Author: Dave Lewis

Ira Winkler, author of “Spies Among Us” has a piece up today on owning the power grid.

From Internet Revolution.com:

The first time I broke into our country’s electrical power grid was a decade or so ago. Hacking into the control systems set up by utility companies wasn’t surprising then, and it isn’t surprising now. While people find this shocking, it really isn’t. When you think about how insecure computer infrastructures are, why would you think that the power grid would be any more secure? Frankly, the power grid is even less secure than most other computer networks.

Um, a touch of an overstatement. Are there problems? Of course. But, a blanket statement such as that is a touch much. Then he goes on,

Many people might now be thinking, “But isn’t it impossible to actually connect to or otherwise access a power grid SCADA system?” The answer is very sadly, “Hell no!”

Initially, the power grid control systems were on closed networks. However when the Internet started to blossom, power companies decided that it was too costly to maintain separate networks. After all, they would need two computers on every desk, which wouldn’t be able to talk to each other. At the time, they rationalized that this only required adding extra protection to logically separate the power grid from the corporate networks. Don’t count on the hope that they actually followed through with that.

At least we both agree that the video demonstation that DHS released from a simulation last March is, to be blunt, cheesy.

There are many people out there who are trying to downplay the DHS video, and ridiculing it. Again, it is true that the video has not been put in the proper context. However, anyone who claims that the power grid is not at serious risk is very naïve and/or ignorant.

Fair point. Although that might be a bit harsh. I would offer that running around waving our hands in the air screaming won’t get us there any faster. Ira makes some good points. My problem is that the article edges over to the ranting side of things a little too heavily. That being said, I agree. The emphasis on grid security has to become a greater priority.

Now, in a lot of ways the changes are happening. There are now SCADA security confences such as S4 and NERC CIP standards to help bring the industry up to a better security posture. Will it be quick? Um, no. Decades of an ostrich-like approach to security in the water, sewage, utility space has built up a thick skin of corrosion.

The changes are happening.

I wonder if this one has made the rounds on the SCADA security list yet?

Article Link

Tags: SCADA Security, SCADA, FUD, Power Grid Security