SCADA Systems control the generation, transmission, and distribution of electric power, and Smart Meters are now being installed to measure and report on the usage of power. While these systems have in the past been mostly isolated systems, with little if no connectivity to external networks, there are many business and consumer issuing driving both of these technologies to being opened to external networks and the Internet.
Over the past 10 years, we have performed over 100 security assessments on SCADA, EMS, DCS, AMI, and Smart Grid systems. We have compiled very interesting statistics regarding where the vulnerabilities in these systems are typically found, and how these vulnerabilities can be exploited. Of course, we can not disclose any specific exploits that will allow you to steal power from your neighbors, but we can give away enough meat in this session to expose common vulnerabilities at the device, protocol, application, host, and network layers.