Maker of Smart-Grid Control Software Hacked

This blog collects news relevant to the design of current and future energy systems, with a focus on economics, Europe and the Netherlands. The views expressed here are my own and not those of CWI Amsterdam (the research institute I am employed at).

I am not an expert on any single technology in energy systems (e.g. transmission, electric vehicles, batteries), but the interconnectedness in our energy systems makes a broader view very important, as well. I come across lots of links because I developed a general interest in this important societal topic during my PhD and thus come across lots of news stories. Sometimes I will give only the link, but if time allows, I'll summarise shortly what I think the most important or interesting bits are.

[This blog ran initially on Posterous, but they sold to Twitter and shut down. I decided to move it into my own domain.]

the latest entries:

The seven habits of highly effective people

The Mom test

Der letzte Weynfeldt

Google-free Android on Fairphone, again

Other minds

Risiko

The Why-are-you-here Cafe

Herbstmilch

Mit brennender Geduld

show search options

Maker of Smart-Grid Control Software Hacked

"Telvent calls OASyS “the hub of a real-time telemetry and control network for the utility grid,” and says on its website that the system “plays a central role in Smart Grid self-healing network architecture and improves overall grid safety and security.”

But according to Dale Peterson, founder and CEO of Digital Bond, a security firm that specializes in industrial control system security, the OASyS DNA system is also heavily used in oil and gas pipeline systems in North America, as well as in some water system networks."

http://www.wired.com/threatlevel/2012/09/scada-vendor-telvent-hacked/

There are two concerns about what the damage could be:

"hackers could embed malware in project files to infect the machines of program developers or other key people involved in a project. One of the ways that Stuxnet spread — the worm that was designed to target Iran’s uranium enrichment program — was to infect project files in an industrial control system made by Siemens, with the aim of passing the malware to the computers of developers."

"Hannah wouldn’t say whether attackers had downloaded the project files or altered them. Project files contain a wealth of customized information about a specific customer’s network and operations, says Patrick Miller, president and CEO of EnergySec, a nonprofit consortium that works with energy companies to improve security. “Almost all of them will give you some details about the architecture and, depending on the nature of the project, it may go deeper,” he says. Project files can also identify key players in a project, in order to allow hackers to conduct additional targeted attacks, he said. Additionally, project files could be altered to sabotage systems, he says. Some project files contain the “recipe” for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off."

27 Sep 2012 - 1:21

You are seeing a selection of all entries on this page. See all there are.