Sunday, February 28, 2016

SCADASOS annual report

SCADASOS, (in)Secure Open SmartGrids, is open initiative to raise awareness on insecurities of SmartGrid, Photovoltaic Power Stations and Wind Farms.
For last year, 80,000+ SmartGrid components reported by SCADASOS were disconnected from the internet.



Vulnerabilities in (at least) 4 products, such as RLE Nova-Wind Turbine HMI, Tollgrade SmartGrid Sensor Management System, IBC Solar ServeMaster, SMA Solar Technology AG Sunny WebBox reported by project contributors and fixed by vendors.
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-02A
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-02
https://ics-cert.us-cert.gov/advisories/ICSA-16-040-01
https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01A

Thanks for all contributors, and kudos++ to Max Rupp (https://twitter.com/mmrupp).

Join #SCADASOS!

FAQ

Q: WTF SACADSOS?
A: SCADASOS - (in)Secure Open SmartGrids is a open initiative to rise awareness on insecurities of  SmartGrid, Photovoltaic Power Stations and Wind Farms.

Q: How to participate
A: Find Internet-connected PV/Wind/Other power palnts/invertors and notify vendors/CERTs/community. Use #scadasos tag in twitter.

Q: Wow! It simple! Can I hack it?
A: No. It can be a hospital or your grandma’s cottage. Please use passive approach (firmware analysis, testbeds etc.)

Q: I get an 0day!
A: Please submit it to vendor and/or regional CERT

Q: What will I get?
A: Fame/kudos at SCADA StrangeLove talks/knowledge/safe world.

Enjoy!

1 comment: