Tag Archives: ICS Attacks

Researcher Demonstrates How to Melt Power Lines in New York

Actually, they just used New York as an example, but the researchers literally melted the copper power lines. Once the power lines were vaporized, well, there was no more power.

The good news is that this was just a demonstration, but definitely a scary one.

Worse yet. The device the team hacked – it was the overload protection device. So, the device that was added to the electric grid to protect it became a traitor and attacked the grid – or at least watched quietly while the attack took place.

Start by realizing that there is no such thing as hardware any more. Yes there are metal things, but to make them work requires software. This software is what the team at Red Balloon attacked.

Schneider Electric, which makes this protection relay, has now released a patch for the bug.

Of course, getting it installed; well that is a different story.

The researchers tested two other protection relays but did not find anything significant in those two.

Credit: Yahoo News

An engineer at cybersecurity firm Mandiant said that even if a relay like this failed, power could be back up and running to affected customers within hours. I think this guy should stick to software, because he clearly does not understand hardware (the guy, Chris Sistrunk, is a technical manager at Mandiant and focuses on industrial control systems).

Here is where his thinking breaks down.

**IF** all that happens is the hacker causes one relay to fail, then yes, you can replace that relay quickly and fire up the power to the network behind it.

But what if, as in the demonstration, the overload causes miles of wire to melt. Does he really think that they can replace that wire in a few hours? I don’t think so.

As always, the devil is in the details.

I see announcements from CISA every week – dozens of them – for patches to industrial control system software and firmware.

Likely, many of those systems will never be patched because system operators are scared that if they do patch them, they will not come back online. This is not a completely unreasonable concern.

We are not just talking about electric. Water, sewer, natural gas, chemical plants, refineries and on and on. We already saw this with the Colonial Pipeline attack. It does not take much.

Bottom line, critical infrastructure managers need to work hard to stay ahead of the hackers.