Until today, cyberattacks aimed at infrastructure, such as power grids, were considered to be costly, requiring a great amount of resources and knowledge to execute. In other words, this would be the kind of attack that would require great effort, and would be restricted to agents interested in causing economic and/or political damages to a nation. The attacks on Ukraine’s energy grid between 2015 and 2016, attributed to Russia, are a good example — in December 2016 200 megawatts were taken from a plant in the city of Kiev, corresponding to 20% of the city’s nightly consumption.
Two events — a presentation at a cybersecurity conference and the announcement of vulnerability patches on systems owned by General Electric — demonstrate that, at least for a while, this type of attack was very close to becoming something more common.
Firstly, three New York University researchers (NYU) have promised to “provide a structured methodology towards attacking a power system on a limited budget” and show how it is possible to “use web-based information to model and analyze a target system anywhere in the world”, in a speech to be presented in July this year, during the Black Hat Conference.
Anastasis Keliris, Charalambos Konstantinou and Mihalis Maniatakos intend to demonstrate how to exploit a vulnerability present in General Electric’s Multilin line “widely used in power systems”. The vulnerability, according to the presentation’s summary, allows breaking the encryption algorithm used in authentication processes in these products, which are used for protection and management of power grids. With privileged access an attacker could, in theory, shut down a distribution network.
Lectures and presentations of this kind, involving demonstration of vulnerabilities in known (and sometimes critical) systems are nothing new to Black Hat, the difference here is how quickly GE presented a solution to the vulnerability that will be only be presented in July.
The company said last week it had corrected five out of six newly discovered vulnerabilities (the latter of which would be expected to be released soon, the report said).
For Reuters, the company said it was in the process of “notifying and providing product updates to the affected customer base with new firmware available to address this issue”.
For more on this subject, click here