226 CHAPTER 12 Attacking Smart Meters section of the OSSTMM are written as if physical access to the target is not commonly allowed. However, as previously mentioned, this is not the case with smart meters. However, some parts of the Physical Security Testing modules can still apply to attacking smart meters. The Access Control module of the Physical Security Testing section discusses how to test the access controls of a target. For attacking smart meters, this would include identifying any mechanisms that would detect the tampering of a smart meter and institute some type of alarm or trigger. Physical inspection of the device, as well as data mining on the Internet may be the two most effective way to evaluate the access controls of targeted smart meters. In performing a test of the physical security of a smart meter, there may be monitoring controls in place that may compromise an attack. This module simply deals with identifying and monitoring solutions that may be observing the target, and determining how to defeat them. Examples would be a surveillance camera on a building's smart meter. Countermeasures to use when attacking the physical security of smart meter would include rendering the camera inoperable or masking your identity. The Location Review module relates to identifying the weaknesses of the tar- get as a result of its location. In the context of smart meters, this would simply involve determining if you could obtain physical access to the meter. As most meters are physically located on the sides of buildings, almost every attacker should encounter little to no controls preventing access to the smart meter. NIST SPECIAL PUBLICATION 800-42: GUIDELINE ON NETWORK SECURITY TESTING The National Institute of Standards and Technology (NIST) issued Special Publi- cation 800-42: Guideline on Network Security Testing in October of 2003. Since then, security testers and attackers alike have utilized its methodology to evaluate the security of targeted devices. NIST 800-42 contains three high-level sections: Security Testing and the Systems Development Life Cycle, Security Testing Tech- niques, and Deployment Strategies for Security Testing. 8 For the purpose of attacking smart meters, we will review the "Security Testing Techniques" section in detail and discuss how it can be utilized to attack smart meters. Security Testing Techniques The Security Testing Techniques chapter, or Chapter 3, of NIST's Special Publica- tion 800-42 contains the following sections 8 : 1. Roles and Responsibilities for Testing 2. Network Scanning 3. Vulnerability Scanning 4. Password Cracking