Picking at SCADA

Over the past month or two, Supervisory Control and Data Acquisition (SCADA)  systems have seen an increased amount of attention.  These systems control many parts of our critical infrastructure including electricity, natural gas, petroleum, and water.  Disrupting these services could cause significant damage to the US, especially in time of conflict.  And, thanks to the Internet, US adversaries would not need to field saboteurs in the US to start breaking this stuff. Back at the turn of the century, I recall discussing the matter of US adversaries hacking SCADA networks to inflict damage on the US as a means of terrorism or as a combat multiplier.  At that time, it was a hard sell and not many thought it was a credible threat.  Well, almost 12 years later and we are seeing examples of that scenario playing out.

Just last week we saw a publicized account of a remote attacker breaking a water pump and rendering it unusable.  It looks like the attackers stole remote access credentials from the manufacturer to gain access.  (EDITOR'S NOTE: That last sentence has enough issues in it to fuel about three more blog posts, but I'll ignore them for now.)  In this instance, the SCADA system was attacked indirectly.

That is not to say that indirect attacks on SCADA systems are the only option available.  An enterprising young man by the name of Luigi Auriemma has compiled a nice list of exploits for SCADA systems.  At last count, he has provided twenty (20) descriptions of SCADA vulnerabilities.  He's also been kind enough to give us all some hints on how to exploit these vulnerabilities.  Who says common courtesy is dead?

The last thing I want to leave you all with is a point to ponder:

Does your organizations rely on Internet connected systems to control its critical infrastructure?

How do you access you HVAC, UPS, and back up generator?  Have you thought about the risk of losing one of those systems?  Critical infrastructure protection is not just a problem for nation states any more.



Auriemma, L 2011a, “ADVISORIES.” Luigi Auriemma. Retrieved November 21, 2011, from http://aluigi.altervista.org/adv.htm
Auriemma, L 2011b, “Application:  Microsys PROMOTIC.” Microsys PROMOTIC SCADA Vulnerability. Retrieved November 21, 2011, from http://aluigi.altervista.org/adv/promotic_2-adv.txt
Auriemma, L 2011c, “atvise webMI2ADS - Web server for Beckhoff PLCs.” Luigi Auriemma. Retrieved November 21, 2011, from http://aluigi.altervista.org/adv/webmi2ads_1-adv.txt
Goodin, D 2011, “Water utility hackers destroy pump, expert says.” The Register. Retrieved November 18, 2011, from http://www.theregister.co.uk/2011/11/17/water_utility_hacked/
Sawyer, JH 2011, “0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk - Dark Reading.” Dark Reading. Retrieved September 19, 2011, from http://www.darkreading.com/blog/231601549/0-day-scada-exploits-released-publicly-exposed-servers-at-risk.html
Schneier, B 2011, “Hack Against SCADA System.” Schneier on Security. Retrieved November 21, 2011, from http://www.schneier.com/blog/archives/2011/11/hack_against_sc.html
Zetter, K 2011, “H(ackers)2O: Attack on City Water Station Destroys Pump.” Wired.com Threat Level. Retrieved November 21, 2011, from http://www.wired.com/threatlevel/2011/11/hackers-destroy-water-pump/