Thursday, September 27, 2007

Simulated Cyberattack Shows Hackers Blasting Away at the Power Grid


The Associated Press has obtained a video made for the Department of Homeland Security that shows a simulated hacker attack on a power station that doesn't end well for a turbine. In the video the latter goes spinning out of control and spits out pieces of the turbine as well as smoke before it, presumably, dies a noisy, dramatic death (see photo at right).

The test attack, conducted in March by the Idaho National Laboratory for DHS, exploited a programming vulnerability in SCADA systems (Supervisory Control and Data Acquisition systems), the computer systems that control electric, water and chemical plants throughout the U.S. The test was intended to show how a remote digital attack by hackers could cause real-world damage beyond the computer used to conduct the attack.

The programming flaw has since been fixed, but that doesn't mean other flaws don't exist. SCADA systems were never designed with security in mind and have long been considered vulnerable to attack. Government officials claimed in 2002 that they had uncovered evidence that members of al Qaeda had explored vulnerabilities in SCADA systems in order to conduct such attacks on utilities.

But experts have always disagreed about the degree of damage a remote attacker could do to the power grid or water system via computer or the likelihood that someone would even choose such an attack as opposed to a physical attack with a bomb or other sabotage method that would be far more effective.

Unfortunately, cybarmageddonists are likely to seize this story and spin it wildly out of control to monger fear, ignoring a few comments in the AP story that suggest the demonstration may have exaggerated the risk.

No comments: