Saturday, October 14, 2017

Hopeless: Relay Protection for Substation Automation

Small present for all Digital Substations, IEC 61850 and Remote Code Execution lovers by Kirill Nesterov @k_v_nesterov and Alexander Tlypov @_Rigmar_

Digital Substation is an essential part of every electrical network. It is also a base ground for modern Smart Grid technologies. More than 4000 of IEC 61850 compatible substations operated in Europe, 20 000+ worldwide, each of the comprising communication and flow of gigawatts of electrical current between large power plants (thermoelectrical, hydroelectrical or even nuclear) and their respective consumers. Such consumers include cities, industrial objects and power plants themselves.

Wednesday, September 20, 2017

Thursday, December 15, 2016

Tuesday, July 19, 2016

Choo-Shoo pwn explained

...A detailed analysis of the security status of widely-used ICS/Scada systems, including railway and interlocking CBCS, has identified faults and vulnerabilities, which allow cyber criminals to not only degrade key reliability parameters and bypass safety mechanisms, but also to carry out attacks which directly affect rail traffic safety. Remarkably, these systems meet all of the relevant IT security and functional safety requirements and all have the required international, national and industrial certificates...

Monday, July 11, 2016

Friends don't let friends put SCADA on the Internet. At least tried...

220,558 Internet-connected ICS components worldwide
188,019 unique hosts (IP addresses)
170 countries (~82% of all)

HTTP is still most widespread industrial protocol
50,3% HTTP
13,4% Telnet
9,3% Niagara Fox
7,6% SNMP
7,4% Modbus

Sunday, February 28, 2016

SCADASOS annual report

SCADASOS, (in)Secure Open SmartGrids, is open initiative to raise awareness on insecurities of SmartGrid, Photovoltaic Power Stations and Wind Farms.
For last year, 80,000+ SmartGrid components reported by SCADASOS were disconnected from the internet.