Desmond File

Blog archive

Power Down

It's the kind of story that should rightly give anyone the chills. Yesterday at the RSA Conference in San Francisco, penetration testing expert Ira Winkler told the audience that the networks of power companies are vulnerable to attack.

He should know. Winkler, you see, was able to hack into one such network in less than a day.

Winkler and his team, working at the company's behest, were quickly able to gain access to several employees' systems -- by way of a simple phishing attack. From there, they could access the network controlling the power station's monitoring and distribution operations. And from there, a lot of things -- mostly bad -- can happen. You can read a Network World article about Winkler's presentation here.

The problem, Winkler contends, isn't so much with gullible employees who should know better than to click a link on a faux e-mail message. It's with the slap-dash evolution of systems and networks at the power companies. As Winkler explains in a 2007 blog post, the Supervisory Control and Data Acquisition (SCADA) systems employed inside power companies are no longer isolated from external threats. The air gap that once protected these systems has been bridged by what Winkler calls the "lazy and cheap" behavior of people at these companies.

The worst thing? Winkler says power companies' fear of service interruptions makes them reluctant "to update SCADA systems, and the systems and networks that support them." It's a recipe for disaster that Winkler has urged power companies to uncook. He calls for SCADA systems to be unlinked from the public network and for power companies to deploy software and systems that enable reliable and rapid patching.

What do you think of Winkler's warning to the power industry? And what can development managers do to ensure that critical systems like these prove less susceptible to attack? E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 04/10/2008


comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube