Nov 21, 2011

Was the destruction of water system equipment by hackers a wake up call or a fluke event?

There was news over the weekend about a municipal water company in Illinois having hackers access their systems remotely and destroying some of the equipment.  See: http://www.bbc.co.uk/news/technology-15817335

I never thought of this type of damage to physical infrastructure as a potential issue, but I was obviously living in oblivion. What level of problem does this attack reveal? Is it really a serious issue, or was it just a case of a small local entity having sub-par security in place?



I also think it is an important wake-up call.  I can't believe that there was such an obvious vulnerability in such an important public utility.  Apparently this attack was launched by hackers in Russia.  It could be replicated by hackers from Iran, North Korea, or anywhere else.  I think these Russian hackers did us a favor by exposing the vulnerability present in a small water system.  Considering the publicity, other H2O systems would have to be complete and utter idiots not to reexamine their security procedures in light of this.  Especially any that are foolish enough to have internet facing server frontends.  


First of all, the freakin' IP address used to hack the system was in Russia.  Haven't people heard of IP address filtering.  It's a good start, and pretty darn standard for companies that utilize remote assistance to require it be performed from a static IP.  Secondly, why the heck wouldn't critical systems, like, ohhhh, fresh water systems, have one-way VPNs in place.  It isn't rocket science.


In the BBC article that was linked to the original question, there was an interview from Threat Post with the purported hacker, and he claimed to have access to the control system for a waste water treatment plant in Texas.  The hacker said that it wasn't even really deserving of the term "hack" in light of the three (THREE!) character password chosen to "protect" the system.  If people are really being that sloppy and/or lazy, we really do have a serious issue that must be addressed ASAP!


Hi delia25,

I'd consider it a wake up call. It's not really surprising that such a thing has happened. Those sorts of infrastructure devices are perfect for hackers to go after. So I think, unfortunately, we'll see more incidents like that happen in the future.

Here's an article that looks at it and recommends some changes to protect systems:

Water Utility Hacked: Are Our SCADA Systems at Risk?

"With the stakes so high, it is important for SCADA networks to ramp up awareness and defensive capabilities. Marcus recommends that SCADA admins do the following:

Include “cyber” in all risk management
Set up extensive penetration testing
Set up extensive counter-social engineering training
Put a SCADA-specific CERT plan and team in place
Network with law enforcement at all levels
Expect to get attacked and take appropriate countermeasures"
Answer this