When three unrelated computer glitches occur on the same day, everyone’s thoughts immediately turn to hackers — and that’s the first question United Airlines, the New York Stock Exchange, and The Wall Street Journal addressed in their press conferences on July 8. While the events were not related to the grid, the worry about hackers echoes the growing concerns about the security and resiliency of the country’s electrical grid.
The Smart Power Infrastructure Demonstration Energy Reliability and Security (SPIDERS) project has attempted to address those concerns by building microgrids on three U.S. military bases. Operating during the failure of the electrical grid, the SPIDERS microgrids transparently switch to generation sources and power the mission critical portions of a military base.
An important component — and requirement — of those microgrids is cybersecurity. Because the microgrids are on military bases, the networks connecting the SCADA controls and the Industrial Control Systems (ICS) had to meet stringent Department of Defense (DOD) security (hardening) requirements: unused services had to be disabled, unneeded ports had to be closed, and known vulnerabilities in systems, applications, and switches, routers, and firewalls had to be addressed.
Besides the standard DOD requirements, the SPIDERS networks incorporated additional security measures: the use of IPv6 addressing, encryption of data in transit, and whitelisting devices and services. IPv6 addresses were assigned to all network-connected human-machine interface (HMI) workstations and ICS, and dynamic addressing and neighbor discovery options were disabled.
These configurations reduced the chance that anyone connecting to the network would be assigned an address. Running whitelists on the network also reduced the possibility that anyone connecting to the network would be able to communicate with the HMIs, ICS or network devices. The ICS and workstations use encrypted communication, which prevents anyone running wireshark, tcpdump or other sniffing tools on the network from reading or disrupting the control system traffic or commands.
The SPIDERS networks were also segregated from the base networks either by being air-gapped or by connecting through firewalls and intrusion protection or detection devices. This segregation further improved the security of the microgrid while still allowing on-demand maintenance access.
All of these measures are good IT practices, but they either are not always employed in concert or applied rigorously by the industry.
Red Team Tests
After each microgrid was functional, a Red Team was invited to test the security of the network. As part of the test, the teams were given a connection to the network. They tried to disrupt communication between the ICS, read data from the network and gain access to the devices on the network. While they were able to see traffic on the network, they were not able to decrypt it. They were able to flood the network with traffic, but none of the systems crashed and when the denial-of-service attack stopped, the systems were still functioning.
What This Means for the Industry
For the energy industry, it confirms the IT best practices we have all been instructed to use: tighten the security of the equipment, tighten the security and perimeter of the networks, and segregate networks. On July 16, Burns & McDonnell and the U.S. Pacific Command will discuss cybersecurity on the SPIDERS project and how it addresses the current ICS and SCADA vulnerabilities. This webinar is hosted by The Infrastructure Security Partnership Council of the Society for American Military Engineers, and registration is open until July 14 — check it out here.
Fred Terry currently serve as the Cybersecurity and Systems Integration manager at Burns & McDonnell, where he specialize in the integration of systems and the defense of computing, industrial controls and SCADA systems and federal cybersecurity networks.