Thursday, December 29, 2011

AST-0037863_The_In_Security_State_of_SCADA_Software_Systems.pdf (application/pdf Object)

AST-0037863_The_In_Security_State_of_SCADA_Software_Systems.pdf (application/pdf Object)

This is a real vulnerability to our power, water, waste, and transportation grids. SCADA systems, are integral to the operation of many of our infrastructure operations. The SCADA system is the program that operates these systems, it controls many subroutines, some of which are PLC's or programmable logic controllers. These are very simple command processors, that control key valves, gates, temperature controls. They also can be input devices taking reading from limit switches, and thermostats, to tell the SCADA system what the state of object is. The controls are so simple that a few lines of code will completely change the readings or operations of a PLC, giving the SCADA false information. Like is a gate really closed in a prison, or water plant, is a valve really closed to a waste water containment vessel. It can even turn on all the traffic lights to green on a critical intersection.

In a hospital, many operations are controlled by SCADA type systems, as are elevators in highrises, or the fire suppression systems in a school, there are to many to mention. If hackers, or worse terrorists attack these systems, it could be devastating to US infrastructure. In many cases, we may not even be aware of the attack, for days, even weeks. It will be blamed on maintiance workers, or bad mechanical gear. By the time it is figured out that the software is cycling a gear on and off to the point of failure, many will have changed out motors and valves to solve the issue.

The programmer does not even have to be that good, just changing the code in some way, can cause problems that would be hard to diagnose. In fact a small change could cause such intermittent problems that it could be a long time before someone would even think to look at the software.

A big part of the security for these systems will be in providing good physical security, that will detect anytime the PLC's are accessed. This means the software experts will need to work hand in hand with physical security experts to insure the integrity of the systems. The normal separation of physical and software security will not provide the protection needed.

No comments:

Post a Comment