Windows 7 Puts Grid at Risk
image credit: Photo 51154868 © Radu Brotoiu -
A couple weeks ago, a water treatment plant in Oldsmar, Florida, was hacked. An unidentified outside agent got into the plant’s control system and turned the water supply’s level of sodium hydroxide from 100 parts per million to 11,100 parts per million. Low levels of the chemical helps regulate the PH level of drinking water, but in large enough quantities the stuff can destroy human tissue. Luckily, an employee saw the trick in real time—it was his computer that had been taken over. Nobody was hurt.
It’s since been revealed that the plant was using an old version of Windows 7 and Microsoft’s TeamViewer software. The hacker exploited a weak password and the outdated operating systems security holes to get in.
I haven’t been able to find statistics, but from what I understand, many electric utilities have continued to use Microsoft 7 since the company ended support for the software in January 2020. Without official security updates for over a year now, any outfit using the software runs the risk of being hacked like the water plant in Florida. Given the international attention Texas’ grid woes have gotten the past week, it’s easy to imagine malicious actors now have a heightened interest in attacking electric systems.
Grid operators have traditionally been loath to update their IT systems, thinking the risk outweighs the reward. However, that conventional wisdom seems evermore outdated. The grid is more connected than in the past and digital security is a primary risk concern.