CybersecuritySCADA more vulnerable than ever

Published 22 May 2009

Modern SCADA networks are more vulnerable than ever because they use open networking standards (such as TCP/IP), are now deployed under less secure operating systems (Windows), are connected to other networks (including Internet), and cannot be easily updated and rebooted

Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment. SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, dams, water, and waste control.

Stories about hackers who damage the power grid or any other key SCADA infrastructure frequently make the headlines. The Wall Street Journal reported in April that a federal audit of critical infrastructure facilities in the U.S. power industry had been compromised with software that would allow the attackers to disable key elements of the national power grid. “The Chinese have attempted to map our infrastructure, such as the electrical grid,” a U.S. senior intelligence official said on the occasion. One year ago, the CIA claimed that a cyberattack had caused a multicity power outage at an unspecified location outside the United States (rumor has it that Hydro-Quebec was also a target of cyberspies; see 14 May 2009 Les affaires.com: “Des cyberespions travaillant pour des États étrangers pourraient s’infiltrer dans le système informatique d’HydroQuébec, comme cela vient de se produire aux États-Unis, pour provoquer des pannes d’électricité dans son réseau”).

MacAfee TrustedSource’s blogger writes that last week he discovered a video posted on YouTube in November 2008. On the video you can see two guys hacking a central light system and then playing space invaders on it!

The blogger writes he ha some doubts about the technical aspects of these light-show “attacks” on unprepared buildings. Fake or not, however, the video confirms that hackers and cybercriminals have got their eyes on SCADA networks. Perhaps the first demo was just for fun, but the others will have less juvenile goals. An attack can involve nationwide damage, a terrible effect on the public’s morale, and huge financial losses. Modern SCADA networks are more vulnerable than ever because they use open networking standards (such as TCP/IP), are now deployed under less secure operating systems (Windows), are connected to other networks (including Internet), and cannot be easily updated and rebooted.

For SCADA, which typically allows only a closely defined list of applications to run, a security approach that includes whitelisting can be a good solution. McAfee’s recent acquisition of Solidcore will help our customers in this area.