Security flaws found in some wind turbines and solar power systems


Security flaws found in some wind turbines and solar power systems

wind turbine

 
A security flax was found in web controls used for wind turbines and solar power systems; German security researcher, Maxim Rupp is credited with finding the flaw, which he calls “a cross-site request forgery (CSRF) vulnerability”.
 
So what are the repercussions? Well it means that if someone were to hack into the controls, they would be able to change the direction of the wind turbine or even network settings.
 
The fault can be found in the Sinapsi monitoring and management system which is used by several manufacturers of wind turbines and Solar PV systems.
 
Once notified, vendors were able to quickly resolve the security issue, and only one German vendor (RLE International) was “unresponsive in validating or addressing the alleged vulnerability.”
 
A computer and network consultant, and organizer of the 4SICS International Summit said:
 
“I would say that there are several reasons for this, including  a lack of experience with designing secure IT solutions, a lack of experience of shipping and installing utility components that is critical or part of critical infrastructure, and new ways of managing these assets.”
 
“Traditional utility companies run in-house control centres from where they control power plants, distribution facilities, etc. Wind turbines often come in a smaller scale and also are not integrated into existing internal networks and internal control rooms. Often, they are placed on the internet and are monitored and supervised by someone else, for example the company that delivered the solution.”
 
“Quite often micro-generation systems, such as a wind power plant, have a substandard firewall, but cheap SOHO equipment is connected to an external Internet connection (via a 3G or 4G connection).Often behind the firewall, which in some cases can be bypassed by built-in vulnerabilities, are web-based management interfaces for the power plant. And…these often carry standard passwords.”
 
“Besides the actual operations and control of a wind power plant or similar asset, quite often the same network connection that connects the power plant to the outside word is used for other services, such as network video cameras installed to visually supervise the power plant. Another example is the use of the shared network connection for the physical security, eg access control systems, CCTV, burglar alarms, fire alarms.”
 
“I do believe we will see a rise in the problems associated with these types of micro-generation plants and facilities. Too many of them are delivered with little or no security built-in.”
 
Luckily, no wind turbines have been hacked so far, so the issue was resolved uneventfully. Now that this issue has been found, it may entice manufacturers to spend more time working on the security of their systems.
 

Posted By Sally on June 14, 2015 | 0 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>