Security Bytes

Sep 27 2007   8:31AM GMT

Hacking threat to power plant systems rises to alarming level

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


Power Generator destructsRemember that power outage in 2003 that left New York and other Northeastern cities in the dark? The situation was corrected in a few days and in that time business came to a complete standstill. Now imagine that on a greater scale and you could start to see the economic consequences.

CNN is reporting today about a secret experimental cyber attack which caused a generator to self-destruct. Officials at the Department of Energy’s Idaho lab conducted an experiment in which security researchers hacked into a replica of a power plant’s control system. The experiment was called “Aurora,” and conducted in March.

According to a video, obtained by CNN, the experiment caused a generator to self-destruct sending sparks and smoke shooting from it.

The threat to our electrical infrastructure is so alarming that the Department of Homeland Security officials are making it a priority. Or is it a priority? The fact that the experiment made it out of the DHS and into the hands of CNN reporters raises a red flag. Someone may have thought that public pressure is needed to make it a priority.

Industry experts told CNN that the experiment shows large electric systems are vulnerable in ways not previously demonstrated. They point out that cybersecurity spending is projected to increase only slightly next year. In fact, spending in the Department of Homeland Security is projected to decrease to less than $100 million, with only $12 million spent to secure power control systems.

And right now Congress is debating spending more than $200 billion for the war in Iraq.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Dan
    Why does the article not mention that many automatic mechanical, electrical and electronic safe guards as well as the complete removal of human monitoring, necessary for this attack to work? This article is incomplete and full of FUD. People that need to make intelligent decisions about SCADA security need factual information. Not this mis-information used to unnecessary generate funding for impossible scenarios.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: