Schneider’s Telvent Smart Grid Control System Unit Responds to Network Attack

Oct. 5, 2012
Infrastructure control system provider Telvent Canada Ltd., a unit of Schneider Electric, discovered an intrusion on its network affecting systems in Canada, the United States and Spain last month.

Infrastructure control system provider Telvent Canada Ltd., a unit of Schneider Electric, discovered an intrusion on its network affecting systems in Canada, the United States and Spain last month.

The security breach, first made public on Sept. 26 by the computer security news blog KrebsOnSecurity.com, affected customer project files related to Telvent’s OASyS DNA supervisory control and data acquisition (SCADA) software. Some of those files were reportedly stolen and malicious software was installed on the company’s network.

Telvent’s SCADA systems are used by many electric, oil and gas, water and transportation providers for real-time control of their operations. The concern that intruders could gain control of critical utilities and disrupt their operations by infiltrating control system providers who have “back-door” access to customer systems is a source of ongoing and urgent behind-the-scenes work by utilities and their system providers. The companies involved seldom publicize their efforts in this area, which escalated in 2010 after discovery of the Stuxnet worm attack on Iranian nuclear facility control systems demonstrated that it was possible to gain control of mission-critical SCADA systems.

Telvent and Schneider have declined to speak in detail about the hack attack. Martin Hanna, vice president of press relations for Schneider’s North American operations based in Palatine, Ill., provided Electrical Marketing with the following statement and declined to elaborate:

“Telvent is aware of a security breach of its corporate network that has affected some customer files. Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained.”

Hanna did confirm that letters were sent to Telvent customers starting on Sept. 10 when it learned of a breach of its internal firewall and security systems. The letters said Telvent had indefinitely shut down its access to customer systems even though it had found no evidence that the intruder had acquired any information that would enable them to gain access to a customer system.

On Sept. 12, Telvent announced a new partnership with cybersecurity specialist Industrial Defender, Foxboro, Mass., in which Industrial Defender’s Automation Systems Manager product will be integrated with Telvent’s technologies to enhance security and reporting capabilities.

Schneider acquired Telvent, headquartered in Madrid, Spain, in June 2011 for $2 billion to enhance its package of substation automation and smart grid software.