The attack did not affect the operation of the grid but it is possible
Experts say the apparent financial motivation leads them to believe the attackers did not target the grid’s operations. “Those bad guys were looking for computer devices that they could use to do all kinds of cyber-related fraud,” Thomas Tansy, CEO of DER Security, told CSO. “From that point of view, the fact that they hacked a contact would be no different than bad guys hacking industrial cameras, home routers, or other Internet-connected devices. The purpose of the attack was not to damage the power grid. It was a scam.”
But, if criminals are motivated to disrupt the power grid, they are likely to use these unpublished devices for more sinister purposes, Tansy said. “Can the enemy respond by saying, ‘We are no longer interested in defrauding people today, we want to disrupt electricity?’ Of course. If they had the technology to do that, the fact that they are in the system gives them a chance. Yes, they will have to have the skills and knowledge to take off, but at that point, the barbarians are inside the gates. “
Access to monitoring systems will provide some level of access to the actual photovoltaic installation, Willem Westerhof, group manager at Secura, tells CSO. “You have good access to the local network. You can try, instead of doing what they did, you can try to use that access to attack anything on the same network. “
Attackers can gain access to the central control system
Such networks usually have a centralized control system, which, if penetrated, could allow attackers to take over more than one solar park. “Based on what I’ve seen, these specific monitoring devices also have an option, for example, to turn off the photovoltaic installation,” Westerhof said. “So, you can close and start a solar park this way. I don’t think the grid will be shut down completely, given the scale of the attack and the countermeasures available, but it will probably make some of the people in charge of the grid measurement very nervous if you start shutting those down or repeatedly cycling it on and on.”
However, grid-scale solar installations, such as those utilities often use to generate their own electricity, may have sufficient protections built into their networks to block this type of attack.
Mandatory security protections such as “NERC-CIP come into play depending on how large and impactful the installation is,” Andrew Ginter, VP of industrial security at Waterfall Security Systems, tells CSO. “And you often see strong cyber security being used just because it makes good business sense. If you have a dozen solar farms, each producing 300 megawatts of power, the service monitors those things. “
Source link