"Telvent calls OASyS “the hub of a real-time telemetry and control network for the utility grid,” and says on its website that the system “plays a central role in Smart Grid self-healing network architecture and improves overall grid safety and security.”

But according to Dale Peterson, founder and CEO of Digital Bond, a security firm that specializes in industrial control system security, the OASyS DNA system is also heavily used in oil and gas pipeline systems in North America, as well as in some water system networks."


There are two concerns about what the damage could be:

"hackers could embed malware in project files to infect the machines of program developers or other key people involved in a project. One of the ways that Stuxnet spread — the worm that was designed to target Iran’s uranium enrichment program — was to infect project files in an industrial control system made by Siemens, with the aim of passing the malware to the computers of developers."

"Hannah wouldn’t say whether attackers had downloaded the project files or altered them. Project files contain a wealth of customized information about a specific customer’s network and operations, says Patrick Miller, president and CEO of EnergySec, a nonprofit consortium that works with energy companies to improve security. “Almost all of them will give you some details about the architecture and, depending on the nature of the project, it may go deeper,” he says. Project files can also identify key players in a project, in order to allow hackers to conduct additional targeted attacks, he said. Additionally, project files could be altered to sabotage systems, he says. Some project files contain the “recipe” for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off."

27 Sep 2012 - 1:21
You are seeing a selection of all entries on this page. See all there are.