3. Network and communication threats

Like other industrial control systems, the Guri hydropower plant in Venezuela may also use different communication protocols and media. An example is the ModuleBus communication protocol, which is used to communicate directly with local I/O clusters via plastic fiber optic cables. An attacker can analyze ModuleBus packets, intercept control protocol packets, inject malicious code, tamper with packets, or cause accidents through malicious damage.

4. Threats from production management

If the operating system of the production management system is not updated with security patches in time, many risk vulnerabilities may be exploited by attackers. As a result, the production device and operation are damaged and cannot work properly. As the WannaCry ransomware mentioned earlier, the SMB vulnerability of the Windows system is used to cause the system to fail to work properly. Another example is the Windows Server Service RPC Request buffer overflow vulnerability (ms08-067), which can be remotely exploited by an attacker to run arbitrary code, such as for worm attacks.

In addition, the operator’s weak security awareness, setting weak passwords and other problems may also lead to attackers can penetrate the production system environment, and then perform unauthorized operations, destroy the normal production order.

5. Lack of management threat

The occurrence of such a large-scale power failure may also be caused by the lack of safety management. For example, the lack of industrial control system safety management responsible person to supervise and manage the industrial control system, staff safety awareness is weak; Failure to establish effective industrial control system safety system and process, resulting in the industrial control system is not upgraded in time, lack of effective protection; The industrial control system network is not effectively isolated from the enterprise network/Internet; External devices can be accessed at will, including storage media such as mobile U disk and CD; Lack of attention to the emergency handling of security incidents, lack of effective emergency plans and drills.

6. Field device layer threats

Given the current situation in Venezuela and the relevant international situation, there is the possibility of sabotage. As the power system is the key support of modern society, it is easy to become the preferred target of attackers. Secondly, the high complexity of the power system and the many exposed surfaces of the system also increase the possibility of being attacked, such as power plants, power stations, transmission and transformation equipment, and line levels may be attacked at the physical and electromagnetic levels.

7. Lack of equipment maintenance threat

In this large-scale power failure, the aging of the equipment itself is also one of the hidden dangers. According to news reports, the control equipment used in Venezuela may have been in use for decades, and without effective maintenance, it can lead to short circuits, causing fires and other accidents.

8. 0day attack threat

A 0day vulnerability is a vulnerability that has been discovered by a small number of people, but has not been made public for the time being, and the relevant patch has not been officially released. At present, the security problems of the industrial control system have been found to be only the tip of the iceberg, and there are many potential unknown security vulnerabilities and threats, so the large-scale power outage may also be caused by 0day vulnerabilities.