About these ads
Home > Security > SCADA Security: Bridge the Gap (Updated)

SCADA Security: Bridge the Gap (Updated)


In the same hours in which I was writing the original article concerning the growing attention of utilities and security vendors versus SCADA security holes; an anonymous hacker put in practice the lesson and broke into wind turbine systems. He was able to break a 200 megawat wind turbine system owned by NextEra Energy Resources, a subsidiary of Florida Power & Light, claiming revenge for an “illegitimate firing”. Having said that it is not yet known whether or not it is an hoax (Wind power company sees no evidence of reported hack), the data was posted to the Full Disclossure security mailing list Saturday anonymously, by someone using the name “Bgr R.” In the post, the author of the hack wrote:

Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL)

   … ain’t nothing you can do with it, since your electricity is turned off !!!

Secure you SCADA better! Leaked files are attached …

In an e-mail interview, Bgr R said he’s a former employee who discovered a vulnerability in the company’s Cisco security management software. He used that vulnerability to hack into the SCADA (supervisory control and data acquisition) systems used to control the turbines.

Even if the screenshots of the Wind Turbine management interface look legitimate, there are some big question marks. In his interview Bigr R didn’t say much about how he broke into the SCADA systems themselves and he didn’t demonstrate much insider knowledge of Florida Power & Light (FPL) systems.

Hoax or not, this event renews the attention on SCADA Security Issues… For my part I promise I will no longer write down Security Predictions :-)

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 3,041 other followers