Michael Toecker’s session at S4x13 focused on two things.

  1. How secure are the applications that engineers use to configure relays in the electric grid? Prominent examples are GE’s Enervista and SEL’s AcSELerator
  2. Is Microsoft’s Attack Surface Analyzer a useful tool to analyze this electric power software?

These configuration relay applications can be great attack vectors. They are installed on engineering laptops that often connect to a variety of networks, ICS, corporate, even the Internet. Mike shows a real world example of an engineering laptop with Skype and other interesting apps.

The Attack Surface Analyzer found a lot of useful data … unsigned code, no DEP or ASLR on 75% of the software, installed software (including exe’s and dll’s) in world writeable directories, and more. ICS vendors could definitely benefit from using this tool. Owner/operators can use this to get some idea of the quality of a vendor’s SDL.