As a high-growth, increasingly connected industry, the energy, gas and water utilities market face the problem of growing vulnerability to cyber-attacks. Because of the critical role of water and power infrastructure in our society, in addition to their increasing reliance on connected systems, they are an especially appealing target for multiple attack vectors, such as insider, outsider and supply chain attackers. The attackers have diverse reasons for the attack that vary from state level attacks to financial and theft motivations. The possibilities for destruction are vast – from gaining access to a wastewater plant and changing settings that could cause contaminated water, to shutting down power for entire cities. In a 2018 report from KPMG CEO found that “almost half of power and utility CEOs think a cyber-attack on their company is inevitable,” and that “for utility executives, cybersecurity continues to be a top concern as grid modernization potentially opens up the power sector to more vulnerabilities.”
We’ve already seen examples of the danger that cyber-attacks can present in a utilities setting. In 2018, it was announced that the U.S. electric grid, among many other critical infrastructure organizations, had been targeted and attacked by Russian government hackers going back as far as 2016. Hackers intentionally gained access to power plant and other networks, and set up admin accounts with permission to make changes to the system and used these accounts to install malware in the network. In 2016, Syrian-linked hackers attacked an American water district’s industrial control system (ICS) and “managed to manipulate the system to alter the number of chemicals that went into the water supply”. And as recently as February 2019, a small Colorado water utility was hit by ransomware, causing them to switch IT service providers and alert the FBI. While many attackers are intentionally choosing small, local utilities without the IT resources and budget of larger providers, there is still risk for providers of every size across the industry — a 2015 cyber-attack in Ukraine caused power outages for close to a quarter million people. These two are just examples of the dozens of other threats, both in the U.S. and globally.
There is also the issue of smart meters and appliances that are serviced by electrical companies being exposed to attack. With their fine-grained data, smart meters and appliances also have the potential to compromise the privacy of end-users; for example, they could divulge information about users’ habits, their activity at home, whether or not they’re on vacation, or other important information that could be used in a multi-layer attack. What’s more, should even one smart meter become compromised through a focused attack or reverse engineering, attackers could potentially access the entire Advanced Metering Infrastructure, allowing them to carry out a macro-level attack of unprecedented scale.
The vulnerability of smart meters highlights a need for device level protection that protects even the most vulnerable edge devices, rather than a network based or OTA approach to security. It is crucial that connected utility devices such as ICS, controllers, smart meters, sensors, etc., be hacker-proofed throughout their entire life-cycle; starting from the production line, through the supply chain to field operation and remote SW updates, until end-of-life. Resilience should be maintained throughout multiple attack vectors: remote and local, outsider and insider, as well as the supply chain.
And although many of the bad actors that are targeting this market are external, there is a very likely and large threat coming from the inside in many cases, i.e. internal liaisons that either assist external groups in receiving access or conduct nefarious activity on their own. Threats can materialize during manufacturing and within the supply chain of devices such as smart meters and controllers, with the most tangible threat coming from a bribed workforce in the manufacturing and supply chain that loads malicious firmware into a batch of devices, such as smart meters, sensors and controllers.
Security must be built into a connected device’s hardware, when it is developed and manufactured on the factory floor and extended throughout its lifecycle, so the ability for an insider or an external group to gain access would be challenged.
NanoLock Security has taken a security by design approach with its cloud-to-flash security protection, monitoring and management solution, specifically developed for connected devices and IoT applications. This approach is creating a hardware root-of-trust in the flash memory that blocks all unauthorized code modifications, while moving the control from the vulnerable device to a trusted entity in the utility data center. Since typical attacks manipulate the flash memory of the connected device to create persistency that survives reset, the HW root-of-trust protects the device’s firmware and critical code such as calibration, loggers, and boot — thus preventing malicious manipulation.
A secure channel is created all the way from cloud to the flash, making it impossible for attackers to alter the firmware with any malicious code. Only trusted and validated commands and updates, coming from the utility data center, can modify the flash. Reliable alerts and status reporting, coming from the HW root-of-trust enable a trustworthy outlook, management, and control of the water utilities’ smart meters, controllers, sensors and ICSs.
Unlike common IoT security management that relies on software updates or firmware fixes to solve security issues after they’ve happened, NanoLock’s cloud-to-flash approach offers a way to protect a device’s CPU, blocking attacks and preventing breaches altogether, before they cause irreparable harm.
Requiring zero computing resources, no memory constraints and remaining agnostic to the processor and the operating system, the cloud-to-flash solution is ideally suited even for remote, power-sensitive devices such as smart meters, sensors and other IoT devices.
The cloud-to-flash embedded protection guarantees a lifetime defense — from manufacturing and supply chain, to operations and software updates, to end-of-life, regardless of if the attacker has a network or physical access or is an outside or inside threat.
The threats facing utilities and smart infrastructure will continue to expand as their networks do – it is important for decision-makers to consider new security approaches that offer a security by design that protects their infrastructure for years to come.