As the mainstream media and the hacking communities begin to take notice to the low hanging fruit that is SCADA, the stories are emerging. A great article at FCW illustrates some of these stories.
Robert Graham, chief scientist at Internet Security Systems, said an ISS team showed representatives from one small country that accessing a specially crafted Web address through a Web-enabled phone could shut down the national power grid and put the whole country in the dark.
These type of attacks will become more and more prevalent as SCADA systems move away from controlled access to network integrated. As I’ve demonstrated before SCADA systems are freely accessible on the internet. Think back to the blackout of 2003 that thrust most of the eastern seaboard into darkness. While this was not a computer based attack it was in fact a failure in software at FirstEnergy in Ohio. The article refers to the destruction inflicted by Hurricane Katrina and points that the oil and gas production has not fully recovered yet. At this point a cyber attack could effectively recreate the devestating effects of Katrina. The article arrives at the conclusion that the likelihood of a computer based terrorist attack would be highly unlikely, I would disagree.
It would be very difficult to launch a huge, coordinated attack against critical infrastructure that would cause equivalent physical, human and psychological damage, McBride said. Attackers would be more likely to park a truck bomb outside the front gates of a chemical plant than cause an accident through control systems, he said.
The potential for attack is very real but, from a much different adversary. We have seen the hostilities between US and China flare up before. And I talked about this when it happened again.
Article Link
[tags]SCADA, cyberattack, SCADA security[/tags]
