Sunday, February 28, 2016

SCADASOS annual report

SCADASOS, (in)Secure Open SmartGrids, is open initiative to raise awareness on insecurities of SmartGrid, Photovoltaic Power Stations and Wind Farms.
For last year, 80,000+ SmartGrid components reported by SCADASOS were disconnected from the internet.

Vulnerabilities in (at least) 4 products, such as RLE Nova-Wind Turbine HMI, Tollgrade SmartGrid Sensor Management System, IBC Solar ServeMaster, SMA Solar Technology AG Sunny WebBox reported by project contributors and fixed by vendors.

Thanks for all contributors, and kudos++ to Max Rupp (



A: SCADASOS - (in)Secure Open SmartGrids is a open initiative to rise awareness on insecurities of  SmartGrid, Photovoltaic Power Stations and Wind Farms.

Q: How to participate
A: Find Internet-connected PV/Wind/Other power palnts/invertors and notify vendors/CERTs/community. Use #scadasos tag in twitter.

Q: Wow! It simple! Can I hack it?
A: No. It can be a hospital or your grandma’s cottage. Please use passive approach (firmware analysis, testbeds etc.)

Q: I get an 0day!
A: Please submit it to vendor and/or regional CERT

Q: What will I get?
A: Fame/kudos at SCADA StrangeLove talks/knowledge/safe world.


No comments:

Post a Comment