SCADA/Municipal water system attacks

Michael Butash michael at butash.net
Sat Nov 19 23:25:09 MST 2011


There was some idle chat here prior about Stuxnet and how it almost 
single-handed stopped or at least delayed Iran's Nuclear aspirations, 
and I'd commented on how there was a variant called Duqu that was 
running rampant in our SCADA systems that run municipal water.

Seems our environmentals that run cities have and are being exploited 
more frequently with more disclosures in the past few days of incidents 
in Springfield Illinois and Houston Texas.  Not only do I guarantee 
security on these systems and networks not up to par, their embedded and 
obscure nature means they probably aren't even regularly patched to take 
advantage.  In the Springfield incident they actually caused damage to a 
critical pump, and it's only going to continue to get worse as it's now 
being talked about more mainstream and word spreads.

http://www.theregister.co.uk/2011/11/17/water_utility_hacked/

http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/

I know I sleep better at night knowing all this software runs on old 
windoze systems!  Even better is how they're talking about in here how 
they are often now internet connected systems so they can be managed 
remotely to save costs (i.e. outsource it).  Maybe letting the Chinese 
government run our city water systems isn't quite what they had in mind, 
but anything to save a buck in these trying times I suppose...

-mb


More information about the PLUG-discuss mailing list