Researchers have recently uncovered over two-dozen vulnerabilities in networks controlling critical infrastructure warn that the flaws could allow attackers to shut down portions of the power grid and water distribution systems.
Chris Sistrunk and Adam Crain have documented vulnerabilities in products for more than 20 vendors, and are concerned at the lack of effort to mitigate the vulnerabilities.
The weaknesses provide an opportunity for would-be attackers to execute remote code-injections that could disrupt power delivery or take a master server at an unmanned substation offline.
“Every substation is controlled by the master, which is controlled by the operator. If you have control of the master, you have control of the whole system, and you can turn on and off power at will,” said Sistrunk.
Prior to the researcher’s discoveries, attacks against serial and network communications between servers and substations was thought to be an unlikely attack vector, as most vulnerability concerns are centered around IP communications systems, which are better protected from exploitation.
“If someone tries to breach the control center through the internet, they have to bypass layers of firewalls. But someone could go out to a remote substation that has very little physical security and get on the network and take out hundreds of substations potentially. And they don’t necessarily have to get into the substation either,” Crain said.
Aside from havoc that an attacker could cause by physically infiltrating a substation, the researchers warn that recent proof-of-concept exploits have demonstrated that the substations are vulnerable to hacking through wireless radio networks.
“There are quite a few ways onto these networks, and utilities have to worry about this new attack vector,” Crain warned.
Read More Here…