GE Fixing Bug in Software After Warning About Power Grid Hacks

General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.

Re:And these breakers are connected to the network

[darkain]

That simply isn't ideal anymore. When a critical situation happens, say an earthquake, how long does it take to deploy a person to a breaker unit to manually change its state? They NEED to be networked in today's age to have the level of agility needed to handle a situation.

Billions can attack a network target

[PeterM+from+Berkeley]

If your asset is attached to the network, literally billions of people could potentially attack it, from anywhere on the world. Not only that, but they can unleash automated attacks upon your asset from other Internet targets they've previously compromised.

If your asset is on its own network, or is non-networked, that cuts down on the number of possible attackers tremendously.

So, critical infrastructure should NOT be on the Internet, or at least not without a correspondingly LARGE investment in security commensurate to the risk.

--PeterM