Electric Power Research Institute About Us
The Institute
Office Locations

2016 Corporate Social Responsibility Report

EPRI completed a full corporate social responsibility assessment in 2015 culminating in release of its first Corporate Social Responsibility report. The report (and companion video) provides a comprehensive look at EPRI's social responsibility culture and actions around four focus areas: community, employees, operations, and research.

Our Work Events Newsroom Careers EPRI Journal

Product Abstract

Security Testing Tool for End-User Devices (PT2) Version 2.0

Product ID:3002005804
Date Published:27-Nov-2015
Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Software
Pricing Not Applicable

This item is not available for download or ordering. The abstract will provide details on how to obtain access to this item.

If you need additional information on how to access this item please contact the Order Center, 1-800-313-3774 Option 2 or 650-855-2121. You may also send an email to orders@epri.com

Abstract

This EPRI product is now downloadable from the SourceForge.net at: http://sourceforge.net/projects/pt2-security-testing-tool/

The Penetration Testing Toolkit is a software tool to aid end users in the security assessment of power systems sector specific embedded devices.  The PT2 provides the end user with a centralized interface for managing and executing penetration test activities.  The PT2 gives the end user the ability to execute the full range of penetration test activities such as: script execution, data collection, data analysis, traffic injection, and fuzzing.  Additionally, the PT2 provides access to a variety freely available open source security penetration testing tools in an easy to use interface.  The benefit of this approach is that it minimizes the amount of setup required in order to execute a penetration test.  In this initial release of the software, support for the OpenADR 2.0a protocol has been provided.  The OpenADR 2.0a protocol is an XML based HTTP protocol, therefore, the toolkit may also be utilized to test protocols which are similar in structure to the OpenADR protocol.

The features supported for OpenADR are:

  • OpenADR Specific Test Cases
  • OpenADR Packet Sniffer and Analyzer
  • An HTTP Proxy
  • An XML Fuzzer
  • DNP3 Specific Test Cases
  • DNP3 Packet Sniffer and Analyzer
  • A DNP3 Proxy

The PT2 has been developed with extensibility in mind and may support the addition of protocols such as: IEC 61850, Smart Energy Profile 2.0, and DLMS-COSEM in future revisions.

Benefits & Value:

Values and benefits provided by the PT2 are that it provides:

  • A power systems sector specific tool for performing penetration testing.
  • A tool targeting power systems specific protocols.
  • A unified interface for performing multiple penetration testing activities

System Requirements:

At a minimum the supported platforms for this software are: Windows XP/Vista/7 (32-bit and 64-bit), Ubuntu Linux 32-bit and 64-bit, and Backtrack 5 R1/R2.

Under the Windows Platform, the following features are only supported:

  • Packet Sniffer, Proxy, Fuzzer

The “Test Script Execution” functionality is not supported under the Windows platform.

It is recommended that the user install the “Backtrack Linux” distribution as this software has been designed to interoperate with a number of third-party packages included in that particular Linux distribution.  Backtrack Linux can be obtained from the following website: http://www.backtrack-linux.org/downloads/ .  Please note that at the time of writing, Backtrack R1/R2 have been superseded by Backtrack R3.  Since Backtrack R3 involves a major change in the Linux kernel version, it is not supported.  Please use version R1 or R2.

The Ubuntu Linux distribution can also be used given that the following software packages are installed.

  • Nmap: http://nmap.org/
  • Arpspoof: http://arpspoof.sourceforge.net/

These packages can be installed on Ubuntu Linux with the following command:

  • sudo apt-get install dsniff nmap
Program
2015 Program 183   Cyber Security and Privacy
Keywords
  • OpenADR
  • DNP3
  • Smart Grid
  • Penetration testing
Report
000000003002005804
Note

For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email askepri@epri.com

 Having Trouble Downloading?

Internet Explorer Information Bar

If using Internet Explorer the browser automatically blocks downloads by default, instead displaying an "Information Bar" at the top or bottom of the page.

Click "Download File" on Information Bar if using Internet Explorer 8 or older. If using version 9, click “Save” button on Information Bar and then select “Open” once downloaded.

Pop-up blocker software

You can hold down the CTRL key when selecting Download to bypass your pop-up blocker.

You may also configure your pop-up blocker to allow EPRI.com to open new windows.

Recommended Software

EPRI recommends using the latest version of Adobe Reader for best performance.

 Support Services

EPRI Customer Assistance Center (CAC):
800-313-3774 or 650-855-2121 Option 4
askepri@epri.com

Hours of Operation:
8:00 AM - 6:00 PM Eastern Time (GMT-5)

Order and Conference Center:
800-313-3774 or 650-855-2121 Option 2
orders@epri.com