Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters

Black Hat USA 2010

Presented by: Joe Cummins, Jonathan Pollet
Date: Wednesday July 28, 2010
Time: 11:15 - 12:30
Location: Roman
Track: Infrastructure

SCADA Systems control the generation, transmission, and distribution of electric power, and Smart Meters are now being installed to measure and report on the usage of power. While these systems have in the past been mostly isolated systems, with little if no connectivity to external networks, there are many business and consumer issuing driving both of these technologies to being opened to external networks and the Internet.

Over the past 10 years, we have performed over 100 security assessments on SCADA, EMS, DCS, AMI, and Smart Grid systems. We have compiled very interesting statistics regarding where the vulnerabilities in these systems are typically found, and how these vulnerabilities can be exploited. Of course, we can not disclose any specific exploits that will allow you to steal power from your neighbors, but we can give away enough meat in this session to expose common vulnerabilities at the device, protocol, application, host, and network layers.

Jonathan Pollet

Red Tiger Security, LLC Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, has over 10 years of experience researching vulnerabilities and conducting field security assessments of Industrial Process Control Systems, SCADA Systems, Automated Meter Reading systems, and Smart Grid technology. After graduating from the University of New Orleans with honors and receiving a B.S. degree in Electrical Engineering, he was hired by Chevron and worked in the SCADA and Automation Team for the Upstream Exploration & Production division. Pollet designed and implemented PLC and SCADA systems for several offshore and onshore facilities. Realizing the potential security implications of the industry moving towards TCP/IP communications in the late 1990s, and seeing a trend to connect SCADA systems to Enterprise IT networks, Pollet started investigating SCADA, Process Control Systems, and embedded devices for cyber security vulnerabilities. Throughout his career, he has been actively involved with the IEEE, ISA, ISSA, UTC, CSIA, and other professional societies. Pollet has been involved in over 110 vulnerability assessments of plant and process control systems. He has also delivered over 75 presentations and training sessions on SCADA Systems, Critical Infrastructure Protection, and SCADA Security to the FBI, Department of Homeland Security, and several private sector security conferences. He has spoken at many conferences and workshops for government and professional organizations around the world. Pollet has also authored over 25 white papers, all specifically on the security of SCADA and embedded control systems.

Joe Cummins


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats