"Maker of Smart-Grid Control Software Hacked"

The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid.

Quelle: Wired vom 26.09.12

The attackers installed malicious software on the network and also accessed project files for its OASyS SCADA system, according to KrebsOnSecurity, which first reported the breach.

According to Telvent, its OASyS DNA system is designed to integrate a utility’s corporate network with the network of control systems that manage the distribution of electricity and to allow legacy systems and applications to communicate with new smart grid technologies.

Telvent calls OASyS “the hub of a real-time telemetry and control network for the utility grid,” and says on its website that the system “plays a central role in Smart Grid self-healing network architecture and improves overall grid safety and security.”

The breach raises concerns that hackers could embed malware in project files to infect the machines of program developers or other key people involved in a project.

A hack via a vendor’s remote access to a customer’s network is one of the primary ways that attackers get into systems. Often, intrusions occur because the vendor has placed a hardcoded password into its software that gives them access to customer systems through a backdoor — such passwords can be deciphered by attackers who examine the software. Attackers have also hacked customer systems by first breaching a vendor’s network and using its direct remote access to breach customers.

Dieses Beispiel zeigt einmal mehr die vielschichtigen Möglichkeiten, IKT-Systeme anzugreifen. Daher ist eine entsprechende Systemgestaltung im Smart Grid umso wichtiger, die verhindert, dass sich ein Fehler im System auf das gesamte System negativ auswirken kann. Das System darf nicht "to big to fail" werden, an sonst stellt es die  Achillesferse der gesamten Infrastruktur  dar.