Utilities Racing To Secure Electric Grid

FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."

Happens all the time

Do you think that the energy industry is any easier on IT folks than anybody else?

Big dollar consultants instead of trained employees, given full unescorted access because the manager doesn't want to have to sit in the datacenter and escort them to the restrooms and such.

My SCADA datacenter still allows a cleaning crew in unescorted.

And electricians, and HVAC contractors and so on.

I found out they were PAINTING my datacenter the day that my storage started freaking out with heat alarms. Went running downstairs to find the facilities team had left a painting crew in the datacenter to cover all of my cabinets (and vented tiles) with tarps.

So these devices might not start connected to the internet, but a USB key here, a rogue cellular wi-fi bridge there, and some wild stuff can happen.

I've heard of other shops that had their SCADA people upset that they couldn't work from home, so they set up "secret" networks that only they knew about so they could still get in. Secret to their co-workers/management, but easy to find for the people who do that for a living.

Going anon for good reason.

Re:it always baffles me

[Puff_Of_Hot_Air]

... why are mission critical devices connected to the internet

sure we know that the weakest link is the meatware, not the hardware, but still...

They aren't, at least, not directly. They are however generally connected at various points to the "business" network which is connected to the Internet (people gotta email). The literal air gap is largely fiction. The business network is hacked, then some vulnerability exploited in the bridge points or routers (it's a network of networks!). Why connect the SCADA to the business network at all? To get the data out to do reports, send email alarms etc. in theory this data exporting should be secure. Problem is that who is hacking your SCADA system? It's not the usual suspects; there is no money in it and the barrier of entry is too high for the script kiddies. It's other countries wanting to perform espionage. How the hell do you protect against that? Look at stuxnet, I mean really look at how that took down the centrifuges. Governments have resources that the average hacking group simply doesn't (or SCADA group). They also have no reason to reveal a compromised system. There could be sleeper, targeted, custom malware sitting on every SCADA server in the US, just waiting for the a time where it will be useful to activate. It's a brave new world!

Re:The best defence is interdependence

[camperdave]

Mapping out electrical utilities is not a big deal, it is trivial. It is perfectly legal to drive around the country following power lines and they can find agents who blend in and can claim to be on vacation, looking for property or whatever. If there were a serious danger of attack on us via our infrastructure someone would have done it already because it is so very unprotected.

Drive around the country? Google Maps, my friend. You can follow power lines all over the place from the comfort of your living-room.