Water System Hack - The System Is Broken

Nov. 17, 2011
Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:
Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:
  • The disclosure was made by a state organization, but has not been disclosed by the Water ISAC, the DHS Daily unclassified report, the ICS-CERT, etc.  Consequently, none of the water utilities I have spoken to were aware of it.
  • It is believed the SCADA software vendor was hacked and customer usernames and passwords stolen.
  • The IP address of the attacker was traced back to Russia.
  • It is unknown if other water system SCADA users have been attacked.
  • Like Maroochy, minor glitches were observed in remote access to the SCADA system for 2-3 months before it was identified as a cyber attack.
  • There was damage – the SCADA system was powered on and off, burning out a water pump.
There are a number of actions that should be taken because of this incident.
  • Provide better coordination and disclosure by the government.
  • Provide better information sharing with industry.
  • Provide control system cybersecurity training and policies.
  • Implement control system forensics.
Joe Weiss 

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.