[ISN] Is the SCADA Infrastructure Secure?

From: InfoSec News <alerts_at_private>
Date: Wed, 14 Apr 2010 00:26:09 -0500 (CDT)
http://www.embedded.com/columns/breakpoint/224202612

By Jack Ganssle
Embedded.com
04/12/10

Governors and others frequently bemoan the lack of investment being made 
in crumbling infrastructure. Bridges, tunnels and the rest of the brick 
and mortar that enables our lives are in disrepair, and we're told 
things are getting worse. Shrinking budgets insure that repairs will 
continue to fall behind. Pundits also say the electric grid is old and 
not capable of meeting 21st century needs.

I recently met with a control engineer who works for a large 
metropolitan water company. He's concerned about another kind of 
infrastructure " the digital one that monitors and controls factories 
and other large plants (including water plants, of course). These 
ubiquitous SCADA systems (supervisory control and data acquisition) 
often handle extremely high power actuators, like multi-thousand 
horsepower motors.

Industrial automation equipment often runs for decades or longer. Years 
ago, when working on a system in a steel mill, I came across a huge 
motor stamped with a manufacturing date of 1899. It was still in 
service. The electronics, too, often runs for decades.

That's a testament to great engineering and manufacturing, and is also 
potentially a great hazard. These systems were largely designed before 
security became an important issue. Many have been almost haphazardly 
connected to the Internet in the intervening years, when management sees 
the 'net as an easy way to monitor remotely and save money.

I have been told (by the NSA) that a Tylenol factory has been hacked. In 
2003 a worm shut down all safety monitoring on an Ohio nuke plant for 
five hours. Vancouver's traffic lights have been compromised. A 
14-year-old turned the Polish city of Lodz's trams into his own giant 
train set, derailing four cars and injuring at least a dozen people. 
There are many more instances.

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Tue Apr 13 2010 - 22:26:09 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 13 2010 - 22:37:36 PDT