SCADA/Municipal water system attacks

Sam Kreimeyer skreimey at gmail.com
Sun Nov 20 15:27:03 MST 2011 

I think that most operators generally take whatever data SCADA spits
out at face value. After all, how would they recognize what dangerous
behavior looks like if they don't understand how these systems work
anyway? Let the IT guy figure it out.

I think we are witnessing the nascence of an appreciation for just how
devastating a vulnerability to industrial control mechanisms can be.
The security of these systems has long relied on their own obscurity
and the hope that nobody will be particularly inclined to cause havoc
with no *obvious* potential for profit. That's why they have that
expensive firewall, right?

On 11/20/11, Derek Trotter <expat.arizonan at gmail.com> wrote:
> Same here.  When I first heard of this, I said to myself:  "Bet these
> systems run on windows."
>
> On 11/20/2011 14:00, Lisa Kachold wrote:
>>
>>
>> On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash <michael at butash.net
>> <mailto:michael at butash.net>> wrote:
>>
>>     There was some idle chat here prior about Stuxnet and how it
>>     almost single-handed stopped or at least delayed Iran's Nuclear
>>     aspirations, and I'd commented on how there was a variant called
>>     Duqu that was running rampant in our SCADA systems that run
>>     municipal water.
>>
>>     Seems our environmentals that run cities have and are being
>>     exploited more frequently with more disclosures in the past few
>>     days of incidents in Springfield Illinois and Houston Texas.  Not
>>     only do I guarantee security on these systems and networks not up
>>     to par, their embedded and obscure nature means they probably
>>     aren't even regularly patched to take advantage.  In the
>>     Springfield incident they actually caused damage to a critical
>>     pump, and it's only going to continue to get worse as it's now
>>     being talked about more mainstream and word spreads.
>>
>>     http://www.theregister.co.uk/2011/11/17/water_utility_hacked/
>>
>>     http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/
>>
>>     I know I sleep better at night knowing all this software runs on
>>     old windoze systems!  Even better is how they're talking about in
>>     here how they are often now internet connected systems so they can
>>     be managed remotely to save costs (i.e. outsource it).  Maybe
>>     letting the Chinese government run our city water systems isn't
>>     quite what they had in mind, but anything to save a buck in these
>>     trying times I suppose...
>>
>>     -mb
>>
>>
>> chortle! snort!
>> --
>> (602) 791-8002  Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> HomeSmartInternational.com
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

More information about the PLUG-discuss mailing list