- presentation: How to Build Your Own Cyber Security Framework using a Balanced Scorecard (pdf)
As you might already know, I won Bruce Schneier's Sixth Annual Movie Plot Threat contest. This movie plot was constructed using a similar approach and methods. My main goal was to stretch the imagination of the audience by emphasizing a threat and attack scenario that isn't often considered, but yet is very plausible -- namely business partners as threat agents. I also wanted a scenario that was not a typical attack with typical consequences, but yet was serious at a system level.
[Edit: shout out to Andy Bochman who just wrote this post on the value of a compelling story to boost awareness and understanding. Great minds think alike!]
Here's the movie plot synopsis:
Summer of 2017: It was another long heat wave in central Texas. Spare generating capacity was dangerously low. Thanks to deregulation and incentives, microgrids have taken off, especially in Texas. Microgrids now play a vital role in how utilities manage peak power demands in certain regions, both to limit demand and as peak generating capacity. During heat waves like this, spot prices for peak load electricity can be 10 or 100 times more than normal, but it’s hard for anyone – utilities, customers, traders – to predict when those price spikes will come.While this is a fictional scenario, nearly every aspect has basis in fact -- i.e. something that has already happened (e.g. manipulation of wholesale markets), the details of the Texas Nodal Market, and product/services that is currently offered in the case of microgrid automation.
One hedge fund manager at Gold Man Hacks has figured out that the best way to predict price spikes is to help create them. This is right out of the playbook of Enron and others from the 2001 crisis in California. But this time they don’t do anything as clumsy as convincing a generating plant to go offline. They found a way to game the Texas Nodal Market for wholesale electricity where they looked like good guys and no one could trace the cause back to them.
The Nodal Market is designed to avoid transmission congestion and to ease peak load shortages. When ever a geographic node experiences excess demand, neighboring nodes are given price incentives to fulfill that demand. In normal times and even extremes, this market system has worked well. This heat wave was no different, or so it appeared.
But this was the first full-scale deployment of the Gold Man Hacks strategy, internally nicknamed "Monkey’s Uncle". Gold Man Hacks had previously sold “peak load hedging” contracts with a large number of generators in Texas. These were fairly conservative financial instruments and simple except for one provision – they paid a bonus to Gold Man Hacks whenever the generator received an incentive payment through the Nodal Market, and the bonus was 80% of the incentive payment!
The key to "Monkey’s Uncle" is that Gold Man was able to engineer many local and persistent excess demand conditions in specific nodes, which triggered incentive payments to generators in neighboring nodes, where Gold Man had peak load hedging contracts.
Every target node was rich in microgrids and cogeneration plants. Nearly all were managed by brand new supervisory control systems based on Commercial Off-the-Shelf (COTS) IT technology, including USB, wireless TCP/IP networks, and – critically – hosted auto-configuration software that manages the local SCADA controller, including it’s automated transactions in the wholesale Nodal Market.
Gold Man recruited Thad as a confederate to do the technical dirty work, with the irresistible offer of a share of the profits. Thad was a former contractor in Gold Man’s information security department specializing in penetration testing. It wasn’t hard to get him a contract at the Microgrid Automation Software company that had the largest market share in Texas. Once on the inside, it didn’t take long for Thad to find exploitable vulnerabilities in the hosted auto-config system. Through those exploits, Thad made small changes in the business rules for wholesale market transactions and for demand response. He even modified the design documents just in case anyone did a code walk-through.
In effect, this created a botnet of SCADA controllers that would, on command, buy power instead of sell, and increase demand rather than reduce demand. The command signals were sent through the wholesale market quote system as sham quotes, ignored by all other participants except for the pwned SCADA controllers and their automated trading software. You'd have to be a "Monkey's Uncle" to believe that sham quotes could be used as botnet control signals (hence the code name).
As the 2017 heat wave extended into it’s third week, "Monkey’s Uncle" had netted Gold Man Hacks almost $300 million in bonus payments, with no end in sight.
If any of those microgrid operators had noticed the anomalous wholesale transactions and was sufficiently capable to do a proper investigation…