Bryan Owen

Smart Grid Concurrency Attacks?

Blog Post created by Bryan Owen on Jun 1, 2009

The smart grid is a lot of things to a lot of folks.  At this year's PI user conference Glenn Pritchard of PECO mentioned virtual SCADA systems driven by advanced meter infrastructure (AMI) and PI ACE. Another presentation by Brian Parsonnet of ICE Energy described using the smart grid for optimization and automatic control of distributed energy resources (DER).

 

Indeed smart grid is taking off and driving new levels of collaboration. Not just technical interoperability but also cross-cutting teamwork needed to realize a more secure, reliable and cost effective grid. 

 

Concurrency attacks could be considered collaboration gone wrong... kind of like two people talking at the same time on a conference call.  The BlueHat presentation by Scott Stender and Alex Vidergar of iSEC Partners does a good job of describing web application concurrency attacks and defensive challenges. One of the observations is that today's web development frameworks provide little defense and strict backend defenses can seriously impede scalability.

 

Of course concurrency attacks can happen in control systems too. What about the smart grid command and control infrastructure, will it be possible to generate a state mismatch from concurrent calls to web methods supporting the smart grid?

 

The AMI and Enterprise Gateway teams at OSIsoft have been able study concurrency attacks. Imagine meter connect request issued by agent 1 and a disconnect request issued by agent 2.  Although field state remained consistent, mismatched status reporting to the agents could be observed. Our conclusion is yes, extra defenses to mitigate concurrency attacks are required.  This is especially true to accommodate distributed customer services and delegated service control authority.

 

Another complication is that AMI capability to process commands varies widely depending on technologies used and actual implementation. Some processing schemes use batch oriented methods where, ‘on demand' commands may be scheduled for deferred execution. A lot can change in the dead time before execution.

 

Potential concurrency issues can be prevented at the Enterprise Gateway interface starting with web method support for approval and reversal.  In addition to managing requests the gateway is also tasked with monitoring communications and schedule. This approach exposes activity logs with detailed state and performance indicators in the enterprise gateway.

 

In the operational layer, PI Servers record state of grid operational data using traditional SCADA interfaces. Smart meter information leverages the AMI interface conductor design.  The interface conductor supports plug-in modules for head end systems and represent the inner most defense for concurrency attacks. Anomalies such as inconsistent command sets or permissions for one or more target meters could be rejected or raise an alert.  

 

Smart grid solutions span many technologies that provide unique opportunities for layered defenses. A multi-level permissive and abort logic scheme could be especially effective when there are multiple authorized agents using web entry points. Is your web application vulnerable to concurrency attacks?

Outcomes