Smart-Grid Control Software Maker Hacked 96
tsu doh nimh writes "Telvent, a multinational company whose software and services are used to remotely administer and monitor large sections of the energy and gas industries, began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Brian Krebs reports that the attacker(s) installed malicious software and stole project files related to one of Telvent's core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced 'smart grid' technologies. A follow-up story from Wired.com got confirmation from Telvent, and includes speculation from experts that the 'project files' could be used to sabotage systems. 'Some project files contain the "recipe" for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off. If you're going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it, and they're not running what they think they're running.'"
Re:Are 'smart' meters mandatory? (Score:5, Informative)
Smart GRID not METER (Score:1, Informative)
stop spamming the thread with crying about your smart meters, this is much much bigger than you
Re:Yep, better be the last nail in the coffin.. (Score:4, Informative)
It's either smart meter or else no service.
Re:smart grid, stupid access and control sw (Score:5, Informative)
YOU. HAVE. NO. CHOICE.
Telvent is the world's leader in what's known as "ADMS" systems. Advanced Distribution Management Systems. This is, for lack of a better way to put it, the "Smart" in "Smart Grid." By definition, it requires broad and extensive connectivity with many other systems.
In the old days, power plants...a few big ones...made power. And that power kind of spread outwards in straight lines to substations, and then to homes/businesses/etc. Well, now, smart grid is going into place. So you get more information from the homes/businesses/etc about what power they are using, and you will have more sources...small sources...of power all over the place. The power grid will look more like the Internet...interlaced, routable, managed. But you need a monolithic "God System" to keep track of what's going on, and control the changes that need to be made. Examples of systems that ADMS ties into are AMI, where the connectivity indirectly extends out to literally millions of collectors and meters attached to homes, to wind farms, to solar farms, to hydroelectric turbines, to coal-powered generation facility, and to CT (combustion turbine) generators. Oh, also...substations, protective relay systems...I think I'm forgetting some. Oh! I forgot...your local Balancing Authority, who is responsible for the stability of the larger power grid.
So yeah...this whole "Oh, you just need to air gap it because it's a control system" is ignorant. That hasn't been realistic in the power industry for about a decade now. Before you call a whole industry "fools," maybe you should first learn about how the industry functions, hm?