Design Article
Architecting the smart grid for security
David Kleidermacher, CTO, Green Hills Software Inc.
4/19/2011 5:04 AM EDT
-
Much of the security community discussion about Stuxnet has been speculation about the attacker’s identity and motive as well as the unprecedented level of attack sophistication, which includes clever rootkit construction and the employment of no fewer than four zero-day Windows vulnerabilities. These vulnerabilities enabled Stuxnet to gain access to and download malware to the Siemens controller itself, implying that the attackers had intimate knowledge of its embedded software and hardware.
Stuxnet demonstrates the need for improved security skills within the embedded development community, but it also elucidates the requirement for a higher level of assurance in critical infrastructure than standard commercial IT practices.
Stuxnet also exposes the interdependence between embedded systems and IT systems. SCADA networks are controlled by common PCs. As a response to Stuxnet, the U.S. Department of Defense Chief of Cyber Command, General Keith B. Alexander, recommended in September 2010 the creation of an isolated network for critical infrastructure, including the power grid. This may sound like a heavy-handed approach, but it is precisely how many governments protect their most sensitive, compartmentalized classified networks. Physical isolation introduces some inefficiency that can be ameliorated with the application of high assurance access solutions that enables a client computer to securely access multiple isolated virtual desktops and back-end networks. These access control systems use the latest and greatest Windows or Linux human-machine interfaces but do not depend on Windows or Linux for their security.
The recent tragedy affecting Japan’s nuclear program, while not the product of any human malice, paints a grim picture regarding the potential impact of successful cyber attack on critical infrastructure. These systems are controlled by common computers and networks that have proven enticing and assailable to well-funded attackers.
The key point is that security against the sophisticated smart grid attack threats cannot be effectively retrofitted; we must design the smart grid for high robustness from the start. Green Hills Software, the only organization to have achieved a high robustness (Common Criteria EAL 6+) software security certification, is actively working with a number of other leading cyber security organizations, across the industrial, government, and academic communities, on high assurance smart grid security architecture. The architecture addresses hardware and systems software partitioning and management strategies, cryptographic systems and key management, and scalability from battery-powered devices up to high-end network concentrators and back-office servers.
About the author:
David Kleidermacher is Chief Technology Officer at Green Hills Software where he is responsible for technology strategy, platform planning, and solutions design.
Kleidermacher is a leading authority in systems software and security, including secure operating systems, virtualization technology, and the application of high robustness security engineering principles to solve computing infrastructure problems.
Kleidermacher earned his bachelor of science in computer science from Cornell University and has been with Green Hills Software since 1991.
For more information, contact smartgrid@ghs.com.
Much of the security community discussion about Stuxnet has been speculation about the attacker’s identity and motive as well as the unprecedented level of attack sophistication, which includes clever rootkit construction and the employment of no fewer than four zero-day Windows vulnerabilities. These vulnerabilities enabled Stuxnet to gain access to and download malware to the Siemens controller itself, implying that the attackers had intimate knowledge of its embedded software and hardware.
Stuxnet demonstrates the need for improved security skills within the embedded development community, but it also elucidates the requirement for a higher level of assurance in critical infrastructure than standard commercial IT practices.
Stuxnet also exposes the interdependence between embedded systems and IT systems. SCADA networks are controlled by common PCs. As a response to Stuxnet, the U.S. Department of Defense Chief of Cyber Command, General Keith B. Alexander, recommended in September 2010 the creation of an isolated network for critical infrastructure, including the power grid. This may sound like a heavy-handed approach, but it is precisely how many governments protect their most sensitive, compartmentalized classified networks. Physical isolation introduces some inefficiency that can be ameliorated with the application of high assurance access solutions that enables a client computer to securely access multiple isolated virtual desktops and back-end networks. These access control systems use the latest and greatest Windows or Linux human-machine interfaces but do not depend on Windows or Linux for their security.
The recent tragedy affecting Japan’s nuclear program, while not the product of any human malice, paints a grim picture regarding the potential impact of successful cyber attack on critical infrastructure. These systems are controlled by common computers and networks that have proven enticing and assailable to well-funded attackers.
The key point is that security against the sophisticated smart grid attack threats cannot be effectively retrofitted; we must design the smart grid for high robustness from the start. Green Hills Software, the only organization to have achieved a high robustness (Common Criteria EAL 6+) software security certification, is actively working with a number of other leading cyber security organizations, across the industrial, government, and academic communities, on high assurance smart grid security architecture. The architecture addresses hardware and systems software partitioning and management strategies, cryptographic systems and key management, and scalability from battery-powered devices up to high-end network concentrators and back-office servers.
About the author:
David Kleidermacher is Chief Technology Officer at Green Hills Software where he is responsible for technology strategy, platform planning, and solutions design.
Kleidermacher is a leading authority in systems software and security, including secure operating systems, virtualization technology, and the application of high robustness security engineering principles to solve computing infrastructure problems.
Kleidermacher earned his bachelor of science in computer science from Cornell University and has been with Green Hills Software since 1991.
For more information, contact smartgrid@ghs.com.
|
|
|
|
|
Navigate to related information
pip_010
4/22/2011 10:47 AM EDT
so was the winxp operator machine infected first and then the simens controllers ?
also how stupid of simens to put a win in industry controller !!! duh. from what i got both the operator remote pc and controler were infected before-hand with the infamous M$ virus :)
Sign in to Reply