Utility assets continue to be cyber vulnerable and critical information publicly accessible

Jan. 1, 2000

Project SHINE recently found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. They discovered this via search engines without even accessing the site itself.

Project SHINE recently found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. They discovered this via search engines without even accessing the site itself. This information is publicly collected data from the search engine. Using a plain old web browser, they were able to identify the utility, the specific substation, and circuit breakers by utility serial number. They could also (but did not) access the relay configuration mode. From there, an Aurora attack could have been triggered, with dramatic consequences for utility customer rotating equipment (e.g. data center cooling equipment, rotating machinery, generators,...). Because the substation was under 100kV, it did not require a cyber-assessment under NERC CIP.  Project Shine provided this information to DHS. It is not clear what DHS has done with this information.

Project SHINE also found dozens of wind farms directly connected to the Internet with 3 digit default passwords. The power stabilizer units were identified by manufacturer and model number. Compromising the power stabilizer units can cause damage to the turbines.  

Project SHINE was started by two utility personnel to interrogate the Shodan website for control system devices directly connected to the Internet. Project SHINE has compiled a current list of >1,000,000 internet-accessible IP addresses associated with potentially vulnerable industrial control and management systems. An article detailing the project and describing the list was translated into Persian and posted on hacker forums in January 2013.

A representative from Project SHINE will discuss the results at the October ICS Cyber Security Conference.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...