Smart Grid Cyber Security Research

Award #: N/A
Amount Awarded: $250,000
Sponsoring Organization:Lockheed Martin
Grant Period: 2010-2010
Primary Investigator(s): Patrick McDaniel

Abstract

This project continues the smart meter security analysis that began in November 2008 with Lockheed Martin. While results from the previous year included mainly attack vectors for theft of energy service, a major concern for electric utilities, this year’s efforts have been focused on discovering larger scale attacks against the integrity of meter networks, and designing appropriate mitigations. Among the attacks discovered, there is a simple method for cutting communication between utilities and smart meters that can be executed by an attacker with almost no working knowledge of smart meters. This attack is applicable to one of the most widely deployed smart meter brands in the industry.

The secondary goal of this project is the design of practical methods for hardening smart meters against large-scale attacks. Of main consideration is the application of software diversity techniques to smart meter firmware. The aim of diversity techniques is to modify the internal structure of a piece of code such that if an attacker attempts to exploit one meter using an attack discovered in another, the exploit will fail due to the unpredictable internal structure of each meter's firmware. One nice feature of these techniques is that they may be implemented using static binary rewriting, which requires little or no developer or compiler intervention. Both the attacks and mitigations described here have been published at conferences in the academic security community.

Related Research Projects

Smart Grid Security

Related Publications

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, and Patrick McDaniel. Multi-vendor Penetration Testing in the Advanced Metering Inf rastructure. 26th Annual Computer Security Applications Conference (ACSAC 2010), Austin, TX, USA. December, 2010.

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, and Patrick McDaniel. Embedded Firmware Diversity for Smart Electric Meters. 5th USENIX Workshop on Hot Topics in Security (HotSec 2010), Washington, DC. A ugust, 2010.

Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. Energy Theft in the Advanced Metering Infrastructure. 4th International Workshop on Critical Information Infrastructure Security (CRITIS 2009), Bonn, Germany. September, 2009.

Patrick McDaniel and Stephen McLaughlin. Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine, 7(3):75--77, May/June, 2009.