Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Gain "Full Control" of Critical SCADA Systems

Posted by samzenpus on from the protect-ya-neck dept.

mask.of.sanity writes "Researchers have found holes in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. They also identified more than 150 zero day vulnerabilities of varying degrees of severity affecting the control systems and some 60,000 industrial control system devices exposed to the public internet."

8 of 195 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  2. i hope people with SCADA systems learned. by Gravis+Zero · · Score: 5, Informative

    do NOT connect SCADA systems to the internet.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re: i hope people with SCADA systems learned. by aaarrrgggh · · Score: 5, Interesting

      The problem with making some of these systems inaccessible means they have almost no real functionality at that point. Using the tritium JACEs as an example, the whole point of them is the network, and to exchange information in higher level protocols.

      In the old days we separated systems and interfaces between systems with relays and analog i/o. While it worked then, now we have 100x points (many diagnostic rather than control) and it just isn't practical. Today's practical solution would be the SCADA as primary, with a lot of hard-wired safety interlocks. The problem is there really is a shortage of people that can troubleshoot those things, so it is likely to be disabled within 5-10 years, or once needs change.

      Proper security is hard, and when 80% of it is in a black box provided by a (adversarial) third party, this is what you get.

  3. Some of them expose to the internet via VNC... by M0HCN · · Score: 5, Informative

    At 30C3 someone ran a portscan on the VNC port of the entire IPv4 internet, with 'interesting' results, highlights of which included a swimming pool chemical dosing control system, various power generation and control systems, building environmental control systems, air handlers, all sorts of wild and whacky things, some of them lacking in even the rudiments of passwords never mind proper crypto....

    The best one looked to me like a medium voltage distribution cabinet where the setpoints on the overload trips looked like they could be reconfigured from the internet!

    Ahh the things you can do in reasonable time with a 100Gb/s of bandwidth, the rsulting slides at the closing event (which is where I ran across it) were very, very scary.

    SCADA on the internet is a really, really bad thing.

    73 M0HCN. :wq

  4. Re:These issues have been flagged for 10 years by Anonymous Coward · · Score: 5, Informative

    It's not about sympathy, it's about the effective destruction of our entire infrastructure without dropping a single bomb. The first sign that China or Russia is at war with us will be all our utilities and factories going dark. This is everyone's concern.

  5. Re:These systems are a product liability nightmare by I_have_a_life · · Score: 5, Interesting

    The problem isn't Windows (not sure if you are implying this or not). It's a convergence of factors which make patching systems a veritable nightmare in the process control systems.

    1. The people who run the plant are trying to squeeze the maximum amount of yield from their plant. Shutting down a SCADA system so that it can be patched and tested may literally cost them millions of dollars per hour. Furthermore, the cost of upgrading is not looked upon kindly unless it's going to help you create more of product X at a lower price. You may argue that the greater good is more important than money but these guys aren't listening to that.

    2. These industries are rife with rules and regulations that further inflate the cost of patching systems. In the pharmaceutical industry the cost of applying a single patch may run well into the millions of dollars because every change has to be meticulously audited.

    3. IT is often outsourced to third parties in order to control costs. The downside of ceding control of your own infrastructure is that even something mundane like changing a firewall rule has a process which costs money and resources.

    4. There is an old-school engineering mentality that is pervasive based on the old adage "if it ain't broke don't fix it". No person involved in the industry wants to find problems. They want the plant to produce and they expect the hardware and software they buy to produce - untouched - for 20-30 years.

    I have seen crazy things at plant floors. Control systems still running on Windows NT, operators sharing credentials, copying files from one system to another using thumb drives because the network does not allow files-haring.

  6. Re:These systems are a product liability nightmare by Anonymous Coward · · Score: 5, Insightful

    Updating breaks now with near certainty. Not updating breaks later with a lower probability. Easy choice,

    Sad, but true.

  7. Re:These systems are a product liability nightmare by dkf · · Score: 5, Insightful

    There is an old-school engineering mentality that is pervasive based on the old adage "if it ain't broke don't fix it".

    The problem with that is, by putting it on the internet, they've broken it (even if the breakage hasn't hit home yet). Nobody wants to admit that they've done that, but it's their own damn fault. A good start to fixing things would be to airgap the SCADA network from the internet, and if connecting is necessary at all, to use a good double firewall with hardened DMZ machine in between. The DMZ can be locked down hard and updated carefully, and it doesn't need to ever hold systems that need careful certifying as it should never be in the control loop; just out of band monitoring.

    --
    "Little does he know, but there is no 'I' in 'Idiot'!"