Hacking Advanced Metering Infrastructure (AMI) – an attacker’s perspective on Distribution System Operator (in)security
Overview
The presentation will guide audience through a complete ICS attack vector aimed at compromising smart meters and advanced metering infrastructure. It will show how in a recent case study team of security researchers identified zero days in smart devices and vulnerabilities in other components of AMI architecture and leveraged those to simulate comprehensive attack scenario. The talk will show an overview of challenges of smart metering solutions cybersecurity in Europe.
Agenda
- Smart meters design, architecture and role of firmware
- Approach to reverse engineering smart meters firmware
- Results of DLMS/COSEM protocol implementation reversing – examples of identified key vulnerabilities
- Examples of common misconfigurations of 3G modems, PLC concentrators and serial port gateways
- Exploitation of identified vulnerabilities in simulated attack on DSO (Energy Distribution System Operator) and end customer
Target audience
Critical Infrastructure managing organizations, i.e. Power & utilities representatives, especially: executive managers (CISOs, CSOs, CIOs and CTOs), OT/ICS engineers and cybersecurity experts and managers responsible for/ or involved in smart grid and smart metering initiatives. No specific prerequisites are needed.
Audience should expect comprehensive analysis covering general concepts as well as more technical details that will be supported and illustrated by specific and practical examples.
Key takeaways for the audience
Target audience will build awareness of cybersecurity challenges and typical vulnerabilities found in smart metering solutions.