Under the title "Easy game for hackers", the daily news, based on research by the Plusminus magazine, published that solar and wind power plants sometimes have massive security gaps. Above all, medium-sized and small systems are said to be poorly protected against hackers, which is also documented live in the article.
In the contribution of the ARD magazine Plusminus, an expert from the field of renewable energies shows how poorly small and medium-sized solar and wind power plants are protected against hack attacks. For the contribution, the system expert searched partly live for vulnerable systems and quickly found what he was looking for.
In minutes: access to wind farm for 50.000 residents
He showed how quickly he could find the controls for a huge solar park. Since access was still to be served with the delivery password, he could log in directly. The plant manages an electricity capacity for households with around 50.000 inhabitants. If it hadn't been the specialist, but a hacker, then one click would have been enough to paralyze the system. Before the program was broadcast, the operator of the wind farm was of course informed and has now closed the security gap.
It is far too easy to find unencrypted IP addresses of control portals with the help of classic search engines, tools and portals. The location, the output and a lot of other useful information about wind and solar parks can be found out within a few minutes. According to the expert, hundreds of these open login pages for control portals of wind and solar parks can be found openly on the Internet.
Around 2.500 accessible systems in the network
Stephan Gerling from the IT security company ICS CERT Kaspersky estimates that around 2.500 such unencrypted solar and wind systems can be found across Europe. Taken together, that would equate to a capacity of around 2,8 gigawatts, or the output of two nuclear power plants, he estimates. The article impressively shows how weak many companies and operators of wind and solar parks are in terms of Industrial Cyber Security - ICS. Rating worth seeing.
Editor/sel
More at Tagesschau.de