In this fifth article in a series focusing on the need for improved information assurance and cyber situational awareness in the electric power industry, we begin a survey of government and industry consensus about the need for increased security of SCADA systems in the power industry.
Experts have warned throughout the 1990s and this decade that power systems are vulnerable to attack. From a strategic perspective, more important than individual criminals or criminal gangs are ideologically- and militarily-motivated attackers. Hacktivists are politically-motivated criminal hackers; one advocate of hacktivism wrote that it is "a policy of hacking, phreaking or creating technology to achieve a political or social goal."[1] Terrorists are non-state actors; state-sponsored hackers are paid by their governments to hack.
1998 US DoE Computers Vulnerable to Hacking
Peter G. Neumann wrote the following terse summary in the Risks Forum Digest of a story by Brock N. Meeks that had been posted on MSNBC on May 29, 1998 [but which is no longer available online as far as I can determine in mid-September 2010].
An internal review of 64,000 unclassified computer systems throughout all major Department of Energy facilities has found serious security lapses, including the presence of classified and sensitive nuclear weapons information on 1,400 systems open to anyone on the Internet. This has stimulated a "contamination clean-up." Los Alamos alone has had 15 security breaches since November 1997. Apparently ftp reads — and *writes* — and readable password files are major problems.[2]
2002 Cyber-Attacks by Al Qaeda Feared
Shortly after the 2001 9/11 attacks on the World Trade Center, investigators began noting a pattern of reconnaissance from the Middle East and south Asia targeting U.S. infrastructure. For example, Barton Gellman of the Washington Post wrote an extensive report which began"
Late last fall [i.e., in 2001], Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad.
Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.
Some of the probes suggested planning for a conventional attack, U.S. officials said. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of equipment such as pipelines. More information about those devices – and how to program them – turned up on al Qaeda computers seized this year, according to law enforcement and national security officials.[3]
Gellman's well-researched report quoted Ronald Dick, director of the FBI's National Infrastructure Protection Center, as saying "The event I fear most is a physical attack in conjunction with a successful cyber-attack on the responders' 911 system or on the power grid" at an InfraGard[4] meeting in Niagara Falls on June 12, 2002. In an interview, he added that such combined attacks could mean that "the first responders couldn't get there . . . and water didn't flow, hospitals didn't have power. Is that an unreasonable scenario? Not in this world. And that keeps me awake at night."
U.S. intelligence reported that a raid on Al Qaeda offices near Kabul, Afghanistan in January 2002 found "A computer …[containing] models of a dam, made with structural architecture and engineering software, that enabled the planners to simulate its catastrophic failure." Gellman added, "The FBI reported that the computer had been running Microstran, an advanced tool for analyzing steel and concrete structures; Autocad 2000, which manipulates technical drawings in two or three dimensions; and software 'used to identify and classify soils,' which would assist in predicting the course of a wall of water surging downstream."
A significant discovery demonstrating the feasibility of attacks on SCADA systems was the arrest of Vitek Boden in Queensland, Australia on April 23, 2000. Gellman explained that Boden had systematically been sabotaging the SCADA systems of the Maroochy Shire wastewater system for over two months. Using a computer and a radio transmitter, he had successfully inserted a false "pumping station 4" and disabled alarms to prevent discovery of his 46 successful intrusions. Using his control over 300 SCADA nodes, this SCADA expert dumped "hundreds of thousands of gallons of putrid sludge into parks, rivers and the manicured grounds of a Hyatt Regency hotel." Apparently Boden was hoping to offer his services as a consultant to solve the mysterious problems.
Gellman wrote that Richard Clarke, the cyber-security adviser to the administration at the time, was "Exasperated by companies seeking proof that they are targets." He warned, "It doesn't matter whether it's al Qaeda or a nation-state or the teenage kid up the street. Who does the damage to you is far less important than the fact that damage can be done. You've got to focus on your vulnerability . . . and not wait for the FBI to tell you that al Qaeda has you in its sights."
* * *
The summary of a consensus about SCADA and electric power vulnerabilities continues in the next article in this series.
Endnoteshome page
[1] metac0m 2003
[2] Neumann 1998
[3] Gellman 2002
[4] InfraGard organization
BibliographyWashington Post. June 27, 2002. (accessed Sept 12, 2010).What is Hacktivism? 2.0." The Hacktivist. December 2003. (accessed Sept. 12, 2010).U.S. Department of Energy computer security risks." Risks Digest. Edited by Peter G. Neumann. Committee on Computers and Public Policy. Jun 16, 1998. (accessed Sept. 12, 2010).
• Gellman, Barton. "Cyber-Attacks by Al Qaeda Feared: Terrorists at Threshold of Using Internet as Tool of Bloodshed, Experts Say."
• metac0m. "
• Neumann, Peter G. "