Introduction to Cyber-Warfare - Proiect SEMPER FIDELIS

More documents

Recommendations

Info

DESTROYING A GENERATOR WITH A CYBER ATTACK: THE AURORA TEST215Point at which breaker opensVoltageGeneratorGridTolerance time intervalPoint at which breaker closesTimeFIGURE 12.2 Notional graph displaying voltage as a function of time for a generator and the power grid based onthe results of Wei et al. Note that the generator and grid must be matched with respect to frequency, voltage, andphase rotation. The opening of the breaker—followed by a closing—moves the generator out of sync with the powergrid. However, this occurs within a certain permissible time tolerance (designed to prevent premature separation ofthe generator from the grid). Repeated opening and closing of the breaker result in severe stress on the shaft of therotator in the generator—drastically shortening its lifespan.iterations, the cumulative stress on the shaft leads to failure. In the Aurora Test, after 13 iterations,the generator began to vibrate abnormally. After 22 iterations, smoke emerged 9 .Implementing an Aurora-Style AttackThe Idaho National Labs test is revealing, but may lead to wonder if an attack of this type ispossible in the real world. While it is true that the test—particularly the demonstration videoreleased to the Associated Press—did not include certain security measures relatively commonto this type of generator (i.e., vibration monitoring limit switches, over-speed limitation on thediesel engine, synchronization check on the tie breaker were all disabled during the test andsynchronization check on the protective relay was disabled during the video demonstration). 10However, with knowledge of the computer network and power generator, the attack is still possible.Mark Zeller, an engineer with Schweitzer Engineering Laboratories described severalstrategies an attacker would consider at the IEEE Conference for Protective Relay Engineers 11 :1. Physical attack: The adversary manually sabotages the power generator by opening andclosing the breaker. Although such a method would be less than sophisticated if repeatedand/or done at random intervals, it could result in serious harm to the machine.
216 12. CYBER ATTACKS AGAINST POWER GRID INFRASTRUCTURE2. Compromising the communication channel: In this scenario, the attacker is able to sendcommands through whichever medium is used to communicate with the breaker.The breaker receives commands to open and close as per the attacker’s instructions.3. Direct hack into the protection relay: The hacker connects directly to a port on the protectionrelay, thus bypassing any network security measures that would prevent him fromcompromising the communications channel. The protection algorithm which ensures thatthe voltage, frequency, and phase rotation parameters match before connecting thegenerator to the grid could be outright eliminated in this scenario. The attacker could alsocontrol the breaker using the same method.4. Embedded program in the protection relay: In what appears to be the most advanced type ofattacks, the hacker uploads new software or firmware into the relay (note that here theattacker would also likely have to leverage attack strategy 2 or 3 above). By directlyembedding code in the logic or operating system of the relay, the intruder can directlymanipulate time or power levels—possibly in coordination with other attacks. If the hackeris successful in planting such a program, bypassing most security measures is easy,providing the opportunity to render false reports (violating nonrepudiation) stating thatthe relay is functioning normally.In addition to the above four attack schemes, several other factors should be consideredwhen planning countermeasures for an Aurora-style attack. For instance, some generatorsmay include a “synchronization check” that only allows breakers to be opened or closed whenthe voltage and frequency of the generator and grid match. In the Aurora Test, this featurewas disabled on the generator. 12 However, there are also some breakers that are not directlyattached to the generator. If an Aurora-style attack is initiated on a breaker at a tie-in pointseparately from the generator, the synchronization check would not take place 13 (provided,of course, that there is no synchronization check on the tie-in breaker).Salmon et al. review the security measures that an attacker must overcome in order to conductan Aurora-style attack. 14 They identify three categories of such obstacles to the attacker,all of which address the cyber security of the system. In regard to general cyber security, theattacker must have an understanding of the computer network on which the generatoroperates and has to overcome normal cyber issues such as authentication, encrypted communications,etc. Protecting the breakers of power generators is crucial (as is evident from theAurora Test) as an aggressor might attempt to disrupt the synchronization of the power generatorand the grid—either by opening and closing the relay or by accessing the protectivedispatch. If the breaker is to be opened and closed, the intruder must be able to manipulatethe device in such a way as to avoid the protective relay to disconnect the power generator(either by precise timing or by sabotaging the protective relay). Finally, the attacker must haveaccurate knowledge of the target system. For instance, if manipulating the breaker in order tocause system failure, the assailant needs to be aware of the fact that the breaker must be capableof multiple recloses and/or sequences of open/close events before actual damage isimplemented.Preventing an Aurora-Style Attack. Several methods to prevent an Aurora-style attack havebeen proposed. 15 Here, we discuss a few such measures that can be taken:• Time Delay on Breaker Closing: This technique enforces an extra time interval before thebreaker is closed. The idea is to eliminate the time window an attacker has for conducting
Page 2 and 3:
INTRODUCTION TOCYBER-WARFARE
Page 4 and 5:
INTRODUCTIONTO CYBER-WARFAREA Multi
Page 6 and 7:
ContentsPreface ixForeword xiIntrod
Page 8 and 9:
CONTENTSviiHow Real-World Dependenc
Page 10 and 11:
PrefaceSince Stuxnet emerged in 201
Page 12 and 13:
ForewordThe concept of cyber warfar
Page 14 and 15:
IntroductionIt is 2006. An American
Page 16 and 17:
INTRODUCTIONxvinfamous hacking grou
Page 18 and 19:
BiographyPaulo Shakarian, Ph.D. is
Page 20 and 21:
C H A P T E R1Cyber Warfare: Here a
Page 22 and 23:
IS CYBER WAR A CREDIBLE THREAT?3sec
Page 24 and 25:
ATTRIBUTION, DECEPTION, AND INTELLI
Page 26 and 27:
INFORMATION ASSURANCE74. Time: Temp
Page 28 and 29:
P A R T ICYBER ATTACKInformation ha
Page 30 and 31:
C H A P T E R2Political Cyber Attac
Page 32 and 33:
RUDIMENTARY BUT EFFECTIVE: DENIAL O
Page 34 and 35:
THE DIFFICULTY OF ASSIGNING BLAME:
Page 36 and 37:
ESTONIA IS HIT BY CYBER ATTACKS17FI
Page 38:
ESTONIA IS HIT BY CYBER ATTACKS19Th
Page 41 and 42:
22 2. POLITICAL CYBER ATTACK COMES
Page 43 and 44:
24 3. HOW CYBER ATTACKS AUGMENTED R
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
34 4. CYBER AND INFORMATION OPERATI
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
44 5. CYBER ATTACK AGAINST INTERNAL
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
68 6. CYBER ATTACKS BY NONSTATE HAC
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
100 6. CYBER ATTACKS BY NONSTATE HA
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Intentionally left as blank
Page 133 and 134:
114 7. WHY CYBER ESPIONAGE IS A KEY
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
160 8. DUQU, FLAME, GAUSS, THE NEXT
Page 181 and 182:
162 8. DUQU, FLAME, GAUSS, THE NEXT
Page 183 and 184: 164 8. DUQU, FLAME, GAUSS, THE NEXT
Page 191 and 192: 172 9. LOSING TRUST IN YOUR FRIENDS
Page 203 and 204: Intentionally left as blank
Page 205 and 206: 186 10. INFORMATION THEFT ON THE TA
Page 219 and 220: 200 11. CYBER WARFARE AGAINST INDUS
Page 229 and 230: 210 12. CYBER ATTACKS AGAINST POWER
Page 233: 214 12. CYBER ATTACKS AGAINST POWER
Page 243 and 244: 224 13. ATTACKING IRANIAN NUCLEAR F
Page 261 and 262: 242 CONCLUSION AND THE FUTURE OF CY
Page 265 and 266: 246 APPENDIX I. CHAPTER 6: LULZSEC
Page 277 and 278: 258 APPENDIX II. CHAPTER 6: ANONYMO
Page 285 and 286:
266 APPENDIX II. CHAPTER 6: ANONYMO
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
308 GLOSSARYDDoS distributed denial
Page 329 and 330:
310 GLOSSARYNIST National Institute
Page 331 and 332:
Page 333 and 334:
314 INDEXCyber exploitation (Contin
Page 335 and 336:
316 INDEXNATO (Continued)high-level
Page 337:
318 INDEXTechnical intelligence (TE
show all

Introduction to Cyber-Warfare - Proiect SEMPER FIDELIS

Create successful ePaper yourself

Delete template?

Save as template?