Industrial Control Systems Safe? I Think Not

The New Acunetix V12 Engine


It seems like there is some serious hacking going on, attacks on power stations and industrial control systems.

You’d think most of these systems would be offline, or at least behind a solid DMZ. But as we’ve seen before they often get exposed by people plugging into the LAN then accessing the net through dial-up or nowadays through mobile data (HSDPA/3G etc.).

The sad thing is deaths have actually resulted from such intrusions.

The networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said Thursday.

Joseph Weiss, managing partner of control systems security consultancy Applied Control Solutions, didn’t detail the breach that caused deaths during his testimony before a U.S. Senate committee, but he did say he’s been able to find evidence of more than 125 control systems breaches involving systems in nuclear power plants, hydroelectric plants, water utilities, the oil industry and agribusiness.

“The impacts have ranged from trivial to significant environmental damage to significant equipment damage to deaths,” he told the Senate Commerce, Science and Transportation Committee. “We’ve already had a cyber incident in the United States that has killed people.”

More than 125 breaches? That’s quite a significant number. The scary part is the Nuclear plants, imagine if a cyberterrorist or hacker can cause a Nuclear meltdown or malfunction in a Nuclear facility?

I’d like to see the US government look into this area a little more and perhaps implement some new standards for Control System security.

It’s an area that really needs tighter security and legislation.

At other times, Weiss has talked about a June 1999 gasoline pipeline rupture near Bellingham, Washington. That rupture spilled more than 200,000 gallons of gasoline into two creeks, which ignited and killed three people. Investigators found several problems that contributed to the rupture, but Weiss has identified a computer failure in the pipeline’s central control room as part of the problem.

It could take the U.S. a long time to dig out from coordinated attacks on infrastructure using control systems, Weiss told senators. Damaged equipment could take several weeks to replace, he said. A coordinated attack “could be devastating to the U.S. economy and security,” he said. “We’re talking months to recover. We’re not talking days.”

The industrial control system industry is years behind the IT industry in protecting cybersecurity, and some of the techniques used in IT security would damage control systems, Weiss added. “If you penetration-test a legacy industrial control system, you will shut it down or kill it,” he said. “You will be your own hacker.”

The problem with these kind of attacks is they might involve multiple vectors in one attack which means it takes a long long time to investigate and work out what actually happened.

It’s backwards too because Industrial Control Systems are so important in our lives but their security is so so far behind.

Definitely an area to watch, I hope some positive improvements are made.

Source: CIO (Thanks Navin)

Posted in: Hacking News, Hardware Hacking


Latest Posts:


RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.
Powershell-RAT - Gmail Exfiltration RAT Powershell-RAT – Gmail Exfiltration RAT
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants etc.
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.


3 Responses to Industrial Control Systems Safe? I Think Not

  1. Alan April 28, 2009 at 10:53 am #

    Having studied and worked briefly in control systems and PLC before starting my IT career, which led into IT Security, I can say that I am not in the least bit surprised as I have seen the slow grinding of the wheels leading up to this.

    Control systems were traditionally seperate from TCP networks due to differences in protocols used and in many cases equipment used in IT cannot withstand the environments most industrial control systems run in, but the biggest safe point was that control systems as a whole are usually self contained as one complete system.

    The problem that we see in this article is that the convenience of remote monitoring and the monitoring of multiple control systems that are hard to replace/upgrade into more intelligent control systems and campus wide monitoring has invariably led to rather sloppy integration, poor sanity checks and also allowing these monitoring systems to influence and control these legacy systems.

    The biggest mistake is making it possible for people to attach these systems to any ‘public’ network and by public I mean any network that would break the self containment of the system.

    Most of these system were designed as a complete solution and meant to run for decades with no change other than wear and tear replacements. They have no chance against modern systems and anything further than monitoring is tantamount to suicide.

  2. Navin April 28, 2009 at 11:41 am #

    yeah I completely agree with darknet….see we all point fingers at the taliban saying tht they may get their hands on pakistani nukes….but the fact is tht the probability of the same being done by a cyber security n00b…..I’m pretty sure U heard of the CERN LHC being hacked as well….this shows how major establishments are under threat!!

  3. Morgan Storey April 29, 2009 at 4:49 am #

    Geez airgap people. I found it amusing that in BSG they didn’t network their systems to guard against compromise, maybe we should take a leaf out of this sci-fi book.
    Critical systems should simply either not be networked at all, or in a minor fashion, but never connected to a non-critical or internet network.
    Lock down the physical so you can’t plug in a USB wireless/pcmcia device.