Utility assets continue to be cyber vulnerable and critical information publicly accessible
Jan. 1, 2000
Project SHINE recently found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. They discovered this via search engines without even accessing the site itself.
Project SHINE recently found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. They discovered this via search engines without even accessing the site itself. This information is publicly collected data from the search engine. Using a plain old web browser, they were able to identify the utility, the specific substation, and circuit breakers by utility serial number. They could also (but did not) access the relay configuration mode. From there, an Aurora attack could have been triggered, with dramatic consequences for utility customer rotating equipment (e.g. data center cooling equipment, rotating machinery, generators,...). Because the substation was under 100kV, it did not require a cyber-assessment under NERC CIP. Project Shine provided this information to DHS. It is not clear what DHS has done with this information.
Project SHINE also found dozens of wind farms directly connected to the Internet with 3 digit default passwords. The power stabilizer units were identified by manufacturer and model number. Compromising the power stabilizer units can cause damage to the turbines.
Project SHINE was started by two utility personnel to interrogate the Shodan website for control system devices directly connected to the Internet. Project SHINE has compiled a current list of >1,000,000 internet-accessible IP addresses associated with potentially vulnerable industrial control and management systems. An article detailing the project and describing the list was translated into Persian and posted on hacker forums in January 2013.
A representative from Project SHINE will discuss the results at the October ICS Cyber Security Conference.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...