-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Power Plants and Other Vital Systems Are Totally Exposed on the Internet
- Thread starter Chiefcrowe
- Start date
PrincessFrosty
Platinum Member
There's some good defcon video on unsecured SCADA controllers, one guy stumbled upon a electrolytic dam controller and had the feds turn up on his door a few days later.
It's pretty worrying how bad security is in some of these places.
It's pretty worrying how bad security is in some of these places.
John Connor
Lifer
Just Goggling power plant hack you find all kinds of info.
ch33zw1z
Lifer
*knock knock*
John Connor
Lifer
Who's there?
MagnusTheBrewer
IN MEMORIAM
Monitoring is one thing but, who in their right minds puts control software on a machine connected to the Internet?
John Connor
Lifer
I always thought that SCADA data was transmitted along the power line.
PowerEngineer
Diamond Member
Nope. For the most part, SCADA data from substations is communicated via serial connections using ancient (i.e. >25 year old) protocols. Newer IP protocols are also now available.
For those interested, the North American Electric Reliability Corporation (NERC), which is an enforcement arm of FERC, has a lot of information on mandatory Critical Infrastructure Protection (CIP) standards here:
http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
DrPizza
Administrator Elite Member Goat Whisperer
This was also huge news just a handful of years ago; I recall reading a pretty lengthy article on it. Some highlights I recall from that article: a lot of sites were still communicating via dial-up. Auto-dialers were able to discover these sites. The software was ancient, and security was virtually non-existent.
Also, in a proof of concept type demonstration, the proof of concept went too far: they demonstrated that via hacking, they could knock a supply 180 degrees out of phase. That's not good; it equals a small "explosion" and nearly complete destruction of equipment. They did not expect to destroy the equipment during their demonstration. I think the key was that hackers couldn't easily get into the main control centers - but they didn't have to. They could skip the middle man & directly attack the substations.
I've always found that thought to be a little scary. Consider the virus that <someone> used to infect the centrifuge controls in Iran where they were producing enriched Uranium. A lot of the equipment was destroyed as a result. That was on a secured network that wasn't even attached to the Internet. And here, we have huge portions of our infrastructure sitting wide open. It's not inconceivable to believe that <someone> has their finger on the button & could bring much of our grid to a screeching halt at any moment. It would be seen, I'm sure, as an act of war, if a government did this. But, what about terrorists? Could they organize enough to bring down a significant part of our grid simultaneously? Have these vulnerabilities been addressed in the past (4 or 5 years, I think, since I read the article)?
Also, in a proof of concept type demonstration, the proof of concept went too far: they demonstrated that via hacking, they could knock a supply 180 degrees out of phase. That's not good; it equals a small "explosion" and nearly complete destruction of equipment. They did not expect to destroy the equipment during their demonstration. I think the key was that hackers couldn't easily get into the main control centers - but they didn't have to. They could skip the middle man & directly attack the substations.
I've always found that thought to be a little scary. Consider the virus that <someone> used to infect the centrifuge controls in Iran where they were producing enriched Uranium. A lot of the equipment was destroyed as a result. That was on a secured network that wasn't even attached to the Internet. And here, we have huge portions of our infrastructure sitting wide open. It's not inconceivable to believe that <someone> has their finger on the button & could bring much of our grid to a screeching halt at any moment. It would be seen, I'm sure, as an act of war, if a government did this. But, what about terrorists? Could they organize enough to bring down a significant part of our grid simultaneously? Have these vulnerabilities been addressed in the past (4 or 5 years, I think, since I read the article)?
PowerEngineer
Diamond Member
Yes, there were many substations set up to allow engineers to dial into and download information from those new fangled digital relays and other devices. The CIP standards I referenced earlier prohibit these now.
If you're referencing the instance I think you are, the "proof of concept" purported to demonstrate that a generator breaker could be closed when the generator and system voltages were 180 degrees out of phase (rather than the normal near 0 degrees). Out-of-phase closing do thump the generator quite hard and can cause loss-of-life. As I recall, the hosts for the demonstration took exception to the result, claiming that some of the steps needed to make this happen couldn't actually have been accomplished by an off-site hacker.
In most cases, gaining control of equipment isn't going to give the hacker the ability to damage it. The hacker would have to simultaneously compromise all the equipment's protective devices and then be able to put the equipment into a potentially damaging operating condition. Perhaps possible, but not easy to do; especially to many pieces of equipment across a large system.
"Wide open" is a bit of an overstatement. I do agree, however, that the abilities of hackers (both as individuals and as government-supported warriors) shouldn't be underestimated. Cyber security continues to improve, but I'd like to see us move faster.
Some old systems still use PLC (Power line carrier).
Serial comms over SDH/PDH mux channels and TCP are also used. For example DNP3 over mobile and satellite networks.
John Connor
Lifer
I knew that PLC was still used. There is a transformer farm (for lack of a better word) nearby that has a microwave antenna on a tower. So that must be another method.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
