The week of October 1st, Project SHINE found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. They discovered this via search engines without even accessing the site itself. Project Shine provided this information to DHS. As of the week of October 7th, the substation device was disconnected. I had a discussion with the utility who said the device was for monitoring only. However, this type of device is often connected directly to the SCADA network and can thus be a backdoor. The Project Shine investigator will present a detailed case history with time lines of this case at the October ICS Cyber Security Conference (http://www.icscybersecurityconference.com/). As the issue of connecting devices to the internet is unfortunately all too common, the individual utility will not be identified.
Joe Weiss
