SCADA: Security vulnerabilities in utility systems (even without Internet)

What is it:  http://www.sandia.gov/scada/history.htm
how it’s vulnerable:
  If you read enough of these you can piece together that the SCADA systems don’t have to have a direct connection to the Internet for an attack to occur.  Many of the existing utility systems have SCADA systems connected to dial-up modems and/or private radio networks.  At least one penetration testing toolkit (Metasploit) contains code which can be used to attack a SCADA host if a dial-up or radio connection has been made.
examples of real SCADA attacks:
  Australian hacker exploits ODBC vulnerability to dump millions of gallons of sewage.
     http://www.computerworld.com/s/article/108735/Utility_hack_led_to_security_overhaul
  Illinois teenager hacks a Caterpillar system to dump 65,000 gallons of oil sludge into Des Plaines river.
     http://www.nytimes.com/2009/02/09/us/09chicago.html?_r=1
    http://blog.afcyber.us/2009/02/08/desplainesriver.aspx
During a controlled test, Homeland security uses electronic attack to physically destroy a diesel generator.
Who is working on fixing this:  http://www.inl.gov/scada/resources.shtml
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s