security implications associated with mass notification
TRANSCRIPT
Security Implications Associated with Mass Notification Systems
Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems; networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.1
Cover Cyber risk challenges Components of security strategy MNS Security concerns Mechanisms that may be deployed to mitigate the risks to an MNS system. UL 2572 security measures Example : Electrical Grid recent cybersecurity history
Overview
1 National Infrastructure Protection Plan 2
Cyber Risk Challenges
2013 Target’s Hack – HVAC Service company’s authorized network access
3
Cyber Risk Challenges
At Blackhat USA 2013, several presentations were made of hacking into an automated home. Hacking Z-Wave Home Automation Systems - Behrang Fouladi and Sahand Ghanoun
4
Cyber Risk Challenges
Feb 2013, the emergency alert system at KRTV-TV in Great Falls, Montana was hacked during the "The Steve Wilkos Show" to send out a message that “zombies were getting up and residents should not try and apprehend them" in several counties.
5
Why Security?
Why did we put brakes in a car?
Primary impulse answer: TO STOP
Another answer: TO GO FASTER
Cybersecurity measures are like brakes, they can advance the use of products in a safe and secure manner.
The boundary of one thing is the beginning of another – Leonardo DaVinci
6
Threats, Vulnerabilities and Risks
Threat
Vulnerability Opportunity
Risk
A threat is any action whether intended or not, to infiltrate the
workings of a system
A general understanding of who might attack what assets
Nation-States
Professional – Usually performing theft, espionage or malicious activity
Hobbyist – Hack into products and systems without the intent to perform criminal or malicious activity outside of the hacking act itself.
Malware – automated attack software.
Employees
A defined flaw in security measures whether by design or how the
product or service is implemented that can be exploited.
Unpatched published vulnerabilities
Remote control protocols
Web services
Buffer overflows
Weak or improper Authentication mechanisms
Improper Authorization (access control)
Credential control
Messaging manipulation and injection
SQL injection into data historians
The asset to be appropriated
Control center control
Device control
Access to private/personal data
7
Components of a Security Strategy
Identify the security objectives of an MNS system Availability – disruption of access to information from an MNS Integrity – unauthorized modification of information from an MNS Confidentiality – unauthorized disclosure of information from an MNS
Defense in depth
8
MNS Security Concerns
9
Communication
s Protocol
Design
Vulnerabilities
in products
Implementation
Vulnerabilities
in use of
products
Secure
Communications
External
Infrastructure
Attacks
Internal
Infrastructure
Attacks
Availability and
Integrity
Mass Notification Security Concerns Communication
s Protocol Common Design Vulnerabilities
• Sensors/actuators have no inherent security.
• Control panels have limited untested security.
• Remote accessibility to control panels and server software.
• Non-secure firmware updates. • Open ports on devices and
services. • Tamper detection and/or
resistance is minimal • Web services • Poor coding practices
• Disable unused physical and logical ports.
• Fuzz testing on all ports. • All ports should require
authentication. • Test factory defaults while in
operation. • No “hard coded” passwords. • Firmware upgrades must be
secure - Digital signatures. • Include tamper detection
technologies. • Enforce secure coding practices. • Perform an independent security
source code audit. • Obfuscation
Common Counter Measures
10
Mass Notification Security Concerns Communication
s Protocol Implementation Vulnerabilities
• Limited patching and testing of new patches
• Use of default passwords • Incorrect configuration use • Networks are now “connected”
to the outside world
• Patch management • Secure workstations, servers
with known IT practices and policies
• Whitelisting and blacklisting • Auditing trails with alerts • Network penetration testing • Review of audit logs, security
policies • Independent vulnerability and
cyber-security assessments • Intrusion detection and
prevention reviews
Common Counter Measures
11
Mass Notification Security Concerns Communication
s Protocol Communications
Communication lines allow for • Line Sniffing(Eavesdropping) • Man in the middle injection • Denial of Service • Spoofing/Masquerading • Record and replay
Credentials that are not secured
• Cryptography and Credential security
• Test and implement against known standards – FIPS 140
• Secure Authentication/Non Repudiation
• Data filtering and discarding
Common Counter Measures
12
UL 2572 Data Security Measures 1. Security and Data Protection
Evidence of a certificate of compliance - Security functions shall be one or more of the following: Symmetric key encryption functions. Asymmetric key signature functions. Message Authentication functions. Hashing functions.
2. Communication Security Communication Security Level 1 - Independent Dedicated Network. Communication Security Level 2 - Non-Dedicated Private Network. Communication Security Level 3 - Non-Dedicated Public Network.
3. Stored Data Security Passwords. DRMNS contact data. System configuration data. Audit logs and reports. ECS/MNS messages. The stored data shall be protected by minimum security functions
4. Access Control Security Password/PIN with a minimum of 1000 combinations. Password/PIN minimum length of 8 characters, each of at least 10 options. Password/PIN minimum length of 12 characters, each of at least 10 options, or equivalent means (such as 2 factor authentication). The security means shall have a time out feature ("auto-log-out") The system shall disable a user account after a maximum of 5 unsuccessful consecutive login attempts.
13
Password Example
Passwords are stored: Username KEN Password PASSWORD
• Plaintext PASSWORD
• Hash form PASSWORD A3eeF%4zz5JJd
• Salted hashes PASSWORD + <unique> bbGtee$5%FgLopp
• Encrypted PASSWORD sf$%^&aQ
Passwords are attacked via:
• Brute force guessing – dependent on the system responding with a yes or no
• Password cracking – offline processing of a hash (approx hundreds of millions password guesses a second)
• Precomputed hash attack – rainbow and lookup tables of all possible hashes are searched
• Pass the hash – gain access to the hash or alter the hash
MD5, SHA1 – SHA 512 : good hash algorithm for integrity in a short time, but can be easily identify all hashes possible
MD5
MD5
AES
14
Common Attack Pattern Enumeration and Classification http://capec.mitre.org/
15
Description:
• Develop system-level security requirements for smart grid technology
Approach:
• Architectural team produce material
• Usability Analysis team assess effectiveness
• NIST, UtiliSec review, approve
Deliverables:
• Strategy & Guiding Principles white paper
• Security Profile Blueprint
• 6 Security Profiles – AMI Security Profile
• Usability Analysis
Example – Smart Grid Advanced Security Acceleration Project - SG
Schedule: June 2009 – June 2012
Budget: $3M/year
($1.5M Utilities + $1.5M DOE)
Performers: Utilities, EnerNex, Inguardians, SEI, ORNL
Partners: DOE, EPRI
Release Path: NIST, UCAIug
16
THANK YOU.
Ken Modeste Security and Global Communications Underwriters Laboratories Inc. [email protected]