AP is reporting that a video was created simulating a cyber attack on a power generator that showed "an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down". This video was later shown to top US officials.
While the threats and vulnerabilities of the power grid are well documented, it is a little troubling that a simplified video simulation is being used to educate top government officials. Threat assessments and communications should never be over- or understated.
As with most infrastructure attacks, it takes more than a few simple keystrokes to cause lasting and significant disruptions. Not only does an adversary need to understand SCADA controls and customized configurations (insider knowledge), they will need to understand and overcome backup, monitoring and redundancy systems.
The article's author's do point this out:
"Industry experts cautioned that intruders would need specialized knowledge to carry out such attacks, including the ability to turn off warning systems. "The video is not a realistic representation of how the power system would operate," said Stan Johnson, a manager at the North American Electric Reliability Corp., the Princeton, N.J.-based organization charged with overseeing the power grid."
This begs the question: Why would something that "is not a realistic representation" be used to communicate threat potential to key decision makers? Too often, in both government and commercial organizations, security professionals miscommunicate threats and risks - is it any wonder that executives are wary of IT security personnel?
US video shows hacker hit on power grid