Per Beta News:
A team of experts headed by security guru Ira Winkler was hired by an anonymous power company to test the security of a power grid’s network. The door was practically held open for them.
In a matter of hours, the team infiltrated the grid’s supervisory, control and data acquisition (SCADA) networks using simple phishing tools: social engineering and browser exploits.
What sort of special technology did these people use to get the necessary information? They got employees to hand it to them. Per Switched:
They relied on human nature to get initial access, finding the e-mail addresses of many of the plant’s employees and sending them a supposedly corporate e-mail that indicated their worker benefits were being cut. They were directed to a URL to get more information. That URL was, of course, bogus and simply resulted in the installation of malicious software.
On the plus side, many of these security vulnerabilities are relatively easy to fix. If only companies were willing to take the scheduled downtime to fix them. Once again, per Beta News:
Winkler says that these SCADA systems suffer the same vulnerabilities any system does that runs on the same standard operating system and server hardware. Companies have perpetuated the weakness of these systems by not performing important software upgrades because they would force downtime.
And lest you think that the worst thing that can happen is a minor power outage, I will add this one more passage from Beta News:
What could be done given the level of access these white hats obtained would not be limited to simply shutting down a grid, like a group of hackers managed to do for 17 days to a “practice network” in California in 2001. In comments to CNN last year regarding a leaked video of a staged hack that resulted in the self-destruction of a power generator, Joe Weiss of Applied Control Solutions said, “What people had assumed in the past is the worst thing you can do is shut things down. And that’s not necessarily the case. A lot of times the worst thing you can do, for example, is open a valve — have bad things spew out of a valve.”
Just when I was thinking there weren’t enough things to worry about…