RSA - Experts hack power grid in no time

Cracking a power company network and gaining access that could shut down the grid simple for experts

Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.

Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines, giving the team the ability to hack into the control network overseeing power production and distribution.

Winkler says he and his team were hired by the power company, which he would not name, to test the security of its network and the power grid it oversees. He would not say when the test was done, but referred to the timeframe as "now." The company called off the test after the team took over the machines.

"We had to shut down within hours," Winkler says, "because it was working too well. We more than proved that they were royally screwed." In addition to consulting, Winkler is author of the books Spies Among Us and Zen and the Art of Information Security.

The problem is pervasive across the power industry, he says, because of how power company networks evolved. Initially their supervisory, control and data acquisition (SCADA) networks were built as closed systems, but over time intranets and Internet access have been added to the SCADA networks. Individual desktops have Internet access and access to business servers as well as the SCADA network, making the control systems subject to Internet threats. "These networks aren't enclosed anymore. They've been open for more than a decade," Winkler says.

The penetration team started by tapping into distribution lists for SCADA user groups, where they harvested the e-mail addresses of people who worked for the target power company. They sent the workers an e-mail about a plan to cut their benefits and included a link to a Web site where they could find out more.

When employees clicked on the link, they were directed to a Web server set up by Winkler and his team. The employees' machines displayed an error message, but the server downloaded malware that enabled the team to take command of the machines. "Then we had full system control," Winkler says. "It was effective within minutes."

Winkler says SCADA systems are inherently insecure because they are software running on standard operating systems on standard server hardware, making them subject to all the vulnerabilities of those systems.

Power companies' desire to not risk interrupting service with software upgrades that could improve security perpetuates the inherent weaknesses, he says. "The power grid is so poorly maintained that it is easier to attack than most other systems and networks," he says. "They hope for the best and make the risk-avoidance excuse if something goes wrong."

Winkle says his talk doesn't expose power networks to any more danger than they face now. "The real bad guys already know what I'm saying," he says. "There is the potential for serious damage."

Winkler says power companies need to adopt SCADA software that is better tested for vulnerabilities and engineered for rapid patching when flaws are found. They also need to segment their networks so a breach from the Internet cannot reach the SCADA network.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?