Is there a SCADA link in the Terry Childs incident in San Francisco?

July 30, 2008
San Francisco and SCADA Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?" I had planned on saying something at the Conference next week but I will bring up now. There are two aspects of the Terry Childs’ situation, the San Francisco IT Administrator who locked out his Department from the City WAN, that have interesting implications for SCADA/...
San Francisco and SCADA Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?" I had planned on saying something at the Conference next week but I will bring up now. There are two aspects of the Terry Childs’ situation, the San Francisco IT Administrator who locked out his Department from the City WAN, that have interesting implications for SCADA/control systems. The first is he had installed over 1100 modems apparently no one knew about. Every company I have visited and talked about modems started the conversation with "I know where all of my modems are and whether they are connected". Suffice it to say after some detailed discussions or walkdowns, I have yet to find a single company that knew where all of their modems were and if they were actually connected. The second issue is one we were going to discuss at the Conference – the Hatch Nuclear Plant incident. What is the relevance? Obviously not everyone knew all of the interconnections. Again, I have found in many site visits and discussions that there are often unknown connections between the SCADA/control system networks and the Corporate IT networks. Consequently, I had a conversation with someone from the City of San Francisco Water Department that had attended an Infragard meeting I spoke at last year. I don’t believe that Terry Childs knew about the SCADA/control system networks when he changed passwords and installed his logic bomb (at least according to press reports). However, I seriously doubt if there has been a concerted effort to determine if there are unknown connections from the compromised IT network to the SCADA/control system networks. I know firsthand there are SCADA/control system networks, even in nuclear plants, that have connections to the Corporate IT network. Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.