Hacking The Industrial SCADA Network

By Frank Dickman, BSMAE, RCDD | November 2009 Vol. 236 No. 11
Buyer's Guide

It was a Trojan program inserted into SCADA system software that caused a massive natural gas explosion along the Trans-Siberian pipeline in 1982. A newspaper reported the resulting fireball yielded “the most monumental non-nuclear explosion and fire ever seen from space.”

Malicious hackers have discovered supervisory control and data acquisition (SCADA) and distributed control systems (DCS) since reports of successful attacks began to emerge after 2001. A former hacker interviewed by PBS Frontline advised that “Penetrating a SCADA system that is running a Microsoft operating system takes less than two minutes.”

DCS, SCADA, programmable logic controllers (PLCs) and other legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic control, railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and beverage lines, industrial processes, automotive assembly lines, and water treatment plants.

The History
There are a wide range of security technologies that can be used to protect the corporate network, but these are less successful within a production network. Software-based solutions (personal firewalls, anti-virus software) cannot run on some proprietary operating systems, due to lack of compatibility, and often can’t be integrated into systems which use older processor technology – because these lack the necessary performance.

A table nearby illustrates a chronological history of publicly reported hacking incidents that provide a chilling insight into the problems and their potential for disruption and disaster. Some of these damaging exploits were kept secret for years.

A Short Chronological List.jpg

The threat comes in many forms. It does not need to be an intelligently directed attack. The non-intelligent Slammer worm, which covered the globe in 30 minutes, infected business and Pentagon computers in the first eight minutes and caused $3 billion in damage to Wall Street.

Oil and Gas Distribution
The 3-kiloton Trans-Siberian natural gas pipeline explosion mentioned in the opening paragraph occurred during the Reagan administration. The event was initially acknowledged by a Russian general, and then subsequently denied by the Russian press, and kept secret within the CIA until 2004, when details were released upon publication of the Cold War memoirs of a retired insider. The events and methodology were explained and later presented in security testimony before the U.S. House of Representatives. The story was reviewed by the Washington Post. Details are available for research in the full copy of the White Paper on which this article is based.

Beyond the dangers of deliberate, destructive sabotage, are the financial and economic business risks. These need not involve terrorist attacks or the intervention of foreign powers.

Pipeline data is collected continuously from custody transfer meters and consortium pumping stations along hundreds and thousands of miles of distribution pipeline. There are millions of dollars involved in the simple reporting of quality data as recorded electronically from the gathering field and delivery point. And there are millions of dollars potentially disputed by the receiving refinery when they report that the delivery contained four-tenths of a percent of water rather than the two-tenths percent water content for which they were being billed.