Smart-Grid Control Software Maker Hacked

tsu doh nimh writes "Telvent, a multinational company whose software and services are used to remotely administer and monitor large sections of the energy and gas industries, began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Brian Krebs reports that the attacker(s) installed malicious software and stole project files related to one of Telvent's core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced 'smart grid' technologies. A follow-up story from Wired.com got confirmation from Telvent, and includes speculation from experts that the 'project files' could be used to sabotage systems. 'Some project files contain the "recipe" for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off. If you're going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it, and they're not running what they think they're running.'"

Re:Are 'smart' meters mandatory?

[brianhaddock]

Lots of utilities are rolling them out right now and big companies who want to keep an eye on their usage patterns demand them. Remember when they used to hand read meters? The guy would open the gate, dodge your barking dog, and write down the meter reading in his little book. Then they moved some to radio transmitting meters where a utility truck simply drove down your street and recorded the readings that were transmitted from each meter. Now they have meters that communicate wirelessly and send the readings to the utility company in at intervals.

Smart GRID not METER

[Anonymous Coward]

stop spamming the thread with crying about your smart meters, this is much much bigger than you

Re:Yep, better be the last nail in the coffin..

[TWX]

If they come out to change the meter housing you really won't have a choice. You realize this, right?

It's either smart meter or else no service.

Re:smart grid, stupid access and control sw

[Shoten]

YOU. HAVE. NO. CHOICE.

Telvent is the world's leader in what's known as "ADMS" systems. Advanced Distribution Management Systems. This is, for lack of a better way to put it, the "Smart" in "Smart Grid." By definition, it requires broad and extensive connectivity with many other systems.

In the old days, power plants...a few big ones...made power. And that power kind of spread outwards in straight lines to substations, and then to homes/businesses/etc. Well, now, smart grid is going into place. So you get more information from the homes/businesses/etc about what power they are using, and you will have more sources...small sources...of power all over the place. The power grid will look more like the Internet...interlaced, routable, managed. But you need a monolithic "God System" to keep track of what's going on, and control the changes that need to be made. Examples of systems that ADMS ties into are AMI, where the connectivity indirectly extends out to literally millions of collectors and meters attached to homes, to wind farms, to solar farms, to hydroelectric turbines, to coal-powered generation facility, and to CT (combustion turbine) generators. Oh, also...substations, protective relay systems...I think I'm forgetting some. Oh! I forgot...your local Balancing Authority, who is responsible for the stability of the larger power grid.

So yeah...this whole "Oh, you just need to air gap it because it's a control system" is ignorant. That hasn't been realistic in the power industry for about a decade now. Before you call a whole industry "fools," maybe you should first learn about how the industry functions, hm?