How secure is Cyber Security Data Protection with Transport Layer Security (TLS) Encryption?

Published by Darron Toy on



the modern integrated grid is becoming more connected than ever before distributed renewables pose a unique challenge especially when extending a utilities network beyond the fence all too often the response to these cyber security risks is encrypt the data with TLS and then you're safe but how safe is your TLS really if not done correctly TLS encryption can provide a false sense of protection that can leave you exposed here we have our solar farm constantly updating our utility with its status but watch out a hacker is searching the internet for devices that have a bad TLS implementation and it looks like they just found us the inverter in our solar farm is susceptible to the heartbleed exploit this exploit is simple enough the client is allowed to ask the server to echo back information such as potato or bird the client specifies the length of the word to echo back when a server is susceptible to heartbleed the client can send an echo request that asked for more data back than the string gets sent to echo exposing the memory of the server and potentially allowing someone to steal the encryption keys uh-oh our hacker has been busy writing an exploit to take advantage of the heartbleed vulnerability of our inverter yikes it looks like they got their exploit working and will probably be able to steal our TLS encryption keys having our encryption keys will allow the hacker to set up a man-in-the-middle attack intercepting the stream of traffic between the inverter and our utility and allowing the hacker to manipulate the inverter or even turn it off looks like it's lights out for us next time we need to make sure to implement our TLS properly so it's not susceptible to known vulnerabilities you

Categories: Articles

Leave a Reply

Your email address will not be published. Required fields are marked *