Hackers and the US Power grid
andre.kesteloot at verizon.net
Fri Nov 9 23:05:53 CST 2012
On 11/9/2012 23:50 PM, Chip Fetrow wrote:
> It just astounds me that critical power generation and distribution
> equipment is actually connected to the public Internet.
> It seems incredibly stupid to me.
> I did some work with Mitre several years ago. They ran their internal
> network with no connection to anything outside. Of course, part of
> what they do is DoD work. I wanted to give them access to some of my
> equipment so they wouldn't have to drive 60 miles to "adjust" things.
> They told me they didn't have modems at all and were not allowed to
> buy them. I reached inside a cabinet, pulled one out and gave it to
> them. They got permission to instal it on a computer that had a new
> OS install, and no connection to their network.
> Now, why can't the power companies do the same thing. Run an internal
> network. Seeing that they are the second biggest users of point to
> point microwave (next to phone companies), it would seem trivial.
> I had a discussion with a high level engineering manager with a power
> company once and I stated that it seemed obvious to me that nuclear
> plants were not connected to the public Internet and he turned white.
One of the problems seems to be that the power-generating companies in
the US are not Government-owned (as they are in France, or England, or
Russia, etc), and therefore are not easily controlled by the USG. In
other words it is not evident that the USG can force them to have
stricter security, as this would involve additional expenses.
More information about the Tacos