Industrial Control Systems Safe? I Think Not

Use Netsparker


It seems like there is some serious hacking going on, attacks on power stations and industrial control systems.

You’d think most of these systems would be offline, or at least behind a solid DMZ. But as we’ve seen before they often get exposed by people plugging into the LAN then accessing the net through dial-up or nowadays through mobile data (HSDPA/3G etc.).

The sad thing is deaths have actually resulted from such intrusions.

The networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said Thursday.

Joseph Weiss, managing partner of control systems security consultancy Applied Control Solutions, didn’t detail the breach that caused deaths during his testimony before a U.S. Senate committee, but he did say he’s been able to find evidence of more than 125 control systems breaches involving systems in nuclear power plants, hydroelectric plants, water utilities, the oil industry and agribusiness.

“The impacts have ranged from trivial to significant environmental damage to significant equipment damage to deaths,” he told the Senate Commerce, Science and Transportation Committee. “We’ve already had a cyber incident in the United States that has killed people.”

More than 125 breaches? That’s quite a significant number. The scary part is the Nuclear plants, imagine if a cyberterrorist or hacker can cause a Nuclear meltdown or malfunction in a Nuclear facility?

I’d like to see the US government look into this area a little more and perhaps implement some new standards for Control System security.

It’s an area that really needs tighter security and legislation.

At other times, Weiss has talked about a June 1999 gasoline pipeline rupture near Bellingham, Washington. That rupture spilled more than 200,000 gallons of gasoline into two creeks, which ignited and killed three people. Investigators found several problems that contributed to the rupture, but Weiss has identified a computer failure in the pipeline’s central control room as part of the problem.

It could take the U.S. a long time to dig out from coordinated attacks on infrastructure using control systems, Weiss told senators. Damaged equipment could take several weeks to replace, he said. A coordinated attack “could be devastating to the U.S. economy and security,” he said. “We’re talking months to recover. We’re not talking days.”

The industrial control system industry is years behind the IT industry in protecting cybersecurity, and some of the techniques used in IT security would damage control systems, Weiss added. “If you penetration-test a legacy industrial control system, you will shut it down or kill it,” he said. “You will be your own hacker.”

The problem with these kind of attacks is they might involve multiple vectors in one attack which means it takes a long long time to investigate and work out what actually happened.

It’s backwards too because Industrial Control Systems are so important in our lives but their security is so so far behind.

Definitely an area to watch, I hope some positive improvements are made.

Source: CIO (Thanks Navin)

Posted in: Hacking News, Hardware Hacking


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


3 Responses to Industrial Control Systems Safe? I Think Not

  1. Alan April 28, 2009 at 10:53 am #

    Having studied and worked briefly in control systems and PLC before starting my IT career, which led into IT Security, I can say that I am not in the least bit surprised as I have seen the slow grinding of the wheels leading up to this.

    Control systems were traditionally seperate from TCP networks due to differences in protocols used and in many cases equipment used in IT cannot withstand the environments most industrial control systems run in, but the biggest safe point was that control systems as a whole are usually self contained as one complete system.

    The problem that we see in this article is that the convenience of remote monitoring and the monitoring of multiple control systems that are hard to replace/upgrade into more intelligent control systems and campus wide monitoring has invariably led to rather sloppy integration, poor sanity checks and also allowing these monitoring systems to influence and control these legacy systems.

    The biggest mistake is making it possible for people to attach these systems to any ‘public’ network and by public I mean any network that would break the self containment of the system.

    Most of these system were designed as a complete solution and meant to run for decades with no change other than wear and tear replacements. They have no chance against modern systems and anything further than monitoring is tantamount to suicide.

  2. Navin April 28, 2009 at 11:41 am #

    yeah I completely agree with darknet….see we all point fingers at the taliban saying tht they may get their hands on pakistani nukes….but the fact is tht the probability of the same being done by a cyber security n00b…..I’m pretty sure U heard of the CERN LHC being hacked as well….this shows how major establishments are under threat!!

  3. Morgan Storey April 29, 2009 at 4:49 am #

    Geez airgap people. I found it amusing that in BSG they didn’t network their systems to guard against compromise, maybe we should take a leaf out of this sci-fi book.
    Critical systems should simply either not be networked at all, or in a minor fashion, but never connected to a non-critical or internet network.
    Lock down the physical so you can’t plug in a USB wireless/pcmcia device.