FACT CHECK: SCADA Systems Are Online Now. Follow-Up Article: SCADA: Air Gaps Do Not Exist A recent "Fact Check" by Scot Terban requires some fact checking. In his post, he basically shows that he has no idea how many SCADA systems are online. Scot stated "How about the fact that said systems are connected to the internet on a regular basis and SCADA aren’t", well this is a flaw and error of epic magnitude. The fact is, nearly everything is connected now. In 2000 I contracted to the Sydney Olympic authority. To make the Olympics run smoothly, they NSW government officials decided to connect control systems into a central head-quarters. Traffic systems Rail systems Water systems Power systems Emergency response systems / Police Sewerage systems That was only the tip of the iceberg. The control class file was easy to reverse engineer and it was simple to toggle the controls in order to make it into a system that could send signals as well as report them.
Once the Olympics ended, so did any funds to maintain the system. So, Scot... Experts warn of holes in critical SCADA software | Security. By Reuters Posted on 17 Jun 2011 at 08:39 Chinese software used to run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security. The department issued an advisory warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology saying that hackers could exploit them to launch attacks on critical infrastructure. Sunway's products, widely used in China, are also deployed to a lesser extent in other countries, including Western powers. "These are vulnerabilities that hackers could leverage to cause destruction," said Dillon Beresford, a researcher with private security firm NSS Labs, who discovered the bugs.
We can pressure the vendors to actually patch the vulnerabilities instead of sitting on them because these systems are inherently flawed by design Last year, the Stuxnet computer worm targeted industrial control systems manufactured by Siemens. Siemens fixes SCADA holes found by hacker. High performance access to file storage Siemens has patched security vulnerabilities in its widely used Simatic S7 industrial computer system that made it possible for attackers to disrupt or sabotage operations at gas refineries, chemical plants and other critical facilities.
In an advisory (PDF) issued on Friday, the Industrial Control Systems Cyber Emergency Response Team said the Siemens update fixed a “portion” of the vulnerabilities discovered in the S7-1200 PLC, or programmable logic controller, by NSS Labs researcher Dillon Beresford. Last month, he and a colleague cancelled a scheduled talk about critical vulnerabilities in the PLC following requests by the German manufacturer and officials from the US Department of Homeland Security. A separate advisory issued by Siemens said the updated firmware fixed two vulnerabilities. A second vulnerability allowed attackers to shut down a controller by overloading the communications it receives. First true SCADA-specific malware detected. Back in 1999, when I ran then-governor Jeb Bush's statewide Y2K awareness and remediation effort, I first happened to learn about SCADA systems.
What is SCADA, you ask? SCADA stands for Supervisory Control and Data Acquisition. SCADA systems basically are remotely-activated and remotely-operated devices that perform certain specialized functions. SCADA systems are used, for example, to monitor, open and close freshwater pumps; operate wastewater pumping systems; perform routine functions in power plants; perform functions in manufacturing plants, refineries, and other facilities; and monitor the next-generation electric "smart grid" that is becoming so popular these days. In short, SCADA systems have become a vital component of the nation's critical infrastructure, since so many SCADA functions deal with water, power, and heavy manufacturing processes.
This, naturally, makes them an ideal target for terrorists and naughty nation-states. From Wikipedia: Removing SCADA worm could disrupt power plants. Top 10 endpoint backup mistakes Siemens has made a program available for detecting and disinfecting malware attacking its software used to control power grids, gas refineries, and factories but warned customers who use it could disrupt sensitive plant operations. The Munich-based engineering company on Thursday began distributing Sysclean, a malware scanner made by Trend Micro. It has been updated to remove Stuxnet, a worm that spreads by exploiting two separate vulnerabilities in Siemens's SCADA, or supervisory control and data acquisition, software and every supported version of Microsoft Windows. “As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way,” Siemens warned. The company also advised customers to keep the scanner updated because “there are currently some new derivative versions of the original virus around.”
Siemens has updated WinCC to fix the vulnerability. Top 10 endpoint backup mistakes. Siemens: Removing SCADA worm may harm industrial systems. News By Robert McMillan July 22, 2010 03:15 PM ET IDG News Service - Removing a dangerous worm that targets industrial systems could disrupt plant operations, Siemens Industry warned customers Thursday. The warning came as Siemens released a new tool that finds and removes the malicious software along with a full-fledged security update for its SCADA (supervisory control and data acquisition) management products. Siemens on Thursday released the update along with the tool, developed by security vendor TrendMicro. But in a note sent to customers, the company warned users to check with customer support before removing the software from an infected SCADA system. "As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way," the note reads.
The worm was identified by security vendor VirusBlokAda last month. After delay, hacker to show flaws in Siemens industrial gear. June 06, 2011, 8:20 PM — A security researcher who says he's found serious problems with Siemens computers used in power plants and heavy industry is now expecting to go public with his research at the Black Hat security conference in Las Vegas. In May, NSS Labs Researcher Dillon Beresford pulled out of a Dallas hacking conference at the last minute when Siemens was unable to fix problems he'd found in the firmware of its S7 programmable logic controller. After consulting with Siemens and the U.S. Department of Homeland security, NSS decided that it was simply too dangerous to go public with its information before a patch could be fully developed.
The systems Beresford had hacked are used to run power and chemical plants, some of which could be damaged if they were hit by a computer attack. Now NSS Labs CEO Rick Moy says Beresford is rescheduled to deliver his talk at Black Hat, which runs Aug. 2-3. Breaking into some industrial networks would be even easier than that, according to Moy.