4 lessons from the Springfield, Ill. SCADA cyberattack
The water plant attack was minor, but more are coming, security experts say
Computerworld - The recent cyberattack on a public water utility in Springfield, Ill. has stoked considerable concerns about the vulnerability of U.S. critical infrastructure equipment.
The attack destroyed a pump at the facility when someone using a computer with an IP address based in Russia gained access to the Supervisory Control and Data Acquisition (SCADA) system controlling the pump.
Experts in the industrial control systems arena say that, while that attack was relatively inconsequential and not unsurprising given the vulnerabilities that exist, it may be a harbinger of things to come.
Here are four lessons from the incident, which is still under investigation:
Information sharing is critical
Though an initial report by the Illinois Statewide Terrorism and Intelligence Center called the incident a public water district cyber intrusion, the Department of Homeland Security (DHS) and other agencies that share information on such incidents have so far been relatively quiet about what happened. That led to speculation about the nature of the attack, how serious it was, and what the motives might have been. Some even question whether the pump could have failed in the manner reported in the incident report.
The water pump at the Springfield utility is supposed to have burned out after attackers used their access to the SCADA system to cycle the pump off and on continuously. Typically that should not have happened, said L.W. Brittian, a SCADA system consultant and training expert. "Rapid cycling of a large pump motor should not, by itself, have been enough to burn a pump motor up," Brittian said. While turning a pump motor on and off over and over can cause it to overheat. temperature and pressure control mechanisms built into it should have tripped, taking it safely offline.
"The SCADA system may have been accessible on the Internet, so someone could come in and get the pump to run and they could ask it to stop," Brittian said. "They could tell it to start and stop every three seconds until something happens," he said. But what they would not have been able to access over the Internet is the overload relay that is provided to protect the motor from overloading and burning up.
Even if hackers had accessed the operating controls, it's doubtful they could have also accessed the safety controls, he said. "We need more details of exactly what happened."
SCADA systems are easy to hack
A vast majority of the systems used to control critical equipment at places like power stations, nuclear power plants and water treatment facilities are inherently insecure. In many cases, anyone with logical access to an industrial control system or programmable logic controller can upload firmware on it without authentication. Passwords are often hardcoded into systems. And many systems have administrative backdoors and contain very basic buffer overflow errors.
Such vulnerabilities were acceptable for a long time because SCADA systems were not really connected to the outside world; An attacker usually needed physical access to a SCADA system to compromise it.
That's changed over the last few years. A growing number of SCADA systems are connected to the Internet, making them much more vulnerable to attack from external sources. Last week, a hacker named pr0f claimed he hacked into a SCADA system at a water utility in South Houston by overcoming a three-character password that was used to protect the system.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts