''U.S. Powers Plants vulnerable to Hacking.If exploited, the vulnerabilities could be used to crash or potentially hijack the servers controlling electronic substations, water utilities and power plants.
Adam Crain, Chris Sistrunk and Adam Todorski, who are working with industrial consultants Automatak, found 25 zero-day vulnerabilities – flaws which have never before been seen in the wild – in the protocol by which power plants and other parts of the electricity grid communicate internally.
Such protocols are rarely examined by security researchers because they are isolated from the internet, the usual source of hacking attacks.
In addition, the specificity of the protocols, known as supervisory control and data acquisition (SCADA) systems, means that the are thought to have a sort of security through obscurity: if few know how they work, then it is hoped no one will have the knowledge to exploit them.
Crain warns this is a false comfort. “If someone tries to breach the control center through the internet, they have to bypass layers of firewalls,”he told Wired's Kim Zetter But someone could go out to a remote substation that has very little physical security and get on the network and take out hundreds of substations potentially. And they don’t necessarily have to get into the substation either.”
Source: theguardian