Grid-hacking is back in the news, with the unveiling of “Perfect Citizen,” the National Security Agency’s creepily named effort to protect the networks of electrical companies and nuclear power plants.
People have claimed in the past to be able to turn off the internet, there are reports of foreign penetrations into government systems, “proof” of foreign interest in attacking U.S. critical infrastructure based on studies, and concerns about adversary capabilities based on allegations of successful critical infrastructure attacks. Which begs the question: If it’s so easy to turn off the lights using your laptop, how come it doesn’t happen more often?
The fact of the matter is that it isn’t easy to do any of these things. Your average power grid or drinking-water system isn’t analogous to a PC or even to a corporate network. The complexity of such systems, and the use of proprietary operating systems and applications that are not readily available for study by your average hacker, make the development of exploits for any uncovered vulnerabilities much more difficult than using Metasploit.
To start, these systems are rarely connected directly to the public internet. And that makes gaining access to grid-controlling networks a challenge for all but the most dedicated, motivated and skilled — nation-states, in other words.
Let’s pretend for a moment that hackers were planning to attack the United States. What would they need to do to gather enough information necessary to take out the electrical power in key parts of the country? They don’t want to fiddle at the edges, mind you. They want to have enough data to build the technical capability necessary to shut out the lights in Washington or New York or California at precisely the time and for exactly the duration they want.
For starters, they would need to know things like: Where are the power plants? What kind of plants are they? What sort of fuel do they use? Who built them and when? What sort of materials and technology were used when they were built? Who manufactured the generators, turbines and other key equipment? Whose SCADA software are they running? Who runs the plants? How does fuel, people, supplies get into or out of the plant? What sort of security do they have? And perhaps most importantly: Which plants supply power to which parts of the country?
Where to begin? Even in places like the United States, where there isn’t much you cannot find online, you’re not going to be able to get the depth and detail you need to turn off the lights with a simple network connection. You’re going to have to deploy national-level resources:...
[Full Article]