SIEMENS

On the hunt in Washington, D.C. The bad guys are doing the chasing. They’re trying to get a witness who is being guarded and escorted by police detective John McClane (Bruce Willis). Things don’t look good for McClane. The criminals chasing him and his witness have hacked into all the city’s computer systems. They now control the transport networks, phones, and IT lines, which allows them to watch their prey on giant monitors in their command center as they change traffic lights to red, close tunnels, and generate chaos throughout Washington. “Live Free or Die Hard” is every IT security expert’s nightmare.

Dr. Johann Fichtner, head of the IT Security technology field at Siemens Corporate Technology (CT) in Munich, has seen the movie. He and his team advise the Siemens Sectors on IT security matters. “The film isn’t completely unrealistic; theoretically, hacker attacks can shut down entire infrastructures,” Fichtner says. The more complex and interconnected the control systems are in airports, public transport systems, water and energy networks, hospitals, and data networks, the greater will be the danger that such a scenario can occur.

The power grid in particular has to be protected, because many other infrastructures rely on electricity. This is particularly crucial with regard to smart grids, which will closely link a large number of electricity producers, power consumers, and software systems in the future. International security-strategy standards need to be developed and implemented here. “You need to look at the entire smart grid in this process, not just the connections between individual components,” says Alexander Schenk, who is responsible for Automated Metering and Information Systems (AMIS) at Siemens in Vienna, Austria. A smart grid equipped with AMIS measures household electricity consumption with smart meters, collects usage data from local transformer stations, monitors and manages the grid, sends data to control centers, and stores it in software that generates electric bills. All of these functions and connections have to be secured. Networks that already run with AMIS, like the grids in Upper Austria and the German state of Baden-Württemberg, are secured with software encryption and protocols that precisely define which module should transmit data and where. “This offers a benefit, because if the code is ever cracked by hackers it will only give them access to certain parts of the network and can then be quickly changed using a software download,” says Schenk. New and expanded security standards can also be added as needed in such a system.

Another problem is that more and more networks and industrial facilities are now running on standard operating systems and using Web-based services, thus making them potentially accessible from any PC. Because they’re based on Windows or Linux software, they’re also easy to service. “But that also makes them more vulnerable than systems that use specially developed software, given that hackers are already familiar with the setup,” says CT expert Steffen Fries.

In the future, consumers will be able to use Web applications to monitor their own electricity consumption, because the smart meters in their homes will send the data to the Internet. But if hackers get into the central servers, they’ll be able to tell when no electricity is being used in a house or apartment, thus tipping them off when no one is home.

Simulating Glitches. It’s not just the power grid that’s becoming a highly complex system; the same can be said of high-speed rail networks and new subway lines with software-controlled mechanical and electronic propulsion systems. In such a situation, the failure of a single module can affect an entire train. For example, if an electronic system doesn’t close the doors, it’s not enough to simply shut them by hand. Other systems also need to know about the problem and adjust their operations accordingly by issuing a command that allows the train to leave the station even though there’s no electronic signal indicating that the doors are in fact closed. For every conceivable scenario, experts have to draw up a fault tree depicting the course each functional error will take. Only after this has been completed for every foreseeable contingency can parameters be defined for responses.

“We used to have to develop a new fault tree for every new train concept,” says Martin Rothfelder, who is responsible for Risk Management and Analysis at CT in Munich. A further problem is the fact that each country has its own rail system safety standards. For example, most train door control systems in France are monitored solely with electronic systems, while the UK rail network generally uses an additional sensor-based safety architecture that sends signals via a bus system. As a result, it’s becoming more difficult to demonstrate that a system is fail-safe. Rothfelder’s team used standard software tools to develop a program that allows fault trees to be used with subsystems. Technicians merely have to key in the variables of a particular train. The fault analysis is then carried out automatically. “We’re now able to determine much sooner that a proposed solution isn’t safe enough, and that the development team needs to consider alternatives,” Rothfelder explains.

Strategies designed to protect sensitive systems from attack are all basically the same. Specialists analyze the systems and the type of protection desired, define security requirements, develop a suitable security architecture, and implement it. According to Fichtner, the trend is now to have secure programming technologies tested and officially certified. CT’s Development Centers, which are responsible for software development, also offer continually updated security training programs at their Central Eastern Europe and India clusters. One principle is paramount here, says Fichtner: All systems must be continually examined for new weaknesses. “The idea that you shouldn’t touch a running system is outdated.”