Can freebie software and a can of Pringles bring down the U.S. power grid? 
As far as we know, no one has ever deliberately hacked into the U.S. electrical grid and pulled the plug on millions or even thousands of people. Just as on Sept. 10, 2001, no one had ever deliberately crashed a jet airliner into a skyscraper. Is the power grid vulnerable to cyberattack? What about natural gas pipelines, nuclear plants, and water systems? Or refineries and other industrial facilities that run on similar Internet-enabled digital control systems? Could a terrorist or disgruntled employee cause lethal accidents and millions of dollars of damage? What about a bored 14-year-old? Executive consultant for KEMA Consulting Joseph Weiss thinks they are vulnerable . None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect. Paul Blomgren, manager of sales engineering at cyber-security firm Rainbow Mykotronx in Torrance, Calif., measures control system vulnerabilities. Last year his company assessed a large southwestern utility that serves about four million customers. "Our people drove to a remote substation," he recalled. "Without leaving their vehicle, they noticed a wireless network antenna. They plugged in their wireless LAN cards, fired up their notebook computers, and connected to the system within five minutes because it wasn't using passwords. Within 10 minutes, they had mapped every piece of equipment in the facility. Within 15 minutes, they mapped every piece of equipment in the operational control network. Within 20 minutes, they were talking to the business network and had pulled off several business reports. They never even left the vehicle."
Blomgren, of course, is a professional with a professional's tools. But Eric Byres, research manager at the Internet Engineering Laboratory of the British Columbia Institute of Technology in Burnaby, maintains that any hacker could achieve similar resultswith free software off the Internet and a can of Pringles. Wireless systems are especially vulnerable to attack, Byres said. He cited as an example a petrochemical plant that he just finished assessing. "They had an overflow pond that wound around the plant site and wanted to put sensors on it, but they were worried that if they ran fiber, someone might dig it up," he said. "So they put in a wireless system." Because the wireless system was part of the plant network, information technology engineers assumed the firewall would protect it from unauthorized access. That was not the case. Because they thought they were secure, they never even turned on the wireless transmitters' security features. Byres said that many information technology, or IT, professionals don't even know these options exist.
Eavesdropping choices: original or spicy Cajun. A quick Web search can turn up hundreds of sites eager to tell how to turn a snack can into a directional antenna able to listen in on wireless systems. Anyone driving by could pick up the wireless traffic. All they need is a laptop PC, a $60 wireless network card, and a directional antenna, which can be made from a Pringles can. Don't know how to make the antenna? A Google Internet search of "Pringles antenna" returns nearly 400 Web sites, many with do-it-yourself instructions, pictures, and even videos.Wireless security features are easily defeated. 