It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Two engineers discover massive vulnerabilities in US Power and Water Grid.
page: 14
share:
Seems like an ATS-style topic. These particular newspieces came out couple of days ago, so I wonder why this has not reached here yet. The actual
discovery happened 7 months ago, but research came this week. Could not find threads on the matter, so I hope I am not making a second thread on
this.
bits.blogs.nytimes.com...
rt.com...
www.dailykos.com...
This seems as an very important issue to deal with. Electricity and water are both vital utilities nowadays. Recently there have been several threads on possible power grid failure and concerns about the upcoming national drill. This might add even more fuel to the conspiracies.
Hopefully these problems would be fixed soon, although what is troubling in my eyes is the leak in media. I wonder how many people might actually be trying to find the weaknesses currently as they know these are at serial communications, some of them definitely not on good intentions, although I seriously hope these vulnerabilities would be fixed before some manages to exploit them.
The advisories concern vulnerabilities in the communication protocol used by power and water utilities to remotely monitor control stations around the country. Using those vulnerabilities, an attacker at a single, unmanned power substation could inflict a widespread power outage.
Still, the two engineers who discovered the vulnerability say little is being done.
Adam Crain and Chris Sistrunk do not specialize in security. The engineers say they hardly qualify as security researchers. But seven months ago, Mr. Crain wrote software to look for defects in an open-source software program. The program targeted a very specific communications protocol called DNP3, which is predominantly used by electric and water companies, and plays a crucial role in so-called S.C.A.D.A. (supervisory control and data acquisition) systems. Utility companies use S.C.A.D.A. systems to monitor far-flung power stations from a control center, in part because it allows them to remotely diagnose problems rather than wait for a technician to physically drive out to a station and fix it.
bits.blogs.nytimes.com...
New research revealed this week shows that many of the nation’s vital infrastructure systems are more vulnerable to cyberattacks than previously expected.
In fact, researchers Chris Sistrunk and Adam Crain have discovered 25 different security system weaknesses that could potentially permit hackers to sabotage or crash servers that control water systems and electric substations.
Throughout the course of their research, Sistrunk and Crain discovered that the products of more than 20 vendors had significant security vulnerabilities. Hackers could, for example, crash a power station’s master server by guiding it into an infinite loop, or cause power outages by remotely injecting their own make-shift code into a server.
These security holes have generally been found in serial and networking devices used to communicate between servers and substations. Since most efforts have gone into preventing cyberattacks via IP networks, the possibility of a security breach through serial communication products has generally been deemed as less of a risk. The truth of the matter, as Crain tells it, is that hacking into a power system via serial communication devices may be easier than going through the internet.
rt.com...
What makes the vulnerabilities particularly troubling, experts say, is that traditional firewalls are ill-equipped to stop them. “When the master crashes it can no longer monitor or control any and all of the substations,” said Dale Peterson, a former N.S.A. employee who founded Digital Bond, a security firm that focuses on infrastructure. “There is no way to stop this with a firewall and other perimeter security device today. You have to let DNP3 responses through.”
www.dailykos.com...
This seems as an very important issue to deal with. Electricity and water are both vital utilities nowadays. Recently there have been several threads on possible power grid failure and concerns about the upcoming national drill. This might add even more fuel to the conspiracies.
Hopefully these problems would be fixed soon, although what is troubling in my eyes is the leak in media. I wonder how many people might actually be trying to find the weaknesses currently as they know these are at serial communications, some of them definitely not on good intentions, although I seriously hope these vulnerabilities would be fixed before some manages to exploit them.
edit on 22-10-2013 by Cabin because: (no reason
given)
reply to post by Cabin
Probably meant to be that way. It's not for the random hacker in russian living in his moms basement. it's simply so that when the time is right they can shut it all down and then scramble the whole system so it would be very difficult if not impossible to turn everything back on. that's my best guess
Probably meant to be that way. It's not for the random hacker in russian living in his moms basement. it's simply so that when the time is right they can shut it all down and then scramble the whole system so it would be very difficult if not impossible to turn everything back on. that's my best guess
Great move, going public would be a whole lot easier than spray painting "ATTACK HERE" in big letters all over the infrastructure, which is pretty
much what they've done.
Who publicly broadcasts sensitive info like this? it goes to show that intelligence and common sense are not mutually exclusive.
Who publicly broadcasts sensitive info like this? it goes to show that intelligence and common sense are not mutually exclusive.
new topics
-
Electrical tricks for saving money
Education and Media: 2 hours ago -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 3 hours ago -
Sunak spinning the sickness figures
Other Current Events: 4 hours ago -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 4 hours ago -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 6 hours ago -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 7 hours ago -
The Good News According to Jesus - Episode 1
Religion, Faith, And Theology: 9 hours ago -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 11 hours ago
top topics
-
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 7 hours ago, 8 flags -
Florida man's trip overseas ends in shock over $143,000 T-Mobile phone bill
Social Issues and Civil Unrest: 14 hours ago, 8 flags -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 3 hours ago, 8 flags -
Former Labour minister Frank Field dies aged 81
People: 17 hours ago, 4 flags -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 11 hours ago, 3 flags -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 4 hours ago, 3 flags -
Sunak spinning the sickness figures
Other Current Events: 4 hours ago, 3 flags -
Bobiverse
Fantasy & Science Fiction: 14 hours ago, 3 flags -
Electrical tricks for saving money
Education and Media: 2 hours ago, 3 flags -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 6 hours ago, 2 flags
4