Pace of SCADA Hacking Quickens
Posted by Sara Beth Duyck on Tue, May 17, 2011
Key takeaways from the article and webcast included:
- Most mod
ern data centers utilize some level of SCADA control in their critical switchgear and mechanical plants.
- A direct connection to internet is not required for a SCADA systems to become infected
- Unlike all other malware and hacks, cyber attacks on SCADA systems can cause catastrophic damage to “real world” electrical and mechanical infrastructure.
- Data center infrastructure is a tasty target for cybercriminals and cyber terrorists.
At the time, there were very few examples of cyber attacks against SCADA controlled systems. However, the Stuxnet worm that damaged uranium purification centrifuges in Iran provided some concrete evidence of what a well executed SCADA exploit could achieve.
At the conclusion of the article and the webcast I predicted that Stuxnet would be the first of many attacks on SCADA systems and that this vulnerability posed a real threat to national security. Furthermore, I predicted that attacks by for-profit, cyber criminals and would become common and would represent an increasing threat to unprotected commercial mission critical facilities. In the few short months since the article and webcast there is already evidence that these predictions were accurate.
Here’s a few of the news items since the article and webcast:
Feb 2011 The online “hacktivist” collective known as “Anonymous” claims to have access to the Stuxnet worm. Criminal organizations and international or corporate espionage are obvious sources of cyber attacks on critical infrastructure. Hacktivist groups, such as Anonymous, are less well known to the general public but are emerging as a powerful player on the cyberwar landscape.
March 2011 Technology and application security firm Idappcom identifies 52 new SCADA exploits. According to leading UK based digital publisher, v3.co.uk: “Cyber criminals appear to be ramping up their interest in industrial control systems after research from application security management firm Idappcom found 52 new threats in March targeted at supervisory control and data acquisition (Scada) systems of the sort hit by the infamous Stuxnet worm. Tony Haywood, chief technology officer at Idappcom, told V3.co.uk that hackers could be going for the systems as they are typically less well defended than more mainstream public facing IT systems…”
May 2011 ICS-CERT (Industrial Control System-Cyber Emergency Readiness Team) a branch of the US Dept of Homeland Security (DHS) issued a number of advisories in 2011 regarding vulnerabilities in SCADA systems. These advisories included ICSA-11-131-01 which describes how vulnerabilities in Iconics (Human Machine Interfaces – HMI) Genesis32 and BizViz products, “results in remote arbitrary code execution with privileges of the current user.”
May 13, 2011 Obama Administration offers a “Cybersecurity Legislative Proposal” to assist Congress on the formation of new cyber laws. The proposal concludes that, “Our Nation is at risk. The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.”
Without a doubt, the cybersecurity challenges confronting our Nation have more facets than the vulnerability of SCADA system. However, the Federal government is taking a very proactive and comprehensive stance on the issue of critical infrastructure security. This stance will necessarily address the SCADA component of critical infrastructure facilities such as power generation station and data centers.
These news items are snapshots that indicate a clear and growing threat to the security of SCADA systems. It is essential that private and public data centers recognize this vulnerability and take steps to secure their systems from cyberattack.
