Power Grid Hacked; Better Network Architecture Needed
Penetration-testing consultant Ira Winkler described how he and a team of security professionals compromised a power company's network enough to gain control of production and distribution systems. A combination of a social engineering attack (" ... click here or your benefts will be suspended ..." type of message) and malware downloaded from the malicious site provided for the short lived attack. Why was it so easy?
Winkler says the problem, as reported by NetworkWorld, is:
Power companies' desire to not risk interrupting service with software upgrades that could improve security perpetuates the inherent weaknesses, he says. "The power grid is so poorly maintained that it is easier to attack than most other systems and networks," he says. "They hope for the best and make the risk-avoidance excuse if something goes wrong."
Companies in this position need to isolate their control networks from non-control segments and run more secure software designed for these control systems according to Winkler.
The federal agency that regulates the power industry, FERC, has some Cyber Security Standards regulations which should start forcing improvements.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
