Malware propagation in smart grid monocultures

Abstract

Smart power grids require a communication infrastructure to collect sensor data and to send control commands. The common trend for cost reduction influences the architecture, implementation, networking, and operation of smart grid devices. Whereas hardware and software reuse are imperative for vendors to lower device costs, utility companies substantially decrease their operational costs by deploying a homogeneous device base. Thousands of smart meters that feature identical hardware, firmware, and software, are one main prerequisite for automated maintenance, support, and device replacement. However, these cost savings create optimum conditions for malware propagation and infection in the grids’ control networks. In this paper we show how monocultures in device types can lead to critical situations if malware exploits a common vulnerability. Although we assume that classical defensive measures, e.g., firewalls, virtual networks, and intrusion detection, are in place, we argue that new or unpatched vulnerabilities cannot be ruled out and may lead to a very fast distribution of malware in large parts of the smart grids’ control network. Besides showing how fast malware can spread in device monocultures, we also discuss effective defensive measures that can support utility companies in preventing or containing malware distribution.