Energy and powerNewsPower transmission

Ransomware – how secure are your protection relays?

Editor
Image: Red Balloon Security

US security investigator Red Balloon Security has found security flaws in a protection relay and demonstrated vulnerability to ransomware attack.

It is said that to protect from crime one needs to think like a criminal – and that is what the researchers at Red Balloon Security have done in a new investigation into protection relays, one of the commonly used embedded devices in power grids around the world.

The focus of their investigations as they have reported them began with a cybersecurity assessment of three devices issued since 2015 and currently available on the international market from leading manufacturers (unnamed).

These were subject to a hardware teardown and firmware assessment and then protocol fuzzing. Red Balloon found that while cybersecurity features are highlighted in the marketing specifications of each, including safety and IEC63443 cybersecurity compliance up to and including certification, none currently incorporates the full complement of security features.

Have you read?
Australia’s CS Energy reports ransomware attack
Ransomware – the growing cybersecurity scourge

The company says the good news is that vendors can make their device security more robust, but believes that they are not incentivised to do so, given the limited regulation of embedded device security and the current state of the market.

While concerning in itself, perhaps more concerning given the recent escalation of ransomware attacks, is that the researchers were able to demonstrate a ransomware attack on one of the devices – and that is claimed repeatable and general to embedded devices across the grid.

As such, it also is believed to mark a first for the OT grid, as ransomware attacks are traditionally done via the IT systems.

Furthermore, the company identifies three methods of device access that could be used to deploy a ransomware, viz migration from the IT systems, compromised links on the supply chain and hands-on manipulation of a device in the field.

Red Balloon says recent government actions have raised awareness and stimulated action for addressing the threat of ransomware in OT systems but the protection of embedded devices are not included in the action step. The company attributes this to the fact that these devices are typically not data-rich but more seriously that the possibility of attack has not been sufficiently considered.

Among recommendations are that embedded device manufacturers should add security mechanisms to the firmware of existing devices and as an enhancement to new device security before deployment.

For their part utilities and other critical infrastructure organisations should demand more transparency from device supply chain vendors to be able to monitor the embedded devices as well as the security of the code and processes, enabling the devices to better protect themselves.

Finally, a more robust regulatory position is needed on device-level security for embedded systems running the networks and industrial control systems.

You May Also Like

Transition Automation Updates Innovative Paste Retainers

WNIElectronics

Webinar 11 Oct: Private LTE communications empower wind farms

Editor

Easily automate product identification and improve traceability

Editor