Posted By Rich Miller On October 26, 2007 @ 6:50 am In Generators | Comments Disabled
My team was supposed to perform a simple assessment of the security of a Website owned by a power company. The Website had a security vulnerability and provided us a connection to the company’s internal network. From there, we could get to any system in the company, including its SCADA systems. We were told by the security manager to leave out access to the SCADA system in our report, but we were allowed to download the personnel records of the CEO and CIO, so that the results would be hard for them to ignore.In discussions of the generator attack and SCADA hacking, many people are surprised that these kind of systems can be accessed via the Internet. Aren’t they managed by some secure internal network?
Many people might now be thinking, “But isn’t it impossible to actually connect to or otherwise access a power grid SCADA system?” The answer is very sadly, “Hell no!” Initially, the power grid control systems were on closed networks. However when the Internet started to blossom, power companies decided that it was too costly to maintain separate networks. After all, they would need two computers on every desk, which wouldn’t be able to talk to each other. At the time, they rationalized that this only required adding extra protection to logically separate the power grid from the corporate networks. Don’t count on the hope that they actually followed through with that.Winkler writes that hackers have also been able to gain access through modems connected to critical systems for maintenance purposes, or wireless access to allow load tracking so power companies can buy and trade power with other companies. “In order to know the available capacity, you have to eventually connect to SCADA systems,” said Winkler. “So there is even an outside connection engineered into the power grid.”
Article printed from Data Center Knowledge: http://www.datacenterknowledge.com
URL to article: http://www.datacenterknowledge.com/archives/2007/10/26/more-on-generators-and-scada-hacking/
URLs in this post:
 generator hacking: http://www.datacenterknowledge.com/archives/2007/Sep/27/can_your_generator_be_hacked.html
 Internet Evolution: http://www.internetevolution.com/author.asp?section_id=515&doc_id=136047
 Rich Miller: http://www.datacenterknowledge.com/archives/author/richm/
Copyright © 2011 Data Center Knowledge. All rights reserved.