Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Critical infrastructure providers need to consider smart meters attack risks

Digital Assurance, the independent security assessment and information assurance consultancy, has warned that critical infrastructure control systems are at risk from wireless attacks carried out over Software Defined Radio (SDR). Critical network control systems such as SCADA (Supervisory Control And Data Acquisition), Building Management Systems (BMS) and PLCs (Programmable Logic Controllers) all use a proprietary wireless technology which could potentially be hacked using SDR equipment and a PC. The specialist data communicated by these systems could be intercepted, captured and replayed to suspend service and cause widespread disruption.

These systems will also be at greater risk in the future as smart meters are brought online, increasing the attack surface of the network. The lowering price point, advances in processing power and difficulties in detecting SDR attacks are also likely to increase its appeal.

SCADA industrial control systems are used to monitor and regulate utility services across multiple sites and distances and have been afforded some protection by the relative obscurity of the network in the past. However, with up to 53 million smart meters across 30 million homes and businesses being added between 2014-2019, the number of potential access points on to the network is set to increase dramatically. The data relayed between these end devices can be intercepted, captured, jammed or replayed using SDR equipment, providing the hacker with network-wide access to field devices, control stations, generating stations and transmission facilities.

SDR works by capturing radio frequency signals using a high-speed ADC (Analogue to Digital Converter) enabling the direct digitisation of the radio frequency signal which can then be analysed by a DSP (Digital Signal Processor) before being converted into output data stream. The user can analyse slices of spectrum at their leisure, looking for carriers and modulated signals and go on to isolate the preamble and the payload, or message headers if searching for data streams, for instance.

There are a variety of SDRs on the market but the USRP (Universal Software Radio Peripheral) is the tool of choice as it allows both reception and transmission which, when coupled with open source software such as GNU Radio, allows the creation of advanced radio systems. This uses a USB 2.0 interface, an FPGA and high-speed ADCs and DACs, to generate a sampling and synthesis bandwidth a thousand times that of a PC sound card, extending the reach of the equipment and enabling wideband operation.

“Wireless assaults on critical infrastructure will grow exponentially over the next few years, in line with the rollout of smart grid networks, and SDR provides the hacker with an opportunity to jump onto parts of this network. To date, critical systems have relied upon their relative obscurity to protect them but that will have to change. The only way of protecting a wireless device from an SDR attack at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks. Very few vendors of such equipment will give this type of assurance so independent testing is currently the only option until the industry applies itself to developing a solution. Understanding exactly what radio systems have been deployed and ensuring adequate risk assessments have been conducted is an essential first step,” says Greg Jones, Director, Digital Assurance.


•Date: 23rd April 2013 • UK/World •Type: Article • Topic: Critical infrastructure protection

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here