FORWARD BASE B

"Pay my troops no mind; they're just on a fact-finding mission."

Tag Archives: SCADA

More On SCADA Attacks: In-the-wild attacks against electrical utilities coupled with extortion demands: implications for response to criminal and terrorist action

Dated 2008

 In the past two years, hackers have in fact successfully penetrated and extorted multiple utility companies that use SCADA systems, says Alan Paller, director of the SANS Institute, an organization that hosts a crisis center for hacked companies. “Hundreds of millions of dollars have been extorted, and possibly more. It’s difficult to know, because they pay to keep it a secret,” Paller says. “This kind of extortion is the biggest untold story of the cybercrime industry.” Link

SCADA: Vital utilities vulnerable to hacking

Undertaken by the Dutch research lab TNO Defence, based in The Hague, the water industry study examined the security measures taken by the 10 companies that control the Netherlands’ drinking water. At issue are the Supervisory Control and Data Acquisition Systems (SCADAs) which, at a water plant, control processes like water intake, purification, quality control and pumping to homes.

A SCADA sends instructions to shopfloor machines like pumps, valves, robot arms and motors. But such systems have moved from communicating over closed networks to a far cheaper conduit: the public internet. This can give hackers a way in. Eric Luiijf of TNO Defence and his colleagues found a litany of insecure “architectural errors” in the waterworks’ SCADA networks (International Journal of Critical Infrastructure Protection, DOI: 10.1016/j.ijcip.2011.08.002).

Some firms did not separate their office and SCADA networks, allowing office hardware failures, virus infections and even high data traffic to potentially “bring down all SCADA operations”. While remote internet access to SCADAs is supposed to be possible only with strict security controls, the researchers found this was often not the case. And some water firms allowed third party contract engineers to connect laptops to their SCADA network with no proof they were running up-to-date antivirus software. Indeed, it has emerged that a US contractor logging on to check the Illinois water plant from Russia, while he was away on holiday, was behind the Illinois ‘Russian hacker’ scare.

This was compounded by news of the hack at the Texas water plant, where on 20 November a hacker named “prof” gained access to the plant’s systemsusing a three-character default password on an internet-accessed SCADA made by Siemens of Germany. “No damage was done to any machinery; I don’t really like mindless vandalism. It’s stupid and silly. On the other hand, so is connecting your SCADA machinery to the internet,” he wrote on the Pastebin website.

One of PRECYSE’s main approaches to securing systems will be “whitelisting”, a way of ensuring only authorised users obtain access. This is the opposite of the approach used by antivirus software. “Instead of hunting for malicious code, as in an antivirus blacklist, this only lets the known good guys connect,” says security engineer Sakir Sezer at Queens University Belfast in the UK. Unusual behaviour – such as attempting to extract the control codes used to drive equipment – would also mean access is blocked. Deep-packet inspection, normally used to spot copyrighted material on the net, could be harnessed to ensure no attack code is injected. Link

%d bloggers like this: