Our Platform

    Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.

    Learn More

      icon for visibility

      Asset and Network Visibility

      Discover and visualize every asset and every network connection in your OT environment.

      icon for policy enforcement

      Policy Enforcement

      Segment your network and enforce granular policies for true Zero Trust cybersecurity.

        icon-alert

        Anomaly and Threat Detection

        Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.

        icon for signal integrity

        Signal Integrity Validation

        Monitor physical process signals to detect threats and prevent system damage.

          Mission Secure Platform Overview

          Learn More

            Industries

            Keep your organization secure against cyber threats and take control of your OT network.

            View All Industries

              A Comprehensive Guide to Maritime Cybersecurity

              Learn More

                Resources

                Find helpful OT and ICS cybersecurity resources, guides, and downloads.

                View All Resources

                  eBook: A Comprehensive Guide to OT Cybersecurity

                  Read More

                    About Us

                    Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                    Learn More

                      Cyber Risk: From a Hacker's Point of View

                      Listen Now
                        2 Min Read

                        Control | Grid at Risk: Highlighting MSi’s Digital Relay Cyber Attack & Protection Demo!

                        Written by Mission Secure News Desk

                        September 28, 2016


                        ControlGlobal.com highlights the vulnerabilities of protective digital relays and previews MSi's digital relay cyber attack and protection demonstration. The demo will be featured at SecurityWeek's upcoming ICS Cyber Security Conference on October 25th in Atlanta, GA!

                        Demonstration of hacking a protective relay and taking control of a motor – the grid is at risk

                        Protective relays are critical to the operation of the electric grid and the protection of large electric equipment in many industries including electric, nuclear, manufacturing, etc. Protective relays were originally electro-mechanical switches but have progressed to complex networked digital devices with enormous computing capabilities making them intelligent electronic devices (IEDs). Consequently, IEDs are now cyber vulnerable from both IT network and control system issues. In March 2007, the Idaho National Laboratory (INL) demonstrated the Aurora vulnerability by using IEDs to damage large rotating equipment, in this case a generator. The test assumed that the IEDs could be accessed. DOE has spent considerable sums of money to improve the cyber security of protective relays. However, it took less than a day for cyber security researchers (Mission Secure, Inc.-MSI) with NO power industry experience to compromise a very common industry IED – the SEL-751A (see 7/22/16 blog). The purpose of this exercise was not to single out Schweitzer but to demonstrate the generic vulnerabilities of IEDs and the lack of external security around them. Not every IED is critical but some are very critical and must be protected. A typical mid-sized utility may have hundreds or even thousands of substations and many thousands of IEDs but only a small percentage of the IEDs are protecting critical loads. These critical loads may be in transmission or distribution applications.

                        There continues to be reticence from many to believe the grid can be cyber vulnerable or that equipment can be damaged from a cyber attack. Consequently, we will be providing a demonstration at the 2016 ICS Cyber Security Conference (www.icscybersecurityconference.com) where we will take the SEL-751A used in a traditional motor control setting and compromise not only the SEL751A, but then take control of the motor. The cyberattack demonstration will highlight a loss of control of the relay, how such loss impacts an end device like a motor and how this can all be hidden from the operator. The attacks include an adversary gaining access to the relay, taking control of the relay, locking out administrators, changing the relay’s configuration, and taking control of a motor. In addition, the attacks will be masked to leave no trace, making it difficult for an operator to troubleshoot the disruption, determine that the disruption was caused by a cyberattack, let alone prevent the disruption from happening again. I am having a 20+ year utility relay expert, Mike Swearingen, who has served on numerous NERC and DOE committees and projects, to oversee the demonstration to assure its relevance. Mike will explain the relevance and significance of the test.

                        Protective relay issues can have real impacts. The 2008 Florida outage shut down power to approximately half the state of Florida for 8 hours because of relay setpoint changes, the 2015 Ukrainian hack shut down power to 230,000 customers by remotely opening breakers, refinery equipment was damaged from using wrong relay settings, and a nuclear plant experienced a loss-of-off-site power condition (the Fukushima condition) after every plant scram because of wrong relay settings. Given these actual cases, it should be evident that compromising relays can have very significant impacts. Consequently, the lack of appropriate cyber security of IEDs should be addressed as soon as possible.

                        MSI, along with Mike Swearingen and myself, are not only demonstrating the problem but developing a solution.

                        Joe Weiss

                        Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more at ControlGlobal.com.

                        Read the Original Article

                        Interested in learning more? Send us a message.