[Dshield] CNN 'Explores Possibility that Power Outage is Relatedto Internet Worm'

Geoff Shively gshively at pivx.com
Fri Aug 15 21:49:27 GMT 2003


While I am sure there is much manual labor that goes into power control, and
I am no expert on the power systems, I am confident that if  DCS
(Distribution Control System), SCADA or other computer controlled HMI (Human
Machine Interface) went down- said plant would have to cease operation due
to lack of data and control from these systems.

There has been a link floating around all day that is quite good, and talks
about how this can happen. Sandia Laboratories (www.sandia.gov) in New
Mexico has done some outstanding research and tests against these control
systems and their networks which is discussed in this documentary.
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?
http://www.pivx.com

----- Original Message ----- 
From: "Dragos Ruiu" <dr at kyx.net>
To: "General DShield Discussion List" <list at dshield.org>; "Geoff Shively"
<gshively at pivx.com>
Sent: Friday, August 15, 2003 2:40 PM
Subject: Re: [Dshield] CNN 'Explores Possibility that Power Outage is
Relatedto Internet Worm'


> On August 15, 2003 02:27 pm, Geoff Shively wrote:
> > On the contrary,
> >
> > SCADA is accessed by Remote Terminal Units "RTU's".  SCADA runs under
> > Win2000 / XP and the telemetry to the  RTU is accessible via the
Internet.
> >
> > We know that SCADA and DCS systems are supplied by one of 5 major
vendors
> > and these system are advertised on the vendors websites to run Microsoft
> > Windows versions 95, 2000 and NT. Also advertised is DCOM and RPC
support
> > within these systems, RPC/DCOM recently became famous as the
Lovsan/Blaster
> > worm exploited this protocol to spread across the internet. With this
said
> > it is likely that an infected system infected a SCADA or DCS, and this
> > could be why we are seeing large scale outages across the country.
>
> >> > heh,
> > >
> > >   nice theory....
> > >
> > >  ... but, power routing and control doesn't happen over the internet
> >
> > usually.
> >
> > >  It's normally still done by an engineer to engineer phone call. :-)
>
>
> Yes... but in the power system SCADA is used for data collection. At least
> in western Canada, YMMV but I believe this is typical of other systems.
> The power routing is still done by humans flipping (really freaking big)
> switches - or starting turbines or turning hydro valves. There are
> lots of physical procedures and safeguards in the system too.
> And people think carefully about those decisions, because the
> fines and regulatory penalties for being out of spec are measured
> in tens of thousands of dollars per minute.
>
> You might be able to interfere with the data going into the power
> NOC and fool the operators into making the wrong phone calls.
> But arguably you would need to know a lot about the design of the
> system and specific procedures and policy to create an outage
> this way.
>
> cheers,
> --dr
>
> -- 
> pgpkey http://dragos.com/ kyxpgp
>




More information about the list mailing list