Recently, a rare bug in a SCADA system by Invensys was disclosed - one which if exploited could cause a remote Denial of Service on the system. As these systems are deployed in power plants, dam control systems and other truly mission critical systems such an attack scenario is a major concern for the public.
Vulnerabilities in SCADA (Supervisory Control And Data Acquisition) are perceived as rare, however let us not overlook the fact that most SCADA systems deployed today are either controlled and monitored by software running on "standard" operating systems (i.e. Windows, Linux) or are themselves based on these operating systems. Thus the systems are probably exposed to a plethora of vulnerabilities known to affect these platforms.
Last year, a short video clip was published with the results of a "secret" experiment on exploiting SCADA systems. Researchers spent a lot of time and money showing that sending specific command sequences to a generator would end up causing irreversible damage (as indicated by the inevitable smoke coming out of the tormented device). The truth is that they could spend 1/10 of the time and money by showing that if you turn off the cooling system of the generator (probably controlled by a Windows computer) you'll get the same effect.
All these SCADA exploits are just a reminder that most "civilization support" systems today are controlled by computers, most of them using standard operating systems, not to mention a web interface. It is definitely the time for governments all over the world to start setting and enforcing regulations not only for financial systems but also for those "civilization support" ones.
Leave a comment