Woeful SCADA Security

The talk presented the findings of “Project Basecamp,” a volunteer-led security audit of leading programmable logic controllers (PLCs). The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code.


This opens a whole new field of malware attack area of opportunity. It’s been coming for a long time with claims surfacing of possible hacker attacks into infrastructure that could literally effect your way of life.

To start out with, SCADA (Supervisory Control and Data Acquisition) and it’s hand in hand component PLC (Programmable Logic Controllers) are obsolete telephone technology. The telephony no longer uses them but now industry does. It’s been one of the main ways to eliminate jobs. People are no longer needed to monitor and adjust equipment on site at the component. The SCADA does that monitoring and adjusting and can be done from any where in the world or at multiple sites, including on site. It has a second appealing part in the elimination of physical panel boards and components used to operate industrial processes and changing them is a much lower expense, than altering a physical control board. It’s pretty much all virtual.

You have remote sensors that could check pressures, temperatures, levels, or tolerances. You have a SCADA rack consisting of PLC racks of plug in units that the remote sensors connect to, and you have the Programmable Logic Unit that carries the ladder logic circuits for the PLCs in the rack. All of these are hooked to a computer as a human/computer interface, where the operator interacts with the programming/GUI.

Instead of needing people at 10 different stations (which could be feet or miles apart) you have one operator at the computer checking all the data as overseer, while the logic circuits look for out of tolerance conditions. As long as no out of tolerance conditions occur, everything functions as it should. If out of tolerance conditions occur, depending on severity, either human interaction or automatic functions trigger to bypass or shutdown mechanical systems.

In addition, you could have an engineer concerned with over all plant functioning and quarterly data gathering for efficiency look at the processes in the regional central office, perhaps several states or even countries away from where the data is collected at. He too could have control with human/computer interface tied in.

So why is all this important? Well, if you live in the modern world, you get your electricity from a fairly modern power plant. That plant is very likely wired to the gills with SCADA/PLC controls. If you receive city water, that too is under the same set up. If you get city or natural gas to your residence, again, you are most likely receiving it from such a setup. You drive the roads today, very similar operations control entire red light operations through out the city for traffic control to ensure the traffic moves as smoothly as possible. Food, such as milk processing, oil platforms and refineries are included in this adaptation to SCADA/PLC. The manufacturing and service centers across the first world nations are now pretty much all wired up this way. It’s just another way of saying the entire infrastructure of major cities and manufacturing are now becoming interactive.

While all the corporations have jumped on the bandwagon of labor saving operations, security hasn’t followed suit. I am sure you have all heard of the Stuxnet worm and it’s attack on Iranian centrifuges doing nuclear enrichment concentrations. That’s all done with the same sort of setup for control and monitoring. Security for the SCADA/PLC systems are near non-existent for buffer overflows. Once in, an overflow will give access provided you have everything you need to break security and reprogram. Of course it isn’t as easy as just talking about it. There is a lot of data you have to have before hand. But if you have it, the way is open for access. The Stuxnet worm has shown the way to enter the systems. In the next few coming years, hackers will be studying these methods of access, just like they did the spyware/datamining efforts to learn how to infect computers by you just showing up at a site. The Stuxnet worm opened the door.

The testing of SCADA/PLC for basic security by a security team came back with this report.

“It’s a blood bath mostly,” said Wightman of Digital Bond. “Many of these devices lack basic security features.”

You will be hearing more of these issues in the coming years. This is just the skin off the tip of the iceberg, not the heart of the matter.

Posted in Thoughts.

Leave a Reply

Your email address will not be published. Required fields are marked *