Two engineers have discovered a major vulnerability in the systems that control our power grid, one that could literally allow hackers to take down the entire U.S. power grid.
According to the New York Times, the two engineers, Adam Crain and Chris Sistrunk, developed software to look for vulnerabilities in an open-source software program. The program looked for defects in a very specific communications protocol called DNP3, which is predominantly used by electric and water companies, and plays a crucial role in so-called S.C.A.D.A. (supervisory control and data acquisition) systems.
SCADA systems basically control everything from our communication infrastructure, to our drinking water and our electric power grid and nuclear reactors. For many years SCADA systems were thought to be more secure; according to these engineers, that may not be the case.
During the course of testing, the engineers found they could penetrate and shutdown almost every major Industrial Control System they tested. The two quickly compiled a 20-page report detailing the vulnerabilities they found for the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.
Despite finding and reporting the problems to the Department of Homeland Security, the engineers claim very little is being done to fix the problem.
Government preparing for Massive GridEx 2013 Preparedness Drill
Early next month, the U.S. Government, along with more than 150 companies and organizations, will take part in GridEx 2013, one of the largest infrastructure preparedness drills ever. The drill will simulate a Grid Down Scenario, one that will examine what would happen if the county’s electric grid was taken down by both physical and cyber-attacks.
While GridEx 2013 organizers are pretty tight-lipped over exactly what’s being tested, experts say it could be years before any real improvements are actually made. In fact, our country has known about most of these threats for decades, but very little has been done to protect the country.
Earlier this year we talked to Damon Petraglia, a Cyber-Terrorism expert and member of US Secret Service Electronic Crimes Task Force, who told us, the country is “under attack 24 hours a day, seven days a week, 365 days a year.” He went on to say, “Our military systems are probed in excess of hundreds of thousands of times per hour. Our private industry can claim similar statistics.”
Our country’s infrastructure is extremely susceptible to cyber-attacks, not to mention how easily things can go bad during relatively common problems caused by storms and outdated failing equipment. As we’ve seen during disasters like Hurricane Sandy, even small-scale disasters can wreak havoc on this country’s power grid, and cause mass amounts of chaos on the streets.
The need to be prepared for this type of disaster has never been more apparent. Our entire culture clings to these systems like a lifeline, should those systems go down this country will be in for some major trouble.