The Issue
It was a Trojan program inserted into SCADA system software that caused a massive natural gas explosion along the Trans-Siberian pipeline. The Washington Post reported the resulting fireball yielded "the most monumental non-nuclear explosion and fire ever seen from space."
Malicious hackers have discovered SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems) since reports of successful attacks began to emerge after 2001. A former hacker interviewed by PBS Frontline advised that "Penetrating a SCADA system that is running a Microsoft operating system takes less than two minutes."
DCS, SCADA, PLCs (Programmable Logic Controllers) and other legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic and railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and beverage lines, industrial processes, automotive assembly lines, and water treatment plants.
The History
There are a wide range of security technologies that can be used to protect the
corporate network, but these are less successful within a
production network. Software-based solutions (personal firewalls, anti-virus software) cannot run on some proprietary operating systems, due to lack of compatibility, and often can't be integrated into systems which use older processor technology -- because these lack the necessary performance.
The following table illustrates chronological history of publicly reported hacking incidents that provide a chilling insight into the problems and their potential for disruption and disaster. Some of these damaging exploits were kept secret for years.
"Some of these damaging exploits were kept secret for years."
| A Short Chronological List of Widely Reported Incidents of Hacking and Disruption |
| Feb 2009 |
Highly evasive Conficker/Downadup worm infects 12 million computers, stealing information. - BBC |
| Jun 2008 |
"Security Hole Exposes Utilities to Internet Attack" - Associated Press |
| May 2008 |
SCADA vulnerability...control software used by one-third of industrial plants. - SC Magazine |
| Mar 2008 |
Emergency 2-day shutdown of Hatch nuclear plant from software update on one business computer. |
| Feb 2008 |
Retail Chinese digital picture frame virus steals passwords and financial info. - SF Chronicle |
| Jan 2008 |
Hackers turn out the lights in multiple cities and demand extortion payments." - Associated Press |
| Sep 2007 |
DOE Idaho National Lab video shows the remote destruction of a large SCADA controlled generator. |
| Sep 2007 |
Hackers compromise Homeland Security computers, moving information to Chinese websites. - CNN |
| Jul 2007 |
3Com's security division demonstrates how SCADA system flaws can be exploited. |
| Nov 2007 |
"Insider Charged with Hacking California Canal System" - ComputerWorld |
| Nov 2007 |
"Solar Sunrise" - Three teenagers penetrate USAF logistic systems at Middle East support bases. |
| Aug 2007 |
"Hackers Take Down the Most Wired Country in Europe" for two weeks. - Wired Magazine |
| Jun 2006 |
"Information on SCADA systems can be found by a determined attacker." - US-CERT |
| Jan 2006 |
Homeland Security Conference - SCADA systems are vulnerable to intrusion. - UrgentComm |
| Jan 2006 |
"SCADA Security & Terrorism: We're Not Crying Wolf" conference presentation. - Xforce Security |
| Aug 2005 |
175 companies including Caterpillar, General Electric, UPS and DaimlerChrysler attacked by Zotob worm. |
| 2003-2005 |
Undetected for 2 years, Chinese Army downloads 10-20 terabytes data from Pentagon, DOE, others. |
| Aug 2003 |
CSX loses signaling & dispatch control over 23 state railroad due to a worm virus. - InformationWeek |
| 2003 |
"Cyber War" - PBS Frontline documents penetration of US utilities using commonly known methods. |
| Jan 2003 |
Davis-Besse nuclear plant safety monitoring system knocked offline 5-hours by the Slammer worm. |
| Jan 2003 |
"Slammer" worm infects 300,000 computers in the first 15 minutes, interrupting 911 and airlines. |
| Sep 2001 |
"Nimda" worm infects millions of computers causing billions of dollars in damage. Originator unknown. |
| Jul 2001 |
"Code Red" worm infects 300,000 computers in a month and then launches attack on White House web. |
| Apr 2000 |
Hackers succeeded in gaining control of the world's largest natural gas pipeline network (GAZPROM). |
| Apr 2000 |
Hacker uses a SCADA system to dump millions of gallons of sewage onto hotel grounds for 3 months. |
| 1998-2000 |
"Moonlight Maze" - For two years, hackers penetrated the Pentagon, NASA, DOE, university labs. |
| 1998 |
A 12-year-old hacks into Roosevelt Dam, with complete SCADA system control of massive floodgates. |
| 1997 |
"Eligible Receiver" - DOD & Joint Chief Command hacked in 48 hours with publicly available methods. |
| 1997 |
A teenager hacks into NYNEX and cuts off air/ground communication to Worchester Airport for 6 hours. |
| Many more incidents go unreported for reasons of national security or corporate embarrassment. Even more go undetected. Properly executed, successful hacks are undetectable and untraceable. |
View article on one page