing to sit in on a discussion that was willing to address the fact that you cannot secure the grid from the consumer segment, even if it is the most vulnerable.

8 comments on “How Many Vulnerable Points Can the Smart Grid Have?

  1. Cryptoman
    July 2, 2012

    As impressive as Freescale's solution may sound (and that is not eh only one of its kind), the fact that attack techniques progress in parallel to the protection mechanisms remains and that is what makes security a difficult problem to solve.

    The difficulty in designing effective security mechanisms is mainly because of the fact that a designer has to factor in all possible threats, which is a very difficult task. While a designer may put in a lot of effort say to tamper proofing a device, an attacker that sits on the opposite side of the planet may develop methods to perform a remote attack that can be successful whilst maintaining his anonimity as well!

    Tamper proofing is a brilliant marketing tool because most of us think about security in terms of tangible concepts such as a big safe with a huge lock on it or a door with 10 locks. As long as one provides a 'sense of security' to an average customer, a sale is almost guaranteed. The customer usually sleeps comfortably until something goes wrong.

    An attacker never challenges a system via its strongest point. A successful attacker is the one who is able to identify the weakest point in the system where he performs the attack. The key question is 'Has the designer accounted for all possible threats?'

    I must also add that a security system designer's job is much more difficult compared to an attacker. This is because a designer has to ensure that the system is protected against ALL attacks. However, an attacker has to find only ONE weakness to exploit and only needs to crack the system ONCE to be successful.

     

  2. Michell Prunty
    July 2, 2012

    @Cryptoman

    Absolutely – which is why its better to stop worrying about stopping all threats (because that's impossible) and instead worry about minimizing the damage. 

    Credential stealing is one place that designers can look to in order to minimize the data theft, but every single person using the system is a vulnerability so it's a tough order. 

  3. Barbara Jorgensen
    July 2, 2012

    I've always been leery about the consumer market and smart technology. “Smart” seems to add a layer of uncertainty that hardwired plain-old-systems don't have to face (yet.) I also agree that focusing on the infrastructure is where the attention should be. Although getting into the grid is possible through the consumer interface, breaking into the infrastructure can wreak so much more havoc. This week's experience with power failures and record high heat should remind us how dependent we are on energy and that a prolonged outage costs lives. If your e-mail goes down, it's an inconvenience. If you lose power…it's another story.

  4. Daniel
    July 4, 2012

    Credential stealing is so common in most of the sector, irrespective of it's a software or hardware. So far no tamper proof solutions are available, but there should be some mechanisms to minimize the user's bad experiences. Now a day's real-time token generation is also not safer because of many reasons.

  5. mfbertozzi
    July 4, 2012

    That's right, but going further I was thinking implication due to biometric smart for bypassing vulnerability at current stage; it seems real applications are still not widespread, imo benefits could be a lot.

  6. syedzunair
    July 4, 2012

    Michelle, it seems difficult to prevent credential theft because every user is exposed to threats ona regular basis. A mechanism that would help to reduce the theft impact could be to go for an additional layer of security when performing transactions. 

  7. Michell Prunty
    July 5, 2012

    @ syedzunair 

    Vulnerabilities from a consumer's end are only a part of the problem.  We can add as many layers of security as we want on the consumer end, and that will never solve the problem.  It will just waste money and anger the customers.  The bigger threat, which Freescale's solution is directed towards, in on the server end. 

    Credential stealing on that end can be as simple as someone accidentally downloading a behind-the-curtain keylogger to get as many passwords as possible.  Those passwords can then be used to open up other secure networks.  (or steal Sony PS3 passwords… or linkedin passwords… or government passwords?)

    IMO, security should be focused on those types of security breaches that can bring down regional communication or power supplies.  Those security breaches don't come from the random transactions we make on our cell phones. 

    Minimizing damage doesn't mean stopping the intrusion – it means minimizing how much theft can occur once the hacker is inside, and that's what Freescale's solution does. 

  8. syedzunair
    July 12, 2012

    Michell, 

    Server end security is more sophisticated and requires much more work than user end security. It is important to protect that part of the cycle because all the information may be accessed if a server has been hacked into. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.