CNN Money - Protecting The Power Grid From Hackers
CNN Money - Protecting The Power Grid From Hackers - 25 Nov 2013
CCR CNN Money Protecting the Power Grid
The computers controlling your local power plant are simple machines, designed to perform the most basic tasks, and last 15-20 years. But it’s their simplicity that makes them vulnerable to hackers. As internet connect ability and the smart grid have become more prevalent these computers, developed before viruses and hacking were common, have become accessible to the outside world and to hackers.
Now a simple cyber-attack could make it appear that there may be a rolling black out or physically, actually cause real damage.
Juan Lopez leads a team at the Air Force’s center for Cyberspace Research in Ohio. They have built a simulator showing just how easy it is to manipulate the computers inside a power plant. In a matter of seconds, Lopez can enter the system, inject commands into the computers, and exit before anyone knows he was there.
Okay, so here we have interrupted the communications, the black lines are the bad traffic, if you look over, the control operator is not able to control anything at this moment. And after a short delay, you will see errors start to appear on the screen which indicate that the system has lost communication and control.
The Air Force’s stated mission is to fly, fight, and win, in air, space and cyberspace. And within that cyberspace mandate, the Air Force is devising ways to defend critical infrastructures, like the power grid. While standard anti-virus software creates black lists of commands not allowed based on known viruses and attacks, the Air Force’s solution is to cryptographically sign all of the commands that the computer is allowed to execute, creating a white list of commands allowed. If it’s not on the list, the computer won’t do it.
When we opened up our email or went and browsed the web and went and clicked on a pdf file that may have malicious code that wants to execute on our system, behind the scenes as indicated here in red there was a malicious piece of code that was inside the pdf. That malicious code that is attempting to execute on our system won’t have a valid cryptographic signature and won’t execute on the system and so the system will be protected.
The good news, the security system isn’t years away, though it hasn’t made it to the public realm, yet.
It’s deployed within the DOD and we are working with a commercial company, security innovations, to protect critical infrastructure.
Whether the system will be 100% secure remains to be seen, and the Air Force admits remaining ahead of the curb in cyberspace is, and will continue to be, a constant challenge. For CNN Money, I’m Matt Stewart.