How to Hack Into a City’s Power Grid

Barb Wire

Here’s another item to scratch off the list of things that government supposedly does well. Our utility infrastructure is secure, right?

Wrong.

From Yahoo News:

SAN FRANCISCO — Employees are the weakest link when securing industrial control systems that run power plants, municipal water supplies, electric grids and other pieces of critical infrastructure, a professional hacker said at the RSA conference here Friday (Feb. 28).

Andrew Whitaker, director of the Cyber Attack Penetration Division at the Reston, Va.-based Knowledge Consulting Group, is paid by companies to penetration test or “pen test” their own systems — to try to break into corporate computers, just as a malicious attacker would.”

“The objective is simple — to gain access,” Whitaker told the audience of information-technology professionals. “We target SCADA engineers. You know how to get into industrial control systems.”

SCADA, or supervisory control and data acquisition systems, are the largest form of computerized industrial control systems, and use both hardware and software to monitor and control large industrial processes.

“So how do we gain access?” Whitaker asked. “We often just ask for an engineer’s username and password.”

Whitaker said his team crafts simple phishing attacks, usually consisting of a brief email message that looks like it comes from a staffer in the company’s IT department.

Read more: Yahoo News

The opinions expressed by columnists are their own and do not necessarily represent the views of Barb Wire.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. Thank you for partnering with us to maintain fruitful conversation.