From: SmartGridNews
Quick Take: Do you remember the stories that used to circulate about building a nuclear bomb from instructions on the Internet? I’m starting to feel that terrorists could bring down the grid by reading stories on the Internet. Every week we get details about another vulnerability.
Here’s the latest gambit receiving widespread attention. My advice is to make sure that your security team is aware of it and taking steps to close the gap.– By Jesse Berst
Engineers Adam Crain and Chris Sistrunk recently discovered a major grid vulnerability. Attackers could easily cause a widespread power outage by exploiting a flaw in the SCADA systems utilities use to monitor substations.
The pair eventually managed to break systems from 16 different SCADA vendors using the DNP3 communications protocol. At this point, according to an article in Daily Kos, they notified the U.S. Department of Homeland Security… which didn’t bother to issue a formal alert until four months later.
“We haven’t found anything we haven’t broken yet,” Mr. Crain said in an interview. At minimum, the two discovered that they could freeze, or crash, the software that monitors a substation, thereby blinding control center operators from the power grid. Mr. Crain likened that capability to “a bank robber being in a bank vault with the camera frozen.”
Leave a Reply