[Dshield] CNN 'Explores Possibility that Power Outage is Relatedto Internet Worm'

Geoff Shively gshively at pivx.com
Fri Aug 15 21:49:27 GMT 2003

While I am sure there is much manual labor that goes into power control, and
I am no expert on the power systems, I am confident that if  DCS
(Distribution Control System), SCADA or other computer controlled HMI (Human
Machine Interface) went down- said plant would have to cease operation due
to lack of data and control from these systems.

There has been a link floating around all day that is quite good, and talks
about how this can happen. Sandia Laboratories (www.sandia.gov) in New
Mexico has done some outstanding research and tests against these control
systems and their networks which is discussed in this documentary.


Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?

----- Original Message ----- 
From: "Dragos Ruiu" <dr at kyx.net>
To: "General DShield Discussion List" <list at dshield.org>; "Geoff Shively"
<gshively at pivx.com>
Sent: Friday, August 15, 2003 2:40 PM
Subject: Re: [Dshield] CNN 'Explores Possibility that Power Outage is
Relatedto Internet Worm'

> On August 15, 2003 02:27 pm, Geoff Shively wrote:
> > On the contrary,
> >
> > SCADA is accessed by Remote Terminal Units "RTU's".  SCADA runs under
> > Win2000 / XP and the telemetry to the  RTU is accessible via the
> >
> > We know that SCADA and DCS systems are supplied by one of 5 major
> > and these system are advertised on the vendors websites to run Microsoft
> > Windows versions 95, 2000 and NT. Also advertised is DCOM and RPC
> > within these systems, RPC/DCOM recently became famous as the
> > worm exploited this protocol to spread across the internet. With this
> > it is likely that an infected system infected a SCADA or DCS, and this
> > could be why we are seeing large scale outages across the country.
> >> > heh,
> > >
> > >   nice theory....
> > >
> > >  ... but, power routing and control doesn't happen over the internet
> >
> > usually.
> >
> > >  It's normally still done by an engineer to engineer phone call. :-)
> Yes... but in the power system SCADA is used for data collection. At least
> in western Canada, YMMV but I believe this is typical of other systems.
> The power routing is still done by humans flipping (really freaking big)
> switches - or starting turbines or turning hydro valves. There are
> lots of physical procedures and safeguards in the system too.
> And people think carefully about those decisions, because the
> fines and regulatory penalties for being out of spec are measured
> in tens of thousands of dollars per minute.
> You might be able to interfere with the data going into the power
> NOC and fool the operators into making the wrong phone calls.
> But arguably you would need to know a lot about the design of the
> system and specific procedures and policy to create an outage
> this way.
> cheers,
> --dr
> -- 
> pgpkey http://dragos.com/ kyxpgp

More information about the list mailing list