Desmond File

Blog archive

Power Down

It's the kind of story that should rightly give anyone the chills. Yesterday at the RSA Conference in San Francisco, penetration testing expert Ira Winkler told the audience that the networks of power companies are vulnerable to attack.

He should know. Winkler, you see, was able to hack into one such network in less than a day.

Winkler and his team, working at the company's behest, were quickly able to gain access to several employees' systems -- by way of a simple phishing attack. From there, they could access the network controlling the power station's monitoring and distribution operations. And from there, a lot of things -- mostly bad -- can happen. You can read a Network World article about Winkler's presentation here.

The problem, Winkler contends, isn't so much with gullible employees who should know better than to click a link on a faux e-mail message. It's with the slap-dash evolution of systems and networks at the power companies. As Winkler explains in a 2007 blog post, the Supervisory Control and Data Acquisition (SCADA) systems employed inside power companies are no longer isolated from external threats. The air gap that once protected these systems has been bridged by what Winkler calls the "lazy and cheap" behavior of people at these companies.

The worst thing? Winkler says power companies' fear of service interruptions makes them reluctant "to update SCADA systems, and the systems and networks that support them." It's a recipe for disaster that Winkler has urged power companies to uncook. He calls for SCADA systems to be unlinked from the public network and for power companies to deploy software and systems that enable reliable and rapid patching.

What do you think of Winkler's warning to the power industry? And what can development managers do to ensure that critical systems like these prove less susceptible to attack? E-mail me at [email protected].

Posted by Michael Desmond on 04/10/2008 at 1:15 PM


comments powered by Disqus

Featured

  • ML.NET Improves Object Detection

    Microsoft improved the object detection capabilities of its ML.NET machine learning framework for .NET developers, adding the ability to train custom models with Model Builder in Visual Studio.

  • More Improvements for VS Code's New Python Language Server

    Microsoft announced more improvements for the new Python language server for Visual Studio Code, Pylance, specializing in rich type information.

  • Death of the Dev Machine?

    Here's a takeaway from this week's Ignite 2020 event: An advanced Azure cloud portends the death of the traditional, high-powered dev machine packed with computing, memory and storage components.

  • COVID-19 Is Ignite 2020's Elephant in the Room: 'Frankly, It Sucks'

    As in all things of our new reality, there was no escaping the drastic changes in routine caused by the COVID-19 pandemic during Microsoft's big Ignite 2020 developer/IT pro conference, this week shifted to an online-only event after drawing tens of thousands of in-person attendees in years past.

  • Visual Studio 2019 v16.8 Preview Update Adds Codespaces

    To coincide with the Microsoft Ignite 2020 IT pro/developer event, the Visual Studio dev team shipped a new update, Visual Studio 2019 v16.8 Preview 3.1, with the main attraction being support for cloud-hosted Codespaces, now in a limited beta.

Upcoming Events