[edogg]

It sounds like they changed the settings on the protection relays synch check function to allow it to close the generator breaker with the generator out of sync. Or maybe they added a phase shift correction factor to the voltage transformer inputs so the relay thought the generator was in sync when it wasn’t. Either way changing some settings that allow a machine to be destroyed is ... not an achievement. Engineers all over the world put great care in to calculating and identifying the relay settings that will protect the machine instead of allowing it to be damaged. Uploading incorrect settings is like intentionally missing a basket in basket ball, it’s not very impressive.

I am sure generators have been connected to the grid out of phase and had their shafts broken before. I have seen a colleague accidentally jumper out the entire sync check circuit and we would have closed the generator breaker had the breaker’s close coil not been burnt out (the reason for the errant troubleshooting).

It is concerning that destroying this diesel generator was even necessary. Maybe they needed some good video to get some funding.

Now on the other hand if they somehow hacked the relay then that’s a problem. Older relays just had serial ports but new ones have Ethernet and you can send settings by ftp, and things I remember from bbs days like Kermit Or zmodem or something. Not ssh yet anyway.

So yeah it is easy to do damage, you can shoot insulators or transformers with a gun or you could release a thousand squirrels or snakes and that would cause outages too.

One power plant was great it just never seemed to have any electrical problems. Someone went to update the relay settings after it has been operating for years and found out no settings had ever been uploaded to the relay!

[ktpsns]

> Uploading incorrect settings is like intentionally missing a basket in basket ball, it’s not very impressive.

And

> Someone [...] found out no settings had ever been uploaded to the relay!

Thats exactly the point. Critical hardware should not be user-configurable, especially not from remote. You would not leave the "root console" open to untrained personal, neither should it be opened to an untrusted network.

My feeling in this context is that security should not be a compromise of cost-efficiency and usability but a strict requirement. In days before the internet, somebody had to get on their truck and take a ride to the power plant station. That's a whole different level of intention compared to "just" sending some mallisicous packets over the internet.

[ncmncm]

Yes, it is easy to destroy expensive and not easily replaceable hardware with software. They did need video, not for funding, which they already had, but to convince managers of critical infrastructure that there is an immediate danger.

[scintill76]

> Assante and his fellow INL researchers had bought the generator for $300,000 from an oil field in Alaska. They’d shipped it thousands of miles to the Idaho test site

> Assante, despite the months of effort and millions of dollars in federal funds he’d spent developing the attack they were witnessing

Yeah, it is kind of sad it took that much money just to “prove” that digitally twisting a safety-related knob the opposite way an engineer would tell you, is going to ruin things. Hope it raised the right attention to try to secure things, but, a decade later SCADA attacks are still a concern...