Services

Overview Software Assurance SCADA and Smart Grid

• SCADA Security Assessments
• Smart Grid Assessments

PCI and Compliance Security Development Lifecycle Infrastructure Audit

SCADA and Smart Grid

IOActive Unveils Smart Grid Security Research

"We hope that by informing people that these serious vulnerabilities exist throughout the Smart Grid infrastructure it will prompt vendors to mitigate existing vulnerabilities and increase security in future products."
—Mike Davis, Senior Security Consultant

Read Mike Davis' Black Hat USA 2009 presentation, where he discusses vulnerabilities found in the Smart Grid infrastructure.

After extensive research, IOActive discovered that many Smart Meters are vulnerable to a worm attack, where malicious code could quickly propagate throughout a neighborhood, ultimately causing power disconnections and calibration modifications rendering the meters inoperable. So, what would a worm attack look like? Check out these worm attack simulations and find out yourself!

• Worm Attack Simulation video #1.  This video is a simulation of a 22,000 node smart-meter worm propagation using GPS points gathered from geo-coded home addresses that were purchased from a bulk mailing list. The simulation takes into consideration the radio range (.001 GPS degrees), RF drop-off over distance (signal strength), RF noise, and packet collisions (to quarter second resolution). This video was first shown during Mike Davis' Black Hat 2009 presentation.
• Worm Attack Simulation video #2.  This video is a simulation of a 22,000 node smart-meter worm propagation using GPS points gathered from geo-coded home addresses that were purchased from a bulk mailing list. The simulation takes into consideration the radio range (.002 GPS degrees), RF drop-off over distance (signal strength), RF noise, and packet collisions (to quarter second resolution). The simulation period is 24 hours.
• Worm Attack Simulation video #3.  This video is a simulation of a 22,000 node smart-meter worm propagation using GPS points gathered from geo-coded home addresses that were purchased from a bulk mailing list. The simulation takes into consideration the radio range (.001 GPS degrees), RF drop-off over distance (signal strength), RF noise, and packet collisions (to quarter second resolution). This simulation takes into account the required protocol exchanges using a scripted state machine. The simulation period is 24 hours and the simulation run includes a very large payload (many packets required to transfer).

PREVIOUSLY RECORDED WEBCAST

If you missed Mike Davis' presentation at Black Hat USA, you can watch his Smart Grid Device Security webcast at BrightTALK. The presentation:

• Discusses vulnerabilities found in the Smart Grid infrastructure.
• Simulates a possible worm attack.
• Recommends strategies to better secure the Smart Grid infrastructure.

IOACTIVE IN THE NEWS

Articles and press releases discussing IOActive's activity around the Smart Grid.

• Mike Davis to Unveil Smart Grid Research at Black Hat USA
• IOActive Verifies Critical Flaws in Next-generation Energy Infrastructure
• Smart Meter Worm Could Spread Like a Virus
• Smart Grid Raises Security Concerns

FOR MORE INFORMATION

If you would like additional information or would like to speak to someone from IOActive about our Smart Grid security findings, please contact us HERE.