Got Batteries?

Source: Canada NewsWire, 9 Oct 2004, excerpted

British Columbia Institute of Technology cyber security research leader Eric Byres testified for the U.S. Congressional Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census in Washington D.C. on 1 Oct 2004, warning that hacker attacks on North America's critical industrial infrastructure [power, etc., and of course the information technology on which they all depend] could soon become as commonplace as the practice of hacking Web pages.

Particularly vulnerable are the Supervisory Control and Data Acquisition (SCADA) systems used ubiquitously for operation and maintenance. They efficiently enable the collection and analysis of data and control of equipment from remote locations.

There is a growing concern that this reliance on computers and computer networks raises the vulnerability of critical infrastructures to attack by cyber terrorists. A recent National Research Council report has identified "the potential for attack on control systems" as requiring "urgent attention."

In May, a researcher at a British conference showed how by remotely adjusting overload settings on a grid's power transformers during the warm summer months, it is possible to destroy millions of dollars of equipment and shut the grid for days.

As early as 1997, a six-month vulnerability assessment by the White House's National Security Telecommunications Advisory Committee found basic security flaws in the computerized systems that control generators, switching stations and electrical substations. Among other things, the committee reported that operational networks controlling critical portions of the grid were accessible through electric companies' corporate LANs (local area networks). Some digital circuit breakers could be remotely tripped by anyone with the right phone number. Fixed passwords for remote vendor access went unchanged for years. Not enough has changed since then, Byres notes.

While getting into a critical control system might not be easy, it is certainly not impossible. Said Byres, "As we like to say in the lab, 'crunchy on the outside, soft on the inside.'"

Ahem. Not fixed since 1997. Hmm.

Think I'll go crank up the generator tonight.