Utilities Racing To Secure Electric Grid

FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."

Re:it always baffles me

[Beardo+the+Bearded]

They aren't supposed to be online, no. What you have though is the desire to do remote monitoring. One of the SCADA systems I used had an email module so you could get an email when things got all fucked up. That's a super awesome feature to have on a mission critical device.

"Hey, Beardo, it's Loader 1. Probably nothing to worry about, but sensors picked up a fluctuation in the output. Last time this happened the system crashed hard. Yeah, I know you're in a movie. Come check on meeee."

Now if this was up to me, and I know it's not, I'd build that module with an optoelectronic relay so it can send messages but be physically incapable of receiving them. Of course that does limit the usefulness, I can't send back messages, but I could call the place and let the night crew know there's a problem (if they aren't already aware) and how to mediate it.