[roc]

Obscurity. It's not like these machines are clearly marked with signs and access points as with Airports.

So the challenge is on par with saying "find a particular unsecured box on the internet". Without per-target research, you don't have a whole lot to go on. You can find tons and tons of targets. But the odds of them being the one you wanted, or even of the type you wanted, are pretty low.

Which isn't to say it's less a threat. But, rather, it's a threat that isn't likely to be casually exploited. Anyone who goes through the trouble of per-target research and exploitation of a number of such targets, isn't likely to pull the trigger for the lulz.

Even a "trial run" of an exploit would be a risk. You'd be inviting scrutiny of the trial machine, including logs at the ISP (and NSA) going back cheney-knows-how-far, and if nothing else, have drawn attention to the very problem you're hoping continues to be ignored.

[bhousel]

So I suppose my original comment should have just outright asked: What can a hacker actually do with (hypothetical) remote access to the electrical infrastructure? Open switches under load to effect an arc blast? Blow up a few substations?

Once hackers start mucking around with the grid, things start shutting down by themselves (cascading failures like in the 2003 blackout that you mentioned in another comment). In this situation, damaged equipment can be replaced fairly quickly (far quicker than if, say, a $60 billion storm throws trees across the wires).

I guess I was just looking more for responses from actual electrical engineers with knowledge of the problem. Otherwise we're all just talking out our collective asses, right?