Attacking and Defending the Smart Grid

Presented at DEF CON 19 (2011), Aug. 6, 2011, noon (50 minutes)

The Smart Grid brings greater benefits for utilities and customer alike, however these benefits come at a cost from a security perspective. Unlike the over-hyped messages we usually hear from the media, the sky is NOT falling. However, just like any other technology, the systems and devices that make up the Smart Grid will have weaknesses and vulnerabilities. It is important for us to understand these vulnerabilities, how they can be attacked, and what we need to do to defend against those attacks. This presentation will explore how the increased functionality and complexity of the Smart Grid also increases the Smart Grid's attack surface, or in other words, increases the ways attackers can compromise the Smart Grid's new infrastructures, systems, and business models. We'll discuss several specific attack avenues against the Smart Grid and the recommendations we are making to utilities and vendors to mitigating and blocking these attacks. This will be done without the FUD and over-hyped framing that we usually find in the media and other Smart Grid presentations.

Presenters:

• Justin Searle - Senior Security Analyst at InGuardians, Inc.
  Justin Searle is a Senior Security Analyst with InGuardians, specializing in the penetration testing of web applications, networks, and embedded devices, especially those pertaining to the Smart Grid. Justin is an active member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid) and led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628. Previously, Justin served as JetBlue Airway's IT Security Architect, and has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations. Justin has presented at top security conferences including Black Hat, DEF CON, ToorCon, ShmooCon, and SANS. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudnum. http://www.facebook.com/m33as Twitter: @meeas

Links:

• https://defcon.org/html/defcon-19/dc-19-speakers.html#Searle
• https://infocon.org/cons/DEF CON/DEF CON 19/DEF CON 19 video and slides/DEF CON 19 - Justin Searle - Attacking and Defending the Smart Grid - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=S5451cAwjBo

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / How the Grid Will Be Hacked
• DEF CON 18 (2010) / Getting Social with the Smart Grid
• Black Hat USA 2011 / Pentesting the Smart Grid