'Crash Override': Malware That Took Down a Power Grid

Comprehensive white paper gives you more information and context [1]. Looking at it it has 4 payloads and targets systems made by Siemens [2].<p>[1] <a href="https:&#x2F;&#x2F;www.welivesecurity.com&#x2F;wp-content&#x2F;uploads&#x2F;2017&#x2F;06&#x2F;Win32_Industroyer.pdf" rel="nofollow">https:&#x2F;&#x2F;www.welivesecurity.com&#x2F;wp-content&#x2F;uploads&#x2F;2017&#x2F;06&#x2F;Wi...</a><p>[2] <a href="http:&#x2F;&#x2F;w3.siemens.com&#x2F;smartgrid&#x2F;global&#x2F;en&#x2F;products-systems-solutions&#x2F;protection&#x2F;pages&#x2F;overview.aspx" rel="nofollow">http:&#x2F;&#x2F;w3.siemens.com&#x2F;smartgrid&#x2F;global&#x2F;en&#x2F;products-systems-s...</a>

Control systems are so ridiculously insecure given what they do. I was lucky enough to attend a DHS control systems security summit at INL way back in 2006 (or 2007 I can&#x27;t remember). They had a huge lab full of various PLCs, etc, and a bunch of surprisingly smart folks working on pen-testing them. But still, it&#x27;s a decade later and we don&#x27;t seem to have made much progress.

This, from a former coworker, might give you a good sense of the state of things:<p><a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=tPWKJR6IVfA" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=tPWKJR6IVfA</a>

Do these infrastructures really need the level of hardware they seem to use?<p>Rather than use a unsecured raspberry pi3 with it&#x27;s wifi left on, why not have a closed system specifically built instead. Something not casually running embedded Windows XP, rather maybe a barebones OS written in assembly with minimal networking functionality on minimal hardware.

Weird name collision with the Crash Override Network and Zoe Quinn&#x27;s book.<p>I&#x27;m curious about the provenance of the name, as the article seems to suggest the security researchers provided the name.<p>[Edit]: I show my cultural ignorance -- it appears both are likely a reference to Hackers, based on the responses below.