Truemors
Scott Lunsford, a researcher for IBM's Internet Security Systems
offered to test the vulnerabilities for potential access of a nuclear
power plant's network via the internet. The plants owner told Lunsford
that penetration would be impossible. As it turned out, says
Lunsford, he had penetrated the network the first day, and within a
week they were controlling the nuclear power plant. Lunsford states, the
Nuclear Regulatory Commission has government-mandated safeguards that
would have prevented him from triggering a nuclear meltdown, but he's
fairly certain that accessing controls through the company's network,
he could have sabotaged the power
supply to a large portion of the state.
SCADA (Supervisory Control and Data Acquisition) systems, a type of software made by Siemens, Rockwell, and Emerson are use around the country to control water filtration and distribution, trains, subways,
natural gas and oil pipelines and practically every type of industrial manufacturing.
Those weaknesses are increasingly connected to the internet, exposing the
critical infrastructure to anyone with moderate technology skills and a laptop.
To be sure, the threat of attacks on major SCADA systems isn't entirely new, and the wave of cyberterrorism predictions that followed Sept. 11, 2001, have largely been dismissed as hype and paranoia. But given SCADA systems' vulnerability, many experts wonder why those attacks haven't yet materialized.One answer may be the sheer complexity of major infrastructure systems: Though SCADA computers have weak external security, controlling them takes engineering expertise. Most hackers could only gain enough control to create the fear that they're capable of something worse, says Alan Paller, director of the SANS Institute.
That means that even if outright attacks aren't increasing, there's a growing threat of extortion, says Paller. In fact, the SANS Institute hosts a crisis response center for cyberattacks, and Paller says he's learned of multiple threats within the last year and a half from hackers claiming to have infiltrated SCADA systems and demanding ransom. Other shakedowns have likely gone unreported.
Comments (0)