Then, you will learn how to utilize specific tools to perform network and application layer attacks against the selected smart device. With the explosion in popularity of social networking sites, it has never been easier to identify targets. . This information can again be useful in troubleshooting any issues or monitoring the status of your scan if the new progress bar is not behaving normally. Theoretically, this method would prevent anyone from tampering with the application, which should instill trust in the user. Without thorough Business Continuity Management, the utility companies will be hard pressed to withstand a coordinated and targeted cyber attack.
Just like in the Network Surveying module, for Wireshark to be effective, you must be on the same network as either the client logging into the target device or the target itself. Although utility companies could develop and manage their own products, numerous technology companies that provide these technologies already exist and present viable solutions. Utilizing smart grid devices that integrate with social networking sites will require additional maintenance and vigilance of end users in order to limit the risk associated with using these devices and services. The receiver will change colors depending on your usage; blue for low energy usage, purple for average energy usage, and red for very high energy usage. The same concepts that are discussed for 802.
Finally, this chapter will describe how to secure mobile devices, as well as mobile applications. Other devices do not support centralized management and must be configured manually. International Initiatives Australia Canada China Europe Why Do We Need to Secure the Smart Grid? Access to any of the devices storing this token could be obtained by physical or logical means and would lead to the same result. This book will take a look at the potential consequences of designing and implementing smart grid technologies without integrating security. To recap the incident, the Slammer worm was able to infect internal systems at the power plant.
Security management Critical business applications Computer installations Networks Systems development End user environment. By doing so, they will be able to understand their current threats as well as the type of probes attackers are using to find weaknesses in their infrastructure. Chapter 8: Securing the Utility Companies In this chapter, you will learn how to build or mature information security programs tailored for utility companies. However, some parts of the Physical Security Testing modules can still apply to attacking smart meters. So, virtual and logical segmentation will be the most likely scenarios. They can also be used to trap attackers by presenting them with false information that is also set to trigger alerts when accessed. Trust Security professionals are stereotypically paranoid.
In the case of smart meters, they will most likely be accessible to attackers through either wireless networks or home area networks. However, the security department must walk a fine line due to the trust placed by other parties in the company. Any node in a network should be considered a potential attack injection point. It discusses security initiatives and how they fall short of what is needed. Facebook provides a massive user base while also allowing for custom application development, while Twitter provides the perfect platform for micro updates.
Trust Trusting Strangers Would you trust a stranger with your online banking password? The basics of this type of exploit have been available for a long time. The mobile application sits between the standard application and the mobile client, and it handles communications between the mobile client and the standard application. Forensics Forensics is a difficult process on even nonmobile systems, but one thing that can help an investigation process is by keeping detailed logs. Likewise, Nmap was unable to identify the operating system running on the targeted device. Security is a lopsided battle in that defenders must protect against any potential attack vector; however, an attacker may only need to find one vulnerability to exploit.
If not, then a dedicated attacker may be able to play chopsticks with the lights in your office building or the houses in your neighborhood. Other smart consumer appliances, such as dishwashers and air conditioners, will also have similar network interfaces that allow consumers and utility companies to manage their energy consumption through either a smart meter or a thirdparty interface. After all, I was only following in my Dad's footsteps after he secured the dustbuster. A common request from third parties is to be white-listed on monitoring systems, which essentially allows any traffic from the third party be allowed to pass through the monitoring devices without being analyzed first. If a determined attacker has been unsuccessful in obtaining direct access to their target, they will attempt to use the third parties as alternate routes to get to their original target. Second, you will learn how compliance with such regulations does not equate to securing the smart grid. Although not the most conventional method, playing cards euchre and poker were the best with your collection of pennies, nickels, and dimes at the age of three made math classes enjoyable.
The goal of this module is just the same as the previous module, only with a different scope. This book reviews current and theoretical threats and attacks against today's smart grid and smart devices. Chapter 10: Mobile Applications and Devices In this chapter, the use of mobile applications and devices within the smart grid is analyzed. This book provides both a timely and relevant overview of the subject - a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!. Discussing both the smart grid's strengths and weaknesses will help you understand threats and attacks, and hopefully prevent insecure deployments of smart grid technologies. The initial goal of the attacker or assessment team will be to identify the wireless technology in use. On Windows systems, group policy can be set to automatically configure the device to implement the screen lock policy.
Additionally, a large number of cell phones now include Wi-Fi radios, so there is no assurance that cell phones will even be using the cellular networks to communicate with the mobile application server. Smart Grid versus Security Mapping Smart Grid Goals to Security Summary Endnotes Chapter 2 Threats and Impacts: Consumers Consumer Threats Naturally Occurring Threats Weather and Other Natural Disasters Individual and Organizational Threats Smart Thieves and Stalkers Hackers Terrorism Government Utility Companies Impacts on Consumers Privacy Impacts on Availability Personal Availability Mobility Emergency Services Financial Impacts Likelihood of Attack Summary Endnotes Chapter 3 Threats and Impacts: Utility Companies and Beyond Confidentiality Consumer Privacy Proprietary Information Integrity Service Fraud Sensor Data Manipulation Availability Consumer Targets Organizational Targets Vertical Targets Market Manipulation National Security Target Summary Endnotes Chapter 4 Federal Effort to Secure Smart Grids U. Thus, wiping the mobile device may only remove that copy of the sensitive information. The following sections discuss specific aspects of third-party applications such as Microsoft Hohm and Google PowerMeter. However, often vulnerability scanners do not include the capability to perform vulnerability identification and verification against Web applications. This chapter includes discussion of the tools used to attack smart meters, as well as provides resources for you to obtain and utilize the same tools. However, these third parties can also introduce new threats and attack vectors to smart grids.