December 14, 2010 | By Paul Mauldin

Here’s a frightening scenario – thousands of teenage hackers sitting in their rooms after school trying to break into utility databases or spread a virus – all through the Home Area Network (HAN)! Could it happen? Recent events are certain to make the power industry sit up and blink.

We could call the last few months the Semester of Cyber-security panic. As the WikiLeaks fiasco continues to boil, herds of hackers are apparently engaged in a global cyber-war against nations and corporations that threaten WikiLeak’s continued operations. There doesn’t seem to be any real moral or patriotic issues involved in the attacks. It’s almost as though a globally connected bunch of teenaged hackers just took on a new challenge. Sort of a “Revenge of the Nerds” cyber sequel. In fact, at the time of this writing a Dutch teenager is being held as a suspected ringleader of the “Operation Payback” attacks on financial institutions that refuse to service WikiLeaks donations.

All that bizarre chaos will go where it will – but the big question is: How did so much info get acquired through one entry point? It’s hard to believe that a young soldier might have done something as simple as plugging into a USB port and downloading over 6 million documents.

Then there’s STUXNET, the cyber virus that entered via the Internet and infected Iran’s uranium processing center in Natanz and their new nuclear reactor in Bashehr. The STUXNET worm specifically targets certain Siemens control systems used in power plants and in the power grid itself. Apparently it was a targeted infection intended to show off the virus’ capabilities. So far the virus hasn’t caused much damage. But it could have, with the right payload.

The biggest problem is getting rid of the darn thing. Ralph Langner, a German cyber security expert on STUXNET, describes the Iranian’s conundrum:

“They should throw out every personal computer involved with the nuclear program and start over, but they can’t do that. Moreover, they are completely dependent on outside companies for the construction and maintenance of their nuclear facilities. They should throw out their computers as well. But they can’t,” he explained. “They will just continually re-infect themselves.” Sort of like a bubonic plague epidemic without antibiotics.

Apparently the virus came in through the internet and, just like the WikiLeaks gusher, it only takes one open cyber door. You can bet we’ll keep that in mind when considering Smart Grid vulnerabilities.

In any case it looks like smart grid security is headed to be more complex and exacting than we had considered. We’ll see more than a few state and federal agencies involved so we can only hope that the solutions won’t be so user-unfriendly that they make the customer interface useless.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s