Michael Toecker’s session at S4x13 focused on two things.
- How secure are the applications that engineers use to configure relays in the electric grid? Prominent examples are GE’s Enervista and SEL’s AcSELerator
- Is Microsoft’s Attack Surface Analyzer a useful tool to analyze this electric power software?
These configuration relay applications can be great attack vectors. They are installed on engineering laptops that often connect to a variety of networks, ICS, corporate, even the Internet. Mike shows a real world example of an engineering laptop with Skype and other interesting apps.
The Attack Surface Analyzer found a lot of useful data … unsigned code, no DEP or ASLR on 75% of the software, installed software (including exe’s and dll’s) in world writeable directories, and more. ICS vendors could definitely benefit from using this tool. Owner/operators can use this to get some idea of the quality of a vendor’s SDL.