Hacking Into…. A Wind Farm?

Pick a lock, plug in a WiFi-enabled Raspberry Pi and that’s nearly all there is to it.

There’s more than that of course, but the wind farms that [Jason Staggs] and his fellow researchers at the University of Tulsa had permission to access were — alarmingly — devoid of security measures beyond a padlock or tumbler lock on the turbines’ server closet. Being that wind farms are generally  in open fields away from watchful eyes, there is little indeed to deter a would-be attacker.

[Staggs] notes that a savvy intruder has the potential to shut down or cause considerable — and expensive — damage to entire farms without alerting their operators, usually needing access to only one turbine to do so. Once they’d entered the turbine’s innards, the team made good on their penetration test by plugging their Pi into the turbine’s programmable automation controller and circumventing the modest network security.

The team are presenting their findings from the five farms they accessed at the Black Hat security conference — manufacturers, company names, locations and etc. withheld for obvious reasons. One hopes that security measures are stepped up in the near future if wind power is to become an integral part of the power grid.

All this talk of hacking and wind reminds us of our favourite wind-powered wanderer: the Strandbeest!

[via WIRED]

28 thoughts on “Hacking Into…. A Wind Farm?

  1. One would think cameras would become a feature. After all there’s a hard-link back to a central spot for the power and wind turbines are high up for any kind of wireless.

  2. If you can get into the server closet in person then the raspi isn’t really necessary. You could just smash everything and forget about the fancy exploit. Most companies don’t count attacks that require you to physically break into server rooms to be “legitimate” pentesting.

  3. This isn’t really news is it – gain physical access to the systems and it’s game over. Same is true of electricity sub stations, water and sewage plants and whole host of other remote, unattended systems. We live with the risk because the intersection of the number of people with the nouse to do this vs. the number of people who are vindictive enough to do this is vanishingly small.

    1. Agreed. There are substations everywhere that are unattended. Many cities have little unattended pump houses for their water and sewage systems too. Many cities still have pole mounted boxes that control stop lights.

  4. The whole of the grid worldwide is lacking security and it is of major concern for most power network operators. This is why power line communications was of such a potential benefit.

    1. I don’t get what PLC has to do with either this story or the security of the grid in general? Replacing SCADA phone line comms with PLC doesn’t win you anything.

    2. Using the power lines as coms vs hooking it to the internet would stop a lot of script kiddies and other mooks in their tracks.
      In fact I think hooking mission critical gear like power grid equipment to the general internet should be out right banned.

  5. That comes with human nature. Most people will only value security after they are affected by lack of it. Before, it is “not necessary” or “nothing will happen” ( at least it is what they think ) .

      1. If you own a factory that is dependent on electricity, then you surly wouldn’t mind some extra security to ensure you have power when you need it.

        And considering that most server farms typically has two sources of power + their own generators, then there is clearly a need for reliable/secure power. So yes, paying a bit extra for reliability is worth it to most companies within the manufacturing and IT industries, as those already do it to a large degree.

      2. There would be other ways of financing it, or even doing it right from the start. But in the case of no other option, then it can be easily justified when something bad happens : “To improve the security would have increased your bills. You didn´t want that, did you ? So, that is why security was not improved and the mischief of those people left you without power for that time”

    1. Yes, the operating company being notified any time a remote facility is opened would help. As would cameras to catch the intruders. But that still leaves a window before a response can show up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s