Power plants open to hacker attack

Published 21 May 2008

Power plants, dams, and many other critical infrastructure assets are controlled by a system called supervisory control and data acquisition, or SCADA; a Boston technology specialist finds serious vulnerability in the system

Power plants could be sabotaged by a simple internet attack that shuts down their control systems. Core Security in Boston, Massachusetts, has discovered a serious vulnerability in a software package called Suitelink which is widely used to automate the operation of power stations, oil refineries, and production lines. This could allow attackers to crash Suitelink by sending an outsize data packet to a certain port on the computer running the program. Suitelink’s maker, Wonderware, has since issued a software patch to plug the security gap.

Core had only just begun examining this kind of supervisory control and data acquisition (SCADA) program when it found the problem. This may mean that more vulnerabilities are still hidden in software of this type.