San Francisco and SCADA
Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?"
I had planned on saying something at the Conference next week but I will bring up now.
There are two aspects of the Terry Childs’ situation, the San Francisco IT Administrator who locked out his Department from the City WAN, that have interesting implications for SCADA/control systems.
The first is he had installed over 1100 modems apparently no one knew about.
Every company I have visited and talked about modems started the conversation with "I know where all of my modems are and whether they are connected". Suffice it to say after some detailed discussions or walkdowns, I have yet to find a single company that knew where all of their modems were and if they were actually connected.
The second issue is one we were going to discuss at the Conference – the Hatch Nuclear Plant incident. What is the relevance? Obviously not everyone knew all of the interconnections.
Again, I have found in many site visits and discussions that there are often unknown connections between the SCADA/control system networks and the Corporate IT networks.
Consequently, I had a conversation with someone from the City of San Francisco Water Department that had attended an Infragard meeting I spoke at last year. I don’t believe that Terry Childs knew about the SCADA/control system networks when he changed passwords and installed his logic bomb (at least according to press reports).
However, I seriously doubt if there has been a concerted effort to determine if there are unknown connections from the compromised IT network to the SCADA/control system networks.
I know firsthand there are SCADA/control system networks, even in nuclear plants, that have connections to the Corporate IT network.
Joe Weiss
Leaders relevant to this article: