Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Bug Software

GE Fixing Bug in Software After Warning About Power Grid Hacks (reuters.com) 38

General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.
This discussion has been archived. No new comments can be posted.

GE Fixing Bug in Software After Warning About Power Grid Hacks

Comments Filter:
  • If your asset is attached to the network, literally billions of people could potentially attack it, from anywhere on the world. Not only that, but they can unleash automated attacks upon your asset from other Internet targets they've previously compromised.

    If your asset is on its own network, or is non-networked, that cuts down on the number of possible attackers tremendously.

    So, critical infrastructure should NOT be on the Internet, or at least not without a correspondingly LARGE investment in security commensurate to the risk.

    --PeterM

    • If your asset is not on a network, no one will care about attackers because power outages will become incredibly common due to the inability to properly manage the grid.

      If your asset is on it's own network, just expect to pay the appropriate price for electricity when the providers are forced to build a nation wide network of their own, and let me tell you Americans are currently getting one hell of a bargain on electricity.

      The internet is a necessity. But then so are VPN tunnels, firewalls, and proper netw

  • Would these 'GE protection relays' be connected to the Internet using SCADA units running under Microsoft Windows?

    Cyber Security Issues for Protective Relays [gegridsolutions.com]: 2008

    The Northeast blackout of 2003 [wikipedia.org]
  • Did anyone else notice a bunch of blackouts last week? I heard a few folks around the states mention it, but the press was REAL quiet? Maybe slashdotters can confirm? This is a good place to look for trends! so.. maybe this thread is old news?
  • When you are dealing with something as important as a power grid, I'd feel safer if you put as much human oversight as you can into it. Hacking never ends, Make sure the human oversight staff is to be educated into not being tricked.
  • by Anonymous Coward

    I am a former employee for GE at exactly this business segment, and I have used the relays in question and was a designer on a related product. This does not surprise me at all. The thing is though, that GE actually tried really hard to get security right. Some employees weren't very good, but for the most part the company did the right things. The problem was customers. Customers _hated_ security features because it made things more difficult for their dummy techs to fix problems quickly. So - typica

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...