Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | Grid security experts share explicit grid vulnerabilities - Hope is for industry action before bad aBy: Smart Grid Today The firm is a syndicate within Lloyds of London and uses technical experts to analyze these systems and often finds that remote terminal units (RTUs) have a wireless connection so that employees, or potentially anyone, can connect to them remotely, she said. "Sometimes these devices are left completely open. You could literally type in the IP address of a PLC, find it and hack into it or the SCADA environment that way," Khudairi added Researchers found nearly 2.2 million SCADA devices worldwide open to the internet, according to findings released late last year for Operation SHINE, a project run by open-source group Infracritical, a group founded in 2001 to improve security for critical infrastructure. THE 2015 FIX Critical insights on US grid cybersecurity, Part One SHINE is an acronym for Shodan Intelligence Extraction, where Shodan is a search engine that crawls for the IP address and much more data about devices connected to the internet – about 500 million of them each month. The scope of the study extended beyond utilities and researchers did not try to identify specific IP addresses, but spot-checking did reveal exposed devices linked to wind farms and utility substations, Infracritical co-founder Jake Brodsky told Smart Grid Today recently in an exclusive interview. "A lot of utilities use plain old internet service provider (ISP) systems for their SCADA systems to communicate with a remote substation," "They assume it's private, but it's not. A far larger problem is that most utility and integration- "If they did consider it, it was presumed that this sort of communication was obscure enough that nobody would want to mess with it. In hindsight, that couldn't have been more wrong," Brodsky said. Added risks come from online systems that let consumers track energy use and savings, software bugs, SCADA-system programming errors, substation maintenance mishaps, payment kiosks in shopping malls and utility employees checking email and surfing the internet at work – especially when platforms for these transactions are not separated from utility control systems, security experts told the daily journal. And several recent reports detailed the growing risk. Existing vulnerabilities since 2003 caused at least 58 million people in the US to go without power for an extended length of time and, in addition to exposing people and businesses to power outages, the vulnerabilities are envisioned as contributing to the most dire of national security scenarios. "Until we fix these vulnerabilities, there are distinct cybersecurity problems related to deny, destroy, disrupt attacks, which we're not prepared as a nation to handle," Bryan Sartin, director of the "research, investigations, solutions, knowledge" team at Verizon Enterprise Solutions and one of the authors of Verizon's annual "Data Breach Investigations Report," told Smart Grid Today. "Places like North Korea and Iran are capable of causing damage to critical infrastructures," The risks go beyond taking down the grid, Mike Swearingen, former manager of regulatory compliance at Tri-County Electric Co-Op in Hooker, Oklahoma, told Smart Grid Today recently in an exclusive interview. He gained experience with defense satellites when he served in the US Air Force, he noted. QUOTABLE: Take a place like Iran, with a nuke program with ICBMs. We still run on mutually assured destruction – that if you attack us, you are going to get wiped out. But a hostile country could first cripple the US power grid and then launch nuclear weapons. By weakening the grid, you've now limited the response. – Mike Swearingen, former manager of regulatory compliance at Tri-County Electric Co-Op in Oklahoma Yes, the military and industry have backup generators. But, Swearingen asked rhetorically: "We won't have the full response we planned on in our strategy. That's what worries me," he added. Endless SCADA hits found To better define the risks, Operation SHINE researchers began combing the internet for exposed SCADA devices in April 2012. They were still finding devices when the project ended in January 2014. "We had expected sooner or later to see things level off," Brodsky told the leading independent, daily, professional news journal of the smart grid industry. "But the library of hits kept accumulating." Gaining access may not even take sophisticated expertise, but more basic search engines like Google and Yahoo also could find these SCADA devices, he added. Addressing all the risks will require a multi-faceted approach from many sectors, including culture changes within utilities, market responses especially related to insurance and more layers of protection – driven not by regulation but by results. This story was originally published in Smart Grid Today (http://www.smartgridtoday.com/ ABOUT SMART GRID TODAY Smart Grid Today's mission is to deliver daily, unbiased, comprehensive and original reporting on emerging trends, applications and policies driving the modern utility industry – in a signature format our founders have developed over decades in the trade news business, featuring highly concise and easy-to-understand news copy based on trusted reporting, exclusive interviews, informed analysis and strategic insights that our subscribers rely on to succeed every business day. Smart Grid Today is published by Modern Markets Intelligence, Inc. CONTACTS Brett Brune VP of Editorial Modern Markets Intelligence, Inc. 1-888-907-1113 brett@mminews.com Season Crawford VP of Marketing Modern Markets Intelligence, Inc. 1-888-678-4480 season@mminews.com End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|