Can freebie software and a can of Pringles bring down the U.S. power grid?
As far as we know, no one has ever deliberately hacked into the U.S. electrical
grid and pulled the plug on millions or even thousands of people. Just as on Sept.
10, 2001, no one had ever deliberately crashed a jet airliner into a skyscraper.
Is the power grid vulnerable to cyberattack? What about natural gas pipelines,
nuclear plants, and water systems? Or refineries and other industrial facilities
that run on similar Internet-enabled digital control systems? Could a terrorist
or disgruntled employee cause lethal accidents and millions of dollars of damage?
What about a bored 14-year-old? Executive consultant for KEMA Consulting Joseph
Weiss thinks they are vulnerable . None of the industrial control systems used to
monitor and operate the nation's utilities and factories were designed with security
in mind. Moreover, their very nature makes them difficult to secure. Linking them
to networks and the public Internet only makes them harder to protect. Paul Blomgren,
manager of sales engineering at cyber-security firm Rainbow Mykotronx in Torrance,
Calif., measures control system vulnerabilities. Last year his company assessed a
large southwestern utility that serves about four million customers. "Our people drove
to a remote substation," he recalled. "Without leaving their vehicle, they noticed
a wireless network antenna. They plugged in their wireless LAN cards, fired up their
notebook computers, and connected to the system within five minutes because it wasn't
using passwords. Within 10 minutes, they had mapped every piece of equipment in the
facility. Within 15 minutes, they mapped every piece of equipment in the operational
control network. Within 20 minutes, they were talking to the business network and had
pulled off several business reports. They never even left the vehicle."
Blomgren, of course, is a professional with a professional's tools. But Eric Byres,
research manager at the Internet Engineering Laboratory of the British Columbia Institute
of Technology in Burnaby, maintains that any hacker could achieve similar results—with
free software off the Internet and a can of Pringles. Wireless systems are especially
vulnerable to attack, Byres said. He cited as an example a petrochemical plant that he
just finished assessing. "They had an overflow pond that wound around the plant site and
wanted to put sensors on it, but they were worried that if they ran fiber, someone might
dig it up," he said. "So they put in a wireless system." Because the wireless system was
part of the plant network, information technology engineers assumed the firewall would
protect it from unauthorized access. That was not the case. Because they thought they
were secure, they never even turned on the wireless transmitters' security features.
Byres said that many information technology, or IT, professionals don't even know these
options exist.
Eavesdropping choices: original or spicy Cajun. A quick Web search can turn up hundreds
of sites eager to tell how to turn a snack can into a directional antenna able to listen
in on wireless systems. Anyone driving by could pick up the wireless traffic. All they
need is a laptop PC, a $60 wireless network card, and a directional antenna, which can
be made from a Pringles can. Don't know how to make the antenna? A Google Internet search
of "Pringles antenna" returns nearly 400 Web sites, many with do-it-yourself instructions,
pictures, and even videos.Wireless security features are easily defeated.