April 10, 2008
Security experts take over power grid in minutes
Ira Winkler, a penetration-testing consultant has confessed that his team has managed to gain network access into a power plant’s digital infrastructure. Not only were they inside the employee’s machines but they had complete access to the central console to monitor actual power production. All this was done with a single day’s preparation and about a day’s access. The penetration team started by tapping into distribution lists for SCADA user groups, where they harvested the e-mail addresses of people who worked for the target power company. They sent the workers an e-mail about a plan to cut their benefits and included a link to a Web site where they could find out more. When employees clicked on the link, they were directed to a Web server set up by Winkler and his team. The employees’ machines displayed an error message, but the server downloaded malware that enabled the team to take command of the machines. “Then we had full system control,” Winkler says. “It was effective within minutes.” Winkler says SCADA systems are inherently insecure because they are software running on standard operating systems on standard server hardware, making them subject to all the vulnerabilities of those systems.
Power companies’ do not risk interrupting service with software upgrades that could improve security perpetuates the inherent weaknesses. The power grid is so poorly maintained that it is easier to attack than most other systems and networks. They hope for the best and make the risk-avoidance excuse if something goes wrong.