Smart grid giant says hacker breached customer project files
SUBNET Solutions Inc | Thursday, September 27, 2012
One of North America's foremost smart grid systems developers has confirmed that its software, which is used to control more than half of all oil and gas pipelines in the U.S. and Canada, had been hiked by a cyber attacker.
According to PC Advisor, a spokesman from Schneider Electric, which owns the software maker, said that the security breach could have compromised the project files of some of its customers, and that the company was "actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained."
Schneider confirmed the attack only moments after the news was broken by internationally respected security blogger Brian Krebs. According to his post on Krebs on Security, the software company started warning its customers late last week that the attack on its systems was highly sophisticated and affected operations in the U.S., Canada and Spain.
Krebs noted that the investigation has turned up a host of digital fingerprints that suggest the attack stemmed from a group of Chinese hackers that have time and again attempted to disrupt power networks in the West.
The timing of the attack cannot be ignored, considering it came only weeks after members of U.S. Congress failed to pass legislation designed to amp up North America's critical infrastructure, such as its oil pipelines, waterways and electricity network.
The attack was first noted on September 10, 2012, when the company's internal firewall and security systems were breached. The attackers then introduced malware into the company's system and stole several project files on some of the firm's most prized services.
"Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access..." the company said in a letter to customers, a copy of which was obtained by Krebs.
According to the blog, the attack is the latest example of how vulnerable corporate computer systems at critical networks really are to external threats. Many of these systems are connected to sensitive control systems that were designed before such threats existed, and therefore have no protection against the highly sophisticated attacks seen on September 10.
Security experts have been warning for years that these systems could be at the mercy of dangerous vulnerabilities that could develop in the electric grid as utilities perform grid modernization projects to transfer control of generation and distribution equipment from more secure, internal systems to SCADA systems that have several access points. By using SCADA systems, which are connected to the internet or phone lines, utilities report better operational efficiency due to the remote capabilities the technology provides. However, this may come at the expense of security, and lead to cyber attacks on once-secure networks.
According to Krebs, Joe Stewart, director of malware research at Dell SecureWorks, said the malware that was used suggests the attack was performed by a Chinese hacking group known as the "Comment Group," which has reportedly been engaged in such activities for years. Other attacks that have been traced back to the group include attempts to steal trade secrets from energy companies, law firms and investment banks.
SUBNET, a Microsoft Gold Certified Partner, works with the operator software giant to quickly patch any vulnerabilities that arise, and also benefits from Microsoft's proactive approach to address any potential cyber threats before they can do damage.
Substation Cyber Security