O n 23 December 2015 , a n attack on the Ukrainian power grid took place ( “ Inside the cunning, unprecedented hack of Ukraine's power grid ” , Wired.com, Kim Zetter 03.03.16 ) . H ackers were able to successfully compromise the information systems of three energy distribution companies. The attackers temporarily disrupted electricity supply to the end consumers by compromising corporate networks, seizing control of SCADA systems, remotely switching substations off, disrupting IT infrastructure components and data, and denying consumers up-to-date information on the blackout.
The attac k took weeks of planning by a host of skilled operators , and is rumoured to have been state funded.
In that same year, Dr. Charlie Miller & Chris Valasek famously published their paper “Remote Exploitation of an Unaltered Passenger Vehicle” in which they described how they were able to take advantage of a Jeep vehicle that had “…no CAN bus architectural restrictions, such as the steering being on a physically separate bus .” (Figure 1)
Figure 1 : Achieving the famous “Jeep” hack required a high level of technical skill
Both attacks served to highlight the sheer scale of potential problems with vulnerable connected systems. But at the same time, they helped to establish a misconception that for hackers to succeed, they need to be highly motivated, highly skilled people with considerable resources.
They don't.