All Things SCADA
May 12, 2019 at 4:23 pm #96532SpoonParticipant
I felt like I was hijaking the Merchant Marine thread but I think this subject is worthy of discussion because it sounds like a significant national security threat but I don’t know a whole lot about it as I suspect others do not as well. I will start of with that my understanding is that SCADA networks are isolated from the internet. Anybody with knowledge feel free to drop on us ignorant people.
May 14, 2019 at 9:19 am #96533
May 15, 2019 at 2:12 pm #96534
SCADA is a topic a mile deep. Think about all of the industry that uses machines, those machines are controlled *somehow*. That somehow are SCADA systems. Generally they are isolated ‘networks’ that provide control and supervision of the operations of the widget. In a lot of cases, there is a bridge between the IT network and the ICS network and this is a 2 way street for the bad guys. They can compromise the ICS network, then move laterally into the IT network or the reverse… Phish a user on the IT network, then find the bridge to the ICS network.
reference this analysis:
This is the first known malware that targets SAFETY systems. Compromises here can cost lives. This could be a big deal.
SCADA systems do fall within the National Critical Infrastructure realm and to those whose job it is to defend this stuff, we have our work cut out for us for sure.
Take a look at one analysis done by US-CERT and you can get the idea how this can work.
Here is how it went down already in the real world:
Welcome to my world.
May 17, 2019 at 9:30 am #96535SpoonParticipant
@seant… Thank you… Great information. Yeah I definitely underestimated that threat. The biggest question that comes to mind is how much attention does the federal government pay to this threat. Seems to me that there should regulation against bridging IT and ICS networks. But that doesn’t seem to be the case. Makes me think that not a lot of attention being paid to the threat. Albeit that would defend against a fifth column threat mentioned by Joe.
May 17, 2019 at 10:41 am #96536JohnnyMacParticipant
Generally they are isolated ‘networks’ that provide control and supervision of the operations of the widget
In my experience, it’s a super complicated cornucopia of software/applications within medium/large companies, some “connecting” to each other, or relying on an internet connection, sometimes not.
I’ve experienced a business-wide, crippling cyber attack. It was rough. It made some things difficult (very few things impossible), nothing unsafe.
In a separate organization, if there were a catastrophic failure, the potential public fatality numbers were estimated at 10,000 people from a risk assessment, if I remember correctly. There was obviously significant redundancies built into the systems, primarily electro-mechanical. A cyber attack would not have affected any of the casualty producing processes (short of maybe a few employees). The systems were “fail safe”, should water/electric/steam/etc be cut off. Physical threats/terrorism were a bigger threat, at least in my opinion.
Are there potentially gaping holes in some random company out there that could cause widespread catastrophe, probably, but my point is that it’s not widespread. I would classify the risk as “a serious nuisance”, like a major hurricane or similar, not “republic ending”.
May 17, 2019 at 11:07 am #96537Joe (G.W.N.S.)Moderator
Not all cyber attacks are created equal, a wide variety of capabilities are out there.
I’ll throw another little tidbit out there regarding SCADA…
…it’s not just a software and network communication issue.
May 17, 2019 at 11:33 am #96538MaxKeymaster
People still aren’t getting it, thinking I’m making this shit up like Chicken Little. We have always been ultra rational on this site, ebola, whatever. People just don’t know. The capability is there to shut the grid down. That’s not a company specific threat.
It’s a big issue at fedgov level. And it is not easy to fix. Who read the linked article, which in itself played the threat down? You have layers of systems reliant on each other, some with commodore 64 level IT, but you have to bw careful because ‘fixing’ one thing can break others down the line. It is a complex and vulnerable system. Even systems that are supposed off the network can be accessed when the tech guy plugs in with a wifi enabled sytem. Etc.
Anyway, TMI. Believe it. Not to say it will happen tomorrow, but state actors such as china have invested a lot of effort to breaking into systems. Given they supply the IT with backdoors built in, not so hard. Capability is out there and it is country-crippling if actioned.
May 18, 2019 at 7:38 am #96539
Max definitely in not making things up. It’s mostly the Russian actors mucking about in ICS but other Nations also. The Chinese are pretty skillful in Cyber too. They have different motivations.
FedGov worries significantly about this type threat snd is working to consolidate and change the structures that support defense of these systems. Regulation here really won’t work. No real way to enforce compliance. The .gov didn’t help itself last year that well in going all chicken little about the Russians in the networks in their public disclosures but that is more about how to produce the info from classified reporting and get it to a tear line level then combine it.
May 21, 2019 at 2:32 pm #96540
- You must be logged in to reply to this topic.