Hacking the Power Grid: Analyzing what Hackers do when they have access to the "Power Grid Honeypot"

September 26, 2018 12:45 PM

The nightmarish scenario of the power grid being hacked, and causing disruption to the electric grid has been used by the entertainment industry to politician to show the public the seriousness of cyber threats. Energy companies are the number one target for cyber attacks against critical infrastructure based on DHS reporting, so it is well known in the industry that hackers are trying to access the ICS/SCADA side of energy companies. We created a honeypot that replicates the Energy Management System (EMS/SCADA) of a modern electric company. The EMS/SCADA is used by electric companies to monitor, control, and optimize power grid. The EMS/SCADA honeypot allows attacker to control key component of the power grid such as Nuclear power generator, major transmission lines that affect the BES (Bulk Electric System). We added component to mimic the Smart grid such as distributed generation (Solar, Wind) to distributed automation. This honeypot allows the community to understand what hacker would do if they have access to the most important system in the GRID the “EMS/SCADA”. We examine a wide variety of skill set from novice hackers to APT actors on the Honeypot. We try to understand their actions and objective when they are controlling the grid, is it sabotage or espionage?

Speaker Information

Panelist Information

Dewan Chowdhury

MalCrawler

Dewan Chowdhury is the founder and CEO of MalCrawler (a solution that protects ICS/SCADA systems from malware cyber-attack), and for almost 20 years Dewan specializes in cyber security support for ICS/SCADA environment from oil & gas to the electric grid. Dewan has unique first-hand experiences dealing with targeted cyber-attacks against critical infrastructure. Dewan has provided cyber incident response in oil refineries to electrical substations. Dewan specializes in incident response and handling for cyber-attacks against ICS/SCADA. Dewan's technical expertise includes Advanced Persistent Threat (APT) analysis, computer forensics, malware analysis for SCADA Devices (IED, RTU, PLC, HMI, etc.), penetration testing on ICS/SCDA Devices, securing smart grid/Advanced Metering Infrastructure (AMI). Dewan speaks across the globe on as an expert on SCADA security and cyber-attacks against critical infrastructure.