Was A U.S. Water Utility Hacked Last Week?

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
You have to ask yourself why any computer that controls mission critical stuff (utilities, nuclear power plants, government secrets, etc.) can be accessed via the internet?

It appears that hackers breached the network of a company that makes SCADA (supervisory control and data acquisition) and stole customer usernames and passwords, said Joe Weiss, managing partner of Applied Control Solutions. "There was damage--the SCADA system was powered on and off, burning out a water pump," he wrote in a brief blog post.
Click to expand...
 
These utilties also have data connections to other utities for scada systems to talk...electric utilities with interconected grids. They also have vpn connections for manufacturers like ABB and GE to connect to for configuration and monitoring which poses a potention hole in the system. There is a million more ways for a hacker to knock out a control system than with just a computer. The utility probably has plcs and other devices hanging on the network too. For the most part these systems are data islands but they usually do have other ways in....
 
Nuc_E said:
Nice try, but no.
Click to expand...

I still want to know how Steve thinks that control systems for nuclear power plants can be hacked and accessed from the internet...especially since they are mostly analog, and those that are digital systems that have some sort of computer control are completely isolated from any external networks and are located inside secured vital areas inside the plant.
 
bink said:
These utilties also have data connections to other utities for scada systems to talk...electric utilities with interconected grids. They also have vpn connections for manufacturers like ABB and GE to connect to for configuration and monitoring which poses a potention hole in the system. There is a million more ways for a hacker to knock out a control system than with just a computer. The utility probably has plcs and other devices hanging on the network too. For the most part these systems are data islands but they usually do have other ways in....
Click to expand...

+1
I worked on a mobile water treatment system for a number of years and it was explicitly set up to monitor operations from the Internet at large. The only "firewall" between being able to monitor and being able to control was a shitty Allen Bradley appliance.

There are lots of systems out there that are potentially vulnerable. Doesn't take a genius to fix the situation by implementing proper networking topology but that's work that still needs to be done in a lot of places.
 
Must be a record breaking year in terms of numbers of hacking cases this year :(
 
Lots of utilities are way way way behind in the IT department. Utilities are slow adopters. They resist change. IT things like cyber security are fancy and more expensive than not having them. I don't enjoy tons of government control, but if the government wasn't forcing them to upgrade a little, they wouldn't.
 
Nuc_E said:
I still want to know how Steve thinks that control systems for nuclear power plants can be hacked and accessed from the internet...especially since they are mostly analog, and those that are digital systems that have some sort of computer control are completely isolated from any external networks and are located inside secured vital areas inside the plant.
Click to expand...

Professional troll that replies to himself?
 
A lot of the people putting this systems are IE/ME's that were not really IT trained. This wasn't an issue until HMI's started moving to ethernet vs devicenet/serial.

On the otherhand, their network engineer should have known better than to make the devices routeable, and not behind a firewall/isolated network.
 
You must log in or register to reply here.
Back
Top