SCADA on Thin Ice: A Two-Person Team Consisting of a Good Hacker and a Good Electrical Engineer Could Wreak Havoc on Energy Systems from Anywhere in the World. (Tech Talk)
Piazza, Peter, Security Management
Below the computer networks that keep businesses connected to the Internet lies another, largely hidden level of technology that controls critical elements of the nation's infrastructure. These devices, known as supervisory control and data acquisition (SCADA) systems, are often poorly protected and are dangerously vulnerable to compromise by malicious attackers or even terrorists, according to engineering and IT experts. But in the reaction to 9-11 and amid fears that al Qaeda has begun to probe dam operations and other critical infrastructure systems, security issues are now being given more attention.
When SCADA systems were still proprietary, attackers needed to be insiders or industry professionals to hack their way through the complex system. Now, says Ron Fisher, deputy director of the Infrastructure Assurance Center at Argonne National Laboratory technology has made the job easier. "It's more complex than just hacking a Web site," he says, "but the trend is clearly more of a GUI [graphical user interface, a user-friendly interface, so once you get into the system, someone who's not very knowledgeable about the software but knows what they want to do" can more easily wreak havoc. Dave Teumim, a cyber-security consultant for the energy industry, says a two-person team consisting of a good hacker and a good electrical engineer who understands SCADA could accomplish the task from anywhere in the world.
SCADA systems are used primarily in the energy industry, where they monitor and control the movement of oil and natural gas through pipelines, as well as electrical power; they are also found in water systems performing similar functions. They used to be isolated from a company's main business networks and were independent, and often proprietary or homegrown, systems that created safe "islands of isolation," according to Teumim, who also serves as chair for the Control Systems Subcommittee of the Instrumentation, Systems, and Automation Society.
Two changes have taken place that have raised the threat level, says Teumim: "First, vendors began to use commercial hardware and software in their [SCADA] systems." These are the same operating …
Questia, a part of Gale, Cengage Learning. www.questia.com
Publication information: Article title: SCADA on Thin Ice: A Two-Person Team Consisting of a Good Hacker and a Good Electrical Engineer Could Wreak Havoc on Energy Systems from Anywhere in the World. (Tech Talk). Contributors: Piazza, Peter - Author. Magazine title: Security Management. Volume: 46. Issue: 10 Publication date: October 2002. Page number: 34+. © 1999 American Society for Industrial Security. COPYRIGHT 2002 Gale Group.
This material is protected by copyright and, with the exception of fair use, may not be further copied, distributed or transmitted in any form or by any means.