How do you destroy or damage an oil refinery, a nuclear power plant, a municipal water system, a power grid, a natural gas pipeline, a sewage treatment plant or other vital infrastructure?

SCADA = Supervisory Control And Data Acquisition

This is a networked device used to monitor, control, and troubleshoot a piece of industrial equipment remotely. SCADA systems are a great money and time saver for large industrial plants. But right now they are also its weakest point.

SCADA Display for a Water Reclamation Station

SCADA Display – Water Reclamation Station

Attacking a SCADA installation may give a hacker partial or complete control over a valuable piece of infrastructure—the attacker can shut down devices, close or open valves, or issue commands that may damage or destroy assets controlled by the SCADA.

One attack dumped more than a quarter million gallons of sewage. Another hacker completely mapped out the South Houston water company’s SCADA vulnerabilities (including three-character passwords on devices).

The most famous SCADA attack is of course the Stuxnet worm, which slowed down the Iranian nuclear program, and which has infected more than 100,000 machines worldwide.

This video shows a 1 megawatt generator destroyed by a SCADA attack in a test by the Department of Homeland Security:

How do Hackers attack?

  • They research and exploit known vulnerabilites. Hackers develop ways to use vulnerabilities in SCADA software to add malicious code and take over the control system.
  • They achieve physical access. A suborned employee, a USB memory stick that’s been infected with Stuxnet, a quick hop over a chain link fence.
  • They get into the network. Wireless installations are notoriously easy to compromise. Many SCADA systems are hooked into the Internet with no firewall.
  • They use older vulnerabilities. Unpatched systems are particularly open.
  • If a hacker can’t use a vulnerability to gain control, sometimes they can use it to perform a ‘denial of service’ attack.
  • Malicious code can be injected into a system through its web-based interface. Directory traversal, SQL injection, even improper configuration of common server or workstation files, all these and more can serve a hacker’s purpose.

It is possible to reduce your risk from unauthorized incursions. Here are some steps you can take:

  • Document your SCADA installation thoroughly. Collect in a document (to be updated on a regular basis) important information on hardware components (servers, terminals, disk storage, applications vendor information, and versions), data stores (database names, schemas, and locations), network infrastructure (routers, switches, firewall configuration, network address schemes, connections to other networks).
  • Establish a change control management regimen. Make sure all patches and system changes are discussed before they are performed, that a risk analysis is present, and that changes are logged after being implemented. Keep current on system and software patches.
  • Control and manage access to the system. Create rules for access and how data is shared. Monitor, log, and periodically audit all access.
  • Build a perimeter. Disconnect from third party networks and the Internet. Discontinue use of wireless networks. Establish firewalls with strict rules between the SCADA systems and the intranet. Install software to monitor for malware and intrusions. ‘Harden’ your SCADA installation by turning off features such as remote maintenance. Consider the physical security of your systems as much as the electronic ones.
  • Prepare a recovery plan and accumulate whatever assets you need to rebuild your system quickly in a clean configuration in case of an attack.

SCADA allows the management of facilities that can cost hundreds of millions of dollars. It’s worth expending the time, money, and resources to protect them.

–William V. Burns


Intro to SCADA:

Here’s a site which explores how to find exposed devices:
It’s known as the “Google for Hackers”

SCADA Hacker
Vulnerabilities and their consequences:

Tech News World
Securing SCADA Systems: Where Do We Start?
Patrick Sweeney

Tofino Security Blog
Eric Byres

Network World
Lucian Constantin, IDG News Service


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s