160 likes | 171 Views
This presentation discusses the threats to electricity transmission, both externally and internally. It covers understanding threats and risks, current state threat analysis, and future state threat analysis.
E N D
Electricity Transmission Threat Analysis Raminder Ruprai, Security Consultant and Research Manager Confidential
Introduction • Earlier we discussed the technicalities of Electricity Transmission but did not touch on security risks. • In this presentation I will focus on the Threats to Electricity Transmission both externally and internally. • Here we will cover the following areas: • Understanding threats and risks • Inputs and Scope • Current State Threat Analysis • Future State Threat Analysis.
Understanding Threats and Risks • To better understand Threats, it is important to understand how they fit into the complete Risk story. • For specific targets, external Threat Sources have a certain Capability and Motivation to attack that target. • They may attack the target directly or by influencing an internal Threat Actor changing their Capability or Motivation to attack the target. • Some internal Threat Actors make attack the target without being influenced by a Threat Source. • The actor using certain Compromise Methods that the specific target is vulnerable to, produces the risk or Risk Level. Threat Source Threat Actor Compromise Method + + = Risk Level Threat Level Impact Level
Inputs to the Threat Analyses • To date National Grid has completed a significant amount of work to produce threat analyses for Electricity Transmission. • We have utilised numerous feeds and inputs to producing the threat analyses including: • UK Government Energy Industry Threat Assessments • UK Energy CISOs round table threat & risk discussion • US Energy CISOs round table threat & risk discussion • UK Smart Metering Threat Assessments • NG DR&S leads future threats brainstorming sessions • Internal Threats and Risks databases.
Scope of the Threat Analyses • At a high level we have been looking at the threat landscape in two different states. • The Current State encompasses our business of Electricity Transmission as we see it now. In this state we are able to do a more thorough analysis including: • Business Impact Assessment • Compromise Methods/Vulnerability analysis • Detailed Risk Assessment. • The Future State analysis looks at our ‘best-guess’ of how the threat landscape will change. It is more difficult to do a thorough analysis as in the Current State so instead we look at the Future state through different views.
Current State – Threat Assessment Using the UK Government’s Risk Assessment methodology, Capability and Motivation of a threat source range from 1 (Lowest) to 5 (Highest) Capability x Motivation = Threat Level Range: Negligible, Low. Moderate, Substantial, Severe, Critical 8
Future State – Process In the Future State, performing detailed and accurate assessments (e.g. BIA, Vulnerability analysis, Risk analysis) is more difficult. Instead, we looked at the threat landscape through 4 different views or lenses. Threat Sources/Actors & Motives: How the Motivation of current Threat Sources will change and if there are any new Threat Sources on the horizon? Means: Can we envisage new/changing methods & tools of attack which change the Threat Source’s Capability? Opportunity: Rather than looking at general/specific vulnerabilities to our systems, how will the electricity transmission attack surface change in the future? Response: What security controls will we need in the Future State and are current control fit-for-purpose? Threat Sources/ Actors & Motives Means Opportunity Response
Future State – Threat Sources/Actors & Motives Foreign Intel/ State Sponsored Groups are considered more motivated as smaller nation states with the motivation to attack CNI in the UK now having more capability and so elevated to this group. Activists are considered more motivated due to high energy prices, the need to build new power stations and ‘Nimby’ activists. Security Researchers are a new Threat Source in this area due to SCADA connectivity to the internet and ‘Smart’ Devices in the field. Inappropriate Regulation is a new Threat Source in this area due to the NERC-CIP style regulation being considered in Europe. 11
Future State – Means Advanced Malware: Since the arrival of bespoke malware (Stuxnet, Flame) we expect this to be more prevalent. Commodity Cyber Weapons: Security Researchers may see ‘black’ attacks as being not unethical. Attack tools may then be built which are publically available for other actors to use. Technical backdoors in IT equipment & Software: SCADA equipment is becoming more connected with the internet and automated ‘Smart’ Devices. More COTS equipment may be used for critical purposes/systems with backdoors included. 12
Future State – Opportunity Data Links with Generators: Introduction of ‘Command & Control’ links within contractual boundaries increasing the functionality of the grid but also increasing the risk. Combination of IT & OT: OT increasingly relying on embedded IT and IP connectivity to function, increasing the cyber vulnerabilities. Also, maintenance engineers may not have the necessary skills and awareness to deal with the new generation of OT. Complex EMS with links to Corporate Network: As EMS systems become more automated they may become more reliant on info feeds from the corporate network. So increasing the attack surface of the CNI systems. Smart Meters & Grid Devices: Rollout of Smart Meters and Distribution Grid Devices with remote control functionality introduces new vulnerabilities to both the distribution and transmission grid infrastructure. 13
Future State – Threat Assessment • Putting the different lenses together we produced a Threat Assessment for the Future State. 14
Food for Thought: Response & Regulation Response Do we have effective controls to deal with the threats? Which controls are out-of-date or not fit for purpose? What controls will we need in the Future State? Are we fooling ourselves that the business is following our advice, guidance, policies and standards? Regulation Any organisation is motivated to protect itself against the security risks that have a potential impact on its business. However, the impact of a breach on a CNI operator can have an impact far beyond the organisation itself. The issue for governments and regulators is how best to ensure such risks to CNI and their operators are appropriately mitigated. In other words, how can CNI operators be incentivised to mitigate the risks that can have an impact beyond their organisation? 15
Thank you Any Questions?