Friday, July 21, 2017

Data and Communications Security: IEC TC 57 Just Published IEC 62351-7

IEC TC 57 just published IEC 62351-7:2017:
Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

IEC 62351-7:2017 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC TS 62351-7 (2010): NSM object data model reviewed and enriched; UML model adopted for NSM objects description; SNMP protocol MIBs translation included as Code Components.
The Code Components included in this IEC standard are also available as electronic machine readable file.
Click HERE for the Preview.
Click HERE for the Code Components.
The standard series IEC 61850 will also come with Code Components when the various 7-x parts will be published as International Standard. This will ease the development and maintenance of engineering and configuration tools ... tremendously.
Check HERE for Code Components ... coming later in 2017 or 2018 ...

Again Security: How do you Protect your Industrial Control System from Electronic Threats?

Industrial Control System (ICS) need to be protected from Electronic Threats - one of the most crucial challenge yesterday, today, and in the future. Joseph Weiss (PE, CISM - one of the real senior experts in the field) uses the term “electronic threats” rather than cyber security because there are many electronic threats to Industrial Control Systems beyond traditional cyber threats (as he says).

Joe Weiss has written a book with more than 300 pages published in 2010 worth to study (and more important TO IMPLEMENT): "Protecting Industrial Control Systems from Electronic Threats"
List of contents:
  1. Industrial Control System Descriptions
  2. Convergence of Industrial Control Systems and Information Technology
  3. Differences between Industrial Control Systems and Information Technology
  4. Electronic Threats to Industrial Control Systems
  5. Myths
  6. Current Personnel Status and Needs
  7. Information Sharing and Disclosure
  8. Industrial Control System Cyber Risk Assessments
  9. Selected Industry Activities
  10. Industrial Control System Security Trends and Observations
  11. Industrial Control System Cyber Security Demonstrations
  12. Selected Case Histories: Malicious Attacks
  13. Selected Case Histories: Unintentional  Incidents
  14. Industrial Control System Incident Categorization
  15. Recommendations
As long as you can read this blog post you could assume that there is enough power for all computers involved in the chain from the server holding this bog to your computer.
When you will see the following message on your screen: "Sorry, we are out power!" don't worry that much - because the only message you CANNOT SEE ON YOUR SCREEN IS: "SORRY; WE ARE OUT OF POWER. No power no screen display. ;-) 
Click HERE for more details on the book.
I guess Joe would have spent another 100 or so pages to talk about IoT vulnerability if he would have written the book now. 
In a report published the other day by Wired you can read:
"On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy" a vulnerability in a piece of code called gSOAP widely used in physical security products, potentially allowing faraway attackers to fully disable or take over thousands of models of internet-connected devices from security cameras to sensors to access-card readers.
Using the internet-scanning tool Shodan, Senrio found 14,700 of XXXX's cameras alone that were vulnerable to their attack-at least, before XXXX patched it. And given that's one of the dozens of ONVIF companies alone that use the gSOAP code, Senrio's researchers estimate the total number of affected devices in the millions."
Unbelievable!!
Click HERE for the full Wired report.
How long will you wait to implement more measures to protect your industrial control system?
Start now - latest next Monday.

Tuesday, July 18, 2017

IXXAT (HMS) Offers New POWERFUL Smart Grid Gateways for IEC 61850, IEC 60870-5, Profibus and more

Under the IXXAT brand, HMS delivers connectivity solutions for embedded control, energy, safety and automotive testing.
The new and very powerful IIoT gateways from HMS allow industrial equipment to communicate with power grids based on IEC 60870-5-104 and IEC 61850. In addition they also include Modbus TCP Client/Server and Modbus RTU Master/Slave


IXXAT SG-gateways...
  • enable easy remote control and management of electrical systems
  • allow to log and display application data and energy consumption
  • provide IEC 61850 client/server and IEC 60870-5-104 server support
  • have in-built Modbus TCP Client/Server and Modbus RTU Master/Slave interfaces
  • provide connectivity for CAN Bus, I/O, M-Bus, PROFIBUS, PROFINET and EtherNet/IP based devices
Click HERE for more details in English
Hier klicken für Details in Deutsch

Friday, July 14, 2017

How Much Will The Implementation Of Security Measures Cost?

Almost everybody is talking about security measures in the context of automation and communication systems in factories, power plants, substations, hospitals, ... Talking about the topic is one thing - what's about implementing and sustainable use of secure systems? Hm, a good question.
A news report published on June 13, 2017, under the title
"The “Internet of Things” is way more vulnerable
than you think—and not just to hackers

points out that many - maybe most - devices that communicate using internet technologies are not capable to carry the load needed for reasonable security measures. One paragraph referring to Joe Weiss (a well known expert) is eye-catching:
"Weiss believes that the first step in securing the IoT is to build entirely new devices with faster processors and more memory. In essence, hundreds of billions of dollars’ worth of machines need to be replaced or upgraded significantly."

Click HERE to read the complete report.

I would like to see - at least - more powerful platforms when it comes to new installations. Be aware that the cost of a new platform with implemented state-of-the-art security measures is one thing. Another thing is to implement a more centralized security infrastructures to manage the security.
IEC 62351-9 specifies cryptographic key management, namely how to generate, distribute, revoke, and handle X.509 digital certificates and cryptographic keys to protect digital data and its communication.
Primary goals of the series IEC 62351 are considered for the use of cryptography:
  • Verifying the claimed identity of a message sender (authentication);
  • Verifying that the sender has the right to access the requested data (authorization);
  • Ensuring no one has tampered with a message during transit (integrity);
  • Obscuring the contents of a message from unintended recipients (confidentiality);
  • Associating specific actions with the entity that performed them (non-repudiation).
It is recommended for vendors and users to pay more attention to IEC 62351 (and other standards) and to listen carefully to the experts involved in protecting our infrastructures.
A reasonable white paper on the matter has been published by the BDEW (Germany): "Requirements for Secure Control and Telecommunication Systems".
Click HERE to access the BDEW white paper.
Click HERE for further information (some documents are in English).
Click HERE for a paper discussing the BDEW white paper.

Tuesday, July 11, 2017

Interactive Information about German Power Generation, Load and Export/Import

The German regulator of the electric power network has just opened a new website which gives you a deep inside view in power generation, load and export/import.



Graph from the new website.
Click HERE to access the new website.
Enjoy.
This is a very interesting service ... to see what's going on.

When will Hackers Take Control Over Substations?

I guess most people belief that our power delivery infrastructure is very secure - yes, I agree that this is (still) the case. What's next? There are some publicly visible efforts to change this - obviously.
One of the attempts to approach the power delivery control systems has been made public the other day with the headline:
Attack on Critical Infrastructure Leverages Template Injection
"Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer."
Click HERE to read the full report.
Click HERE for NYTimes report.

Saturday, July 8, 2017

IEC-61850-Hands-On-Training in Deutsch in Karlsruhe (Dezember 2017 und Mai 2018)

NettedAutomation GmbH bietet zwei IEC-61850 Hands-On-Trainingskurse zu unschlagbar günstigen Preisen in Deutsch in Karlsruhe an:

05.-08. Dezember 2017 
14.-17. Mai 2018

Die drei (3) Blöcke (1 Tag + 2 Tage + 1 Tag) können einzeln oder in Kombination gebucht werden. Sie entscheiden selbst, ob Sie nur einen Tag von Ihrem Arbeitsplatz fern bleiben möchten oder zwei, drei oder vier. Je nachdem, wieviel Zeit Sie investieren wollen oder können und welchen Bedarf Sie haben.

Lernen Sie, wie über 4.300 Teilnehmer vor Ihnen, was IEC 61850 und andere Normen wie IEC 60870-5-10x oder IEC 62351 (Security) bedeuten. Gewinnen Sie einen Einblick in relevante Realisierungen wie die FNN-Steuerbox oder VHPready, die auf IEC 61850 aufbauen. Verstehen Sie, wie Feldbusse (Profibus, Profinet, Modbus, ...) über lostengünstige Gateways in die Anlagen eingebunden werden können.

Im Hands-On-Training lernen Sie die wesentlichen Konzepte der Normenreihe praktisch kennen. Die umfangreiche Trainings-Software dürfen Sie behalten und weiterhin nutzen!


Copyright, 2017-07, Michael Hüter

Der Kurs ist für alle geeignet, die mehr über IEC 61850 erfahren wollen.

HIER klicken, um zur Beschreibung und den Anmeldeunterlagen zu gelangen [pdf, 430 KB].

Beachten Sie auch, dass die meisten Seminare als Inhouse-Kurse stattfinden! Falls Sie Interesse an einem Inhouse-Kurs (in deutsch, englisch, italienisch oder schwedisch) haben sollten kontaktieren Sie uns bitte!

Monday, July 3, 2017

An All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25

NettedAutomation GmbH (Karlsruhe, Germany) has released an All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25 (EvaDeHon) for immediate download and use!
The new EvaDeHon Package comprises the roles Client, Server, Publisher, and Subscriber running on a PC, HMS (IXXAT, Beck IPC) Gateways, SystemCorp IEDs, ...
The new solutions allow to run multiple IED models (all roles) in parallel on one PC (simulating IEDs of a complete system!) ... and more. The roles and applications are configured directly by SCL files (.cid). You can build your own models and run them with all roles ... if configured.
This Package is based on our 30+ years of experience. We are really proud of offering these tools to the industry today! Sit down, enjoy and relax ...


Copyright, 2017, Michael Hüter

Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Example: Server and Client on two PCs:


Many topologies on PCs:


... and topologies with gateways:


Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.