Slashdot Mirror

← Back to Stories (view on slashdot.org)

GE Fixing Bug in Software After Warning About Power Grid Hacks (reuters.com)

Posted by msmash on from the fixing-things dept.

General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.

38 comments

  1. And these breakers are connected to the network? by Anonymous Coward · · Score: 0

    It doesn't sound like a good idea. Air gaps on important infrastructure, people.

  2. Re:And these breakers are connected to the network by DickBreath · · Score: 4, Funny

    If air gaps are not possible, then at least change which port Telnet is running on.

    --

    I'll see your senator, and I'll raise you two judges.
  3. It's the Appernet of Apps, you stupid LUDDITE! by Anonymous Coward · · Score: 0

    Modern app appers like GE know that only apps can app apps, and having the Apper Grid connected to the Appernet of Apps makes everything super appy!

    Apps!

  4. Re:And these breakers are connected to the network by darkain · · Score: 3, Insightful

    That simply isn't ideal anymore. When a critical situation happens, say an earthquake, how long does it take to deploy a person to a breaker unit to manually change its state? They NEED to be networked in today's age to have the level of agility needed to handle a situation.

  5. Re:first by Anonymous Coward · · Score: 0

    first

    how can a first post be marked "redundant"?

  6. Re:And these breakers are connected to the network by Anonymous Coward · · Score: 0

    Microwave range two miles? Shortwave? Electrical lines carry signals too.

  7. info on Recloser by Joe_Dragon · · Score: 1

    the ones on lines need some kind of remote so they can send messages and get turn on commands. They also have local control so there can be a lock out / tag out.

    https://en.wikipedia.org/wiki/...
    https://www.youtube.com/watch?...
    https://www.youtube.com/watch?...

    1. Re:info on Recloser by aaarrrgggh · · Score: 1

      Yes, but there are secure systems for connecting them. GE is just half-ass about their systems.

      While I am sure S&C have issues as well, they are at least conscious about security.

    2. Re:info on Recloser by thegarbz · · Score: 2

      Sorry but horseshit. These companies in general know very little about security. Leave security to those people who specialise in it and put every installation behind a proper VPN before it gets a cable plugged in. And then put the crappy security provided by these protocols in anyway.

      Not that it matters what these companies build, because the end user will screw it up anyway. I went into a substation at a power plant in Germany the other day. I've never visited this power plant before. The maintenance supervisor was trying to show off his new PLC and control cabinet but the computer was logged out. He tried to login as "Administrator" with a few different passwords without success. I reached over and typed "password" ... fail. "Password" ... fail. "passw0rd" and I was greeted with a lovely desktop and an auto starting HMI with write access and no user access control to the relays.

      Siemens put a lot about security in their manual too. It doesn't mean shit if you end up with customers like that.

  8. Billions can attack a network target by PeterM+from+Berkeley · · Score: 2, Insightful

    If your asset is attached to the network, literally billions of people could potentially attack it, from anywhere on the world. Not only that, but they can unleash automated attacks upon your asset from other Internet targets they've previously compromised.

    If your asset is on its own network, or is non-networked, that cuts down on the number of possible attackers tremendously.

    So, critical infrastructure should NOT be on the Internet, or at least not without a correspondingly LARGE investment in security commensurate to the risk.

    --PeterM

    1. Re:Billions can attack a network target by thegarbz · · Score: 2

      If your asset is not on a network, no one will care about attackers because power outages will become incredibly common due to the inability to properly manage the grid.

      If your asset is on it's own network, just expect to pay the appropriate price for electricity when the providers are forced to build a nation wide network of their own, and let me tell you Americans are currently getting one hell of a bargain on electricity.

      The internet is a necessity. But then so are VPN tunnels, firewalls, and proper network design.

    2. Re: Billions can attack a network target by Anonymous Coward · · Score: 0

      Oh my God! Require the people running the power grid to string some communications lines!?! Can't they just get Comcast?

  9. Re:first by davester666 · · Score: 1

    it's been done, like, a million times already.

    --
    Sleep your way to a whiter smile...date a dentist!
  10. Re:And these breakers are connected to the network by davester666 · · Score: 1

    that will definitely slow down the hackers. all of a whole 10 seconds or so.

    --
    Sleep your way to a whiter smile...date a dentist!
  11. Wait! by Anonymous Coward · · Score: 0

    If a hacker shuts down the power, won't he no longer be able to hack 8 -)

  12. No matrix references? by Anonymous Coward · · Score: 0

    What kind of place slashdot have become?

    1. Re: No matrix references? by Anonymous Coward · · Score: 0

      Why not just use an SSH bug and login to the network ;)

  13. Re:And these breakers are connected to the network by thegarbz · · Score: 1

    Air gaps on important infrastructure, people

    Airgaps only make a grid unmanagable which would lead to more poweroutages. The answer isn't airgapping, it's actually knowing security.

    If your idea of security is to simply airgap then you're going to fall victim by many other attack vectors.

  14. Re:And these breakers are connected to the network by sheph · · Score: 0

    Yes. But you also have to share data with other utilities in real time for regulatory and marketing purposes. It's more complex than you'd think.

    --
    I don't believe in karma, I just call it like I see it.
  15. Where are the technical details? by najajomo · · Score: 1

    Would these 'GE protection relays' be connected to the Internet using SCADA units running under Microsoft Windows?

    Cyber Security Issues for Protective Relays: 2008

    The Northeast blackout of 2003

    1. Re:Where are the technical details? by Anonymous Coward · · Score: 0

      Typically no, but it's really up to the customer, not GE.

  16. Re:And these breakers are connected to the network by najajomo · · Score: 1

    > If air gaps are not possible, then at least change which port Telnet is running on.

    Are you an expert :)

  17. Re:And these breakers are connected to the network by tlhIngan · · Score: 1

    Airgaps only make a grid unmanagable which would lead to more poweroutages. The answer isn't airgapping, it's actually knowing security.

    If your idea of security is to simply airgap then you're going to fall victim by many other attack vectors.

    Exactly. Have we all forgotten about Stuxnet already? For those who don't know, Stuxnet is a worm that attacked Iran's nuclear weapons facilities. Iran had their variable speed drives airgapped (standard Siemens SCADA system). And yet, Stuxnet crossed over, and managed to reprogram the drives in such a way that they failed prematurely (and part of Stuxnet is hiding the fact that it's mis-driving the drives so they'd fail).

    Airgaps simply don't work anymore - there's too much informati0on that needs to be transferred between an airgapped network and the regular network that it's now a vulnerability to get the airgapped network infected.

  18. Is this in reponse to black outs last week? by See+Attached · · Score: 1

    Did anyone else notice a bunch of blackouts last week? I heard a few folks around the states mention it, but the press was REAL quiet? Maybe slashdotters can confirm? This is a good place to look for trends! so.. maybe this thread is old news?

    --
    Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
  19. Relays are not circuit breakers by Anonymous Coward · · Score: 0

    Relays control circuit breakers

  20. Re: And these breakers are connected to the networ by Anonymous Coward · · Score: 0

    Not on the same network the breaker controls are on.

  21. Different Controllers? by Neuronwelder · · Score: 1

    When you are dealing with something as important as a power grid, I'd feel safer if you put as much human oversight as you can into it. Hacking never ends, Make sure the human oversight staff is to be educated into not being tricked.

  22. Re:And these breakers are connected to the network by n329619 · · Score: 1

    I'm sure the squirrels would notice the difference.

  23. Re:And these breakers are connected to the network by havana9 · · Score: 1

    You could but them on a separate network, disconnected from the main Internet, or even not using TCP/IP. One could use PSTN and a modem, or use the cellphone network to send SMS or even use a separate radio UHF network. By the way because they have also laid cables and fiber optics having a separate WAN could be feasible.

  24. Re:And these breakers are connected to the network by GNious · · Score: 1

    Just pondering - if they've strung up a set of powerlines, would it be all that impossible to also put up some control-wires, and have that system air-gapped from internet/telecoms/whatever ?

  25. Re:And these breakers are connected to the network by Anonymous Coward · · Score: 0

    Nothing electrical based can be used on utility poles. Maybe fiber optic cables but there's probably special considerations for stringing a fibre optic cable on a utility pole that I'm not aware of.

  26. Re:And these breakers are connected to the network by thegarbz · · Score: 1

    Yes. These days many utilities also run fibre. They also did run control lines but in the past they were for basic copper allowing remote substation intertrips before centralised control became a thing (e.g. OMG my breaker didn't open, please upstream stop feeding me power signal).

    The problem with the cost comes in retrofitting the grid now, rather than when it was first built. Helicopter time isn't cheap.

  27. Re:And these breakers are connected to the network by thegarbz · · Score: 1

    Sure if you ignore technical requirements and start sinking a shitload of money into the system that will lead to public outrage as Americans cease to enjoy their ludicrously low electricity prices you can do ANYTHING.

    PSTN, modems, SMS, you don't seem to realise just how much data is required by SCADA systems and how quickly they need to respond.
    UHF? I take it you've never actually looked at coverage at these frequencies. HF maybe, but then you're into a new world of problems.
    As for cables, they did lay them, but it's worth remembering that the grid wasn't built yesterday. Much of the communications which was laid was done so with simple copper carrying nothing more than dumb trip signals. These days they lay fibre. However laying enough to actually create your own network of all critical substations... we'll how deep is your wallet? After all we can build anything *you* are willing to pay for.

  28. Re:And these breakers are connected to the network by GNious · · Score: 1

    Cheers - been 20 years since I took an introductory course to being an electrician, always curious who things are done now :)

    Helicopter time isn't cheap.

    Nor are fried grids :)

  29. Fomer insider here. by Anonymous Coward · · Score: 1

    I am a former employee for GE at exactly this business segment, and I have used the relays in question and was a designer on a related product. This does not surprise me at all. The thing is though, that GE actually tried really hard to get security right. Some employees weren't very good, but for the most part the company did the right things. The problem was customers. Customers _hated_ security features because it made things more difficult for their dummy techs to fix problems quickly. So - typically security features were disabled by customers or never used at all because security got in the way of their smooth operations.

  30. Re:And these breakers are connected to the network by DickBreath · · Score: 1

    Not if they use ROT13. It would take them more than 10 seconds just to find the website that decodes it.

    The managers that run important infrastructure already have air gaps. (between their ears)

    --

    I'll see your senator, and I'll raise you two judges.