ICS/DCS Control Systems Aren’t prepared for this. Still.

An ingeniously simple control systems experimental power grid hack attack from 2007. Source:

https://www.wired.com/story/how-30-lines-of-code-blew-up-27-ton-generator/

A protective relay attached to that generator was designed to prevent it from connecting to the rest of the power system without first syncing to that exact rhythm: 60 hertz. But Assante’s hacker in Idaho Falls had just reprogrammed that safeguard device, flipping its logic on its head.

At 11:33 a.m. and 23 seconds, the protective relay observed that the generator was perfectly synced. … It opened a circuit breaker to disconnect the machine.

When the generator was detached from the larger circuit …(and)… relieved of the burden of sharing its energy with that vast system, it instantly began to accelerate, spinning faster, like a pack of horses that had been let loose from its carriage. As soon as the protective relay observed that the generator’s rotation had sped up to be fully out of sync with the rest of the grid, its maliciously flipped logic immediately reconnected it to the grid’s machinery.

The moment the diesel generator was again linked to the larger system, it was hit with the wrenching force of every other rotating generator on the grid. All of that equipment pulled the relatively small mass of the diesel generator’s own spinning components

Yup, it self destructed by reversing the logic of a safety relay. Brilliant and terrifying hack – both.

We are not prepared.