GE Fixing Software Flaw after Discovery of Vulnerability in Power Grid
Researchers found that hackers could get control of parts of the grid remotely and disconnect it
General Electric (GE) is working on fixing a software flaw that could allow hackers to remotely gain control of and disconnect parts of a power grid.
The software in question controls the flow of electricity in a utility's power systems. The flaw could allow hackers to get remote control of the company's protection relays, which would let them "disconnect sectors of the power grid at will," stated a Black Hat abstract.
These relays are circuit breakers programmed by utilities to open and stop the flow of power in dangerous conditions.
According to Annette Busateri, GE spokeswoman, the company is unaware of any instances in which hackers caused power outages by exploiting the flaw. She said that the bug involves only older relays that were introduced in the 1990s "before current industry expectations for security."
"We have been in the process of issuing notifications and providing product upgrades to our affected customer base on available firmware updates to address this issue," she said.
Busateri said that the company has issued patches for five out of the six models affected by the flaw and will soon issue a patch for the sixth.
Michael Assante is a former chief security officer for the North American Electric Reliability Corp, which regulates the North American power grid. He said that the models are still in wide use because the industry uses systems for decades before upgrading to new technologies.
"This is certainly a significant issue," he said.