Utilities Beware: More Attacks Coming

Monday, August 8, 2011 @ 04:08 PM gHale

Suppliers had better improve their defenses against cyber attacks or there will be problems.

That warning by the North American Electric Reliability Corporation (NERC), which established and enforces reliability standards for the bulk-power system, coincides with reports by IT security researchers there are vulnerabilities hackers could use to sabotage power plants, oil refineries or manufacturing operations.

Insider Threat to Utilities
Smart Grid Security a Top Priority
Secure Smart Grid Moves Forward
White House Invests in Smart Grid, Security

That all became even more clear last week when Dillon Beresford of security research firm NSS Labs demonstrated at the Black Hat security conference in Las Vegas he could break into programmable logic controllers (PLCs) used by utility companies.

Beresford revealed in May he found multiple vulnerabilities in Siemens PLCs.

He told attendees of the Black Hat conference that he found ways to break in to the Siemens PLCs even the ones protected by passwords.

Other researchers at the conference said criminals and intelligence agencies would also be able to use the Internet to hack into controllers made by other the other major manufacturing automation suppliers.

The industry standards do not call for encrypted data transmissions between PLCs, which researchers said makes them easier targets for hackers.

While Stuxnet targeted PLCs through operating systems software, Beresford said he found ways to reprogram the devices directly if he could get to them on the network.

NERC is taking the warnings seriously and hopes to reduce the risk by issuing security recommendations to utilities in the U.S. and Canada.

Leave a Reply

You must be logged in to post a comment.