• United States



SCADA Hacking madness

Nov 18, 20113 mins
Data and Information Security

Suddenly, all those SCADA threats you heard about are moving from theory to reality.

Two examples are incidents in Springfield, Illinois and Houston, as covered in CSO sister site Network World:

Cyber mayhem strikes as hackers launch digital attack that destroyed a water pump in real time and the physical world of Springfield, Illinois. Unhappy with Homeland Security’s response, a hacker took aim at the SCADA system behind Houston’s water supply network and posted ‘proof of concept’ hack.

David Marcus, director of security research at McAfee, wrote about the incidents in his blog, saying it’s no more difficult to attack a SCADA network or system than it is to attack any other system. It’s always just a matter of time, he writes, adding:

Certainly we may see more SCADA-based or SCADA-focused attacks in the future. Attackers tend to target systems that can be successfully compromised, and recent history has shown that these systems are at least as vulnerable as other types of networked systems. But that isn’t really the point. In my mind, the second question often morphs into “How do we know they are not already compromised and actively under attack now?”

He suspects there are active attacks going on right now, and that cyber forensic gathering is so poor at these facilities that it’s not difficult to cause mayhem below the radar.

Marcus offers SCADA network admins the following advice:

–Include “cyber” in all risk management

–Set up extensive penetration testing

–Set up extensive counter-social engineering training

–Put a SCADA-specific CERT plan and team in place

–Network with law enforcement at all levels

–Expect to get attacked and take appropriate countermeasures

None of what’s happening should come as a surprise. It’s been well documented that critical infrastructure is vulnerable to attack. CSO correspondent George V. Hulme has spent the better part of the past year looking at what we are up against.

In “SCADA security arms race underway,” he wrote:

While the race between industrial control system attackers and defenders didn’t start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.

For instance, just days ago, the three-person Moscow-based security consultancy Gleg announced it would update its Agora exploit pack (used in security testing applications) with scores of zero-day SCADA system vulnerabilities that had just been released. Some of those vulnerabilities were released with exploit code.

That release of SCADA exploits prompted a flurry of activity among some in the security community. Security and SIEM vendor Nitrosecurity, for instance, along with the Emerging Threats open source community, the Open Information Security Foundation, and control system security consultancy Digital Bond and others, worked together to deliver intrusion detection signatures for SCADA vulnerabilities released by security researcher Luigi Auriemma.

Now, with the release of zero-day vulnerabilities for the software that controls industrial systems — much in the way vulnerabilities are fully disclosed for enterprise and consumer applications — some are now asking if SCADA system security is going to quickly begin to resemble the security of traditional software and operating systems.

In another article he wrote about the need to pressure SCADA developers on security as one would software vendors.

We all knew this was coming. Now that some of the first documented compromises are on record, we hope critical infrastructure providers will see this for the wake-up call it is.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a