Is there a SCADA link in the Terry Childs incident in San Francisco?

San Francisco and SCADA Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?" I had planned on saying something at the Conference next week but I will bring up now. There are two aspects of the Terry Childs’ situation, the San Francisco IT Administrator who locked out his Department from the City WAN, that have interesting implications for SCADA/control systems. The first is he had installed over 1100 modems apparently no one knew about. Every company I have visited and talked about modems started the conversation with "I know where all of my modems are and whether they are connected". Suffice it to say after some detailed discussions or walkdowns, I have yet to find a single company that knew where all of their modems were and if they were actually connected. The second issue is one we were going to discuss at the Conference – the Hatch Nuclear Plant incident. What is the relevance? Obviously not everyone knew all of the interconnections. Again, I have found in many site visits and discussions that there are often unknown connections between the SCADA/control system networks and the Corporate IT networks. Consequently, I had a conversation with someone from the City of San Francisco Water Department that had attended an Infragard meeting I spoke at last year. I don’t believe that Terry Childs knew about the SCADA/control system networks when he changed passwords and installed his logic bomb (at least according to press reports). However, I seriously doubt if there has been a concerted effort to determine if there are unknown connections from the compromised IT network to the SCADA/control system networks. I know firsthand there are SCADA/control system networks, even in nuclear plants, that have connections to the Corporate IT network. Joe Weiss
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p>"I know firsthand there are SCADA/control system networks, even in nuclear plants, that have connections to the Corporate IT network." -- Well, that's what MES is all about, isn't it?</p> <p>As for Hatch, for me this qualifies as a security disaster. What we see here is a lack of documentation, a lack of training, a lack of policy, and a lack of appropriate security countermeasures. I bet 50 dollars that their firewalls hadn't been configured properly.</p> <p>Certainly we see undocumented, "wild" network connectivity in almost every risk assessment project. For the average cheese plant this may only be an area of concern, while it is completely unacceptable for a high security facility like a nuclear power plant. Just transfer this to a similar situation at a similar high security environment like an airport, where some office employee would use some not officially known access to the security zone in a funny way, thereby bringing airport operations to a halt. The existence of the unkown access point alone would be reason enough to fire the person in charge of security. If you can't control access, you can't be secure.</p>


  • <p>Part of the difficulty is that so often we see diagrams that show a cloud where the network architecture ought to be. Managers accept this because it is easier not to think about these details, and because all too frequently they don't have the technical prowess to understand it anyway.</p> <p>What we're dealing with is a lack of technically proficient people. We're building large, complex networks with loads of critical connections, and the people who manage these things are doing it using spit, chewing gum, and baling wire to hold it together. Then one day it breaks and nobody knows what on earth is going on.</p> <p>You might think I'm talking about Terry Childs, but I'm not. I'm talking about many industrial control systems and SCADA systems. We have got to get away the abstract appliance and service level agreement verbiage and start thinking about the actual devices and resources we're using.</p> <p>As Douglas Rushkoff's book title says: "Get Back in the Box"</p> <p>Jake Brodsky</p>


  • <p>Excellent point with the cloud in the diagram, Jake. More often than not, the cloud is an accurate symbol for "we actually don't know exactly what's there, it is as fuzzy as a cloud".</p> <p>One other thing that puzzles me about some network diagrams that I get to look at: Those provided by the IT department often end at the switches. What's connected to these switches seems to be of no particular concern for some network admins. A printer, a desktop PC, a control system... well, isn't that all the same?</p> <p>For those who approach network architecture with an attitude of ignorance for technical detail, and with generous use of fuzzy grey zones, incidents like Hatch are bound to happen. It's just a question of time.</p>


RSS feed for comments on this page | RSS feed for all comments