Cyber security and the electric grid – it IS a problem

Sept. 13, 2014

Politico had an article, “U.S. grid safe from large-scale attack, experts say”. Enclosed is quick summary of why I disagree.

Politico had an article, “U.S. grid safe from large-scale attack, experts say” (http://www.politico.com/story/2014/09/power-grid-safety-110815.html). Digital Bond had a discussion on the article. Enclosed is my response as I don’t believe the “experts” understand the issues including Aurora:     

The electric grid has been, and continues to be, susceptible to unintentional and malicious cyber incidents. There have already been 4 major cyber-related electric outages in the US. I am currently supporting the US DOD on Aurora hardware mitigation and so have a pretty good idea of the issues. Aurora is the cyber exploitation of the physical gap in protection of the electric grid affecting EVERY substation. The DOD program has installed Aurora hardware mitigation at 2 utilities and we are starting to get data which will be presented at the October ICS Cyber Security Conference in Atlanta. As best as I can tell, there has been at least one Aurora attack that destroyed a power plant overseas. Aurora has several unique features- it can defeat predictive maintenance programs, it can cause multiple failures either simultaneously or over time, and it uses the electric grid to attack the equipment connected to the grid.  Now consider that DHS essentially provided a hit list of critical infrastructure that can be destroyed by Aurora including refineries, water systems, and gas pipelines. This is a very big problem.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.