The Department of Homeland Security (DHS) issued a new cybersecurity alert last week highlighting a flaw in smart grid networking gear from RuggedCom. According to the DHS report [PDF], the vulnerability could be used to decrypt data traffic between a user and a RuggedCom router. The possible result could be a loss of system integrity. In layman’s terms, that means hackers could exploit the vulnerability to access power station communications, and even potentially take control of critical infrastructure systems.
From the DHS alert:
ICS-CERT is aware of a public report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code was publicly presented by security researcher Justin W. Clarke of Cylance Inc… ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risk to these and other cybersecurity attacks.
It was only a couple of weeks ago that I made light of consumer fears that the government will use smart meters to spy on our power usage. However, the truth is that the more our systems are interconnected, the more risk there is that an outside party could hack in with widespread and catastrophic consequences. As anyone in the utility industry will tell you, our power infrastructure has traditionally run on the idea of security through obscurity. As long as no one knows where the weaknesses are, no one can exploit them. However, while that approach may have worked in the past, its level of risk becomes increasingly unacceptable the more our power systems are networked together.
Back in March, former CIA director R. James Woolsey made the point that we should approach the smart grid security challenge from two angles. We should continue to ramp up protective measures, but we should also start to move toward distributed energy generation. The less we have to rely on energy transmission, the less opportunity there is for a systems attack.
In the meantime, consider that the cybersecurity threats we do face are creating a whole new investment market. GTM Research predicts spending on utility cybersecurity solutions will nearly double from $120 million in 2011 to $237.6 million in 2015.
Via Greentech Media
Image credit: RuggedCom