The electrical industry is just one industry that relies on SCADA systems.
It seems that someone has finally gotten the message that our critical infrastructure is in danger! A recent article in nbcnews.com, U.S. Infrastructure Can Be Hacked With Google, Simple Passwords, quotes authorities as saying that “…the 2013 hack of the Bowman Avenue Dam in Rye Brook, N.Y., was a “frightening new frontier” of cybercrime that’s “scary to think about.” Since this realization comes nearly three years after the event, one has to wonder what remote cave authorities have been living in all these years.
For some time those with a vested interest in cybersecurity have been sounding the alarm that our critical infrastructures are in grave danger.
Just to recap, our nation’s critical infrastructure consists of sixteen sectors that have been deemed critical by Presidential Policy Directive 21 (PPD-21) for the countries viability. They have been identified as: the Chemical Sector, Commercial Facilities Sector, Communications Sector, Critical Manufacturing Sector, Dams Sector, Defense Industrial Base Sector, Emergency Services Sector, Energy Sector, Financial Services Sector, Food and Agriculture Sector, Government Facilities Sector, Healthcare and Public Health Sector, Information Technology Sector, Nuclear Reactors, Materials, and Waste Sector, Transportation Systems Sector, and the Water and Wastewater Systems Sector.
Those with malicious intent, for better word, hackers, have for years been intent on gaining access to those systems. They are particularly interested in gaining control of the SCADA systems to those critical sectors. SCADA, the Acronym for Supervisory Control And Data Acquisition, a type of industrial control system, is an integration of computer monitoring systems and physical processes. Essentially, if you can hack into the SCADA system of a critical sector, you can physically control the operations of the sector. With a few keystrokes you can open and close switches or valves and generally wreak havoc on a system.
For example, a water utility in Illinois was hacked and a pump was destroyed, centrifuges were damaged at an Iranian nuclear facility, SCADA systems in the Ukrainian power grid were attacked resulting in a blackout in the region, a nuclear plant in the US was attacked in 2003 resulting in a shutdown, the list goes on, but the attack on the dam in Upstate NY currently has grabbed headlines. Chris Francescani, in writing the above mentioned nbcnews.com article quotes FBI computer crime investigator Mike Bazzell as saying “This stuff has been happening undetected for years, and now this is one of the first times that it’s surfaced publicly.”
As intent as hackers are in gaining control of our systems, the good guys, that’s us, must be equally intent on preventing that from happening. Since most critical sectors are privately owned enterprises, this must be a coordinated and cooperative effort by businesses, government agencies and cyber professionals to prevent a major catastrophe from striking our nation. For years cyber experts have been warning about a cyber Pearl Harbor occurring should hackers gain control of our systems. Slowly, steadily it appears they have been doing so. To forestall their efforts, attention and funding is beginning to show up to bolster our defenses. In his latest budget proposal, President Obama has called for a $14 billion increase in cyber security initiatives to help protect our critical infrastructure. Let’s hope it’s enough, and not too late.
Learn more about protecting our critical infrastructures here.
Department of Homeland Security (n.d.). Critical Infrastructure Sector. Retrieved from https://www.dhs.gov/critical-infrastructure-sectors
Francescani, C. (2016, April 3). U.S. Infrastructure Can Be Hacked With Google, Simple Passwords. NBC News. Retrieved from http://www.nbcnews.com/news/us-news/u-s-infrastructure-can-be-hacked-google-simple-passwords-n548661
Rashid, F. Y. (2011, November 18). Cyber-Attackers Breach SCADA Network, Destroy Destroy Pump at Water Utility. eWeek. Retrieved from http://www.eweek.com/c/a/Security/CyberAttackers-Breach-SCADA-Network-Destroy-Pump-at-Water-Utility-614710
Reiten, G. (2012, September, 27). Chinese Hackers Blamed for Breach of Telvent’s SCADA-Related Network. Powermag. Retrieved from http://www.powermag.com/chinese-hackers-blamed-for-breach-of-telvents-scada-related-network/
Shalal, A. (2015, February, 2). Obama seeks $14 billion to boost U.S. cybersecurity defenses. Reuters. Retrieved from http://www.reuters.com/article/us-usa-budget-cybersecurity-idUSKBN0L61WQ20150202