[ISN] Digital dangers in a wired world

From: InfoSec News <alerts_at_private>
Date: Mon, 14 Dec 2009 01:15:57 -0600 (CST)
http://joongangdaily.joins.com/article/view.asp?aid=2913933

By Lim Mi-jin, Kim Jeen-kyung 
JoongAng Daily 
December 14, 2009

It's the stuff of action flicks. In "Live Free or Die Hard," terrorists 
paralyze the United States by taking over all transportation systems, 
broadcasting, communications and the power grid. It’s a total shutdown 
and only Bruce Willis can save the world from the evil hackers.

But the plot’s not a total fiction.

In today’s interconnected world, system after system can collapse if a 
central computing facility such as a supervisory control and data 
acquisition, or Scada, system fails. These Scada collect data from 
sensors at plants and other remote locations and then send data to a 
central computer that manages and controls data.

So what we saw in the last Die Hard movie has actually already been 
experienced. Ask the Poles. In January last year, a subway train 
derailed in Lodz injuring several passengers after a 14-year-old boy 
hacked into the railway operation system. And look at what happened in 
the United States in August 2003 when a virus called a "Blaster Worm" 
found its way into the Scada for the power grid in the northeast of the 
U.S. Around 5,000 people in seven states were injured in the ensuing 
blackout. "Once you hack into the Scada, you can manipulate all the 
water, electricity and gas supply systems," said Park Chan-am, 20, the 
winner of a hacking protection competition held in Korea this year, part 
of Codegate 2009, an international event.

Korea has already installed Scada systems in most facilities across the 
country. These facilities control everything from reserving train 
tickets to supplying electricity and air-conditioning. They even control 
the floodgates of multipurpose dams and the quality of tap water in 
Seoul.

And we have seen what can happen when things go wrong. On Nov. 27, the 
electric power in the Korea Railroad Corporation building in 
Bongnae-dong, central Seoul, went off at 5:21 p.m. Within a minute, 
Korail had supplied emergency electric power but all systems for issuing 
train tickets nationwide were halted for nearly two hours because the 
computer server managing train ticket reservations and issuance that was 
installed in the Korail building malfunctioned.

The situation was not life threatening but it caused a major 
inconvenience for passengers trying to buy tickets.

Korea's largest Scada system in scale is Korea Electric Power 
Corporation’s "smart grid," which will be test run from 2011. The system 
will have sensors and cameras installed in existing power plants and 
power grids. Those sensors and cameras are going to allow Scada to 
control the volume of regional power supply and demand. In that way, the 
proper amount of electricity is expected to be provided to each region 
at that right time.

Experts say this measure could save energy but electric power supply 
operation across the country could be paralyzed if the Scada is 
compromised. "It is almost impossible to hack into the smart grid system 
because it is operated by a remote Internet network and it has advanced 
security facilities attached," said an official at Kepco who asked not 
to be identified.

However, experts in the security industry said the system could be 
breached. Security experts say safeguard measures have to be included in 
a law related to the establishment of the smart grid. They cite the 
example of an employee from a company in charge of disposing garbage 
penetrated the Scada and released a large amount of waste in a river in 
Queens-land, Australia. Apparently he had a grudge against the local 
council.

"Terrible damage, such as a large-scale power blackout, is highly likely 
if the system is attacked by hackers," said Lim Jong-in, a professor at 
Korea University’s Graduate School of Information Management and 
Security. "The planned bill has to be revised in order to arrange for a 
high security budget and secure human resources."


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Sun Dec 13 2009 - 23:15:57 PST

This archive was generated by hypermail 2.2.0 : Sun Dec 13 2009 - 23:32:08 PST