By Jack Ganssle
Governors and others frequently bemoan the lack of investment being made
in crumbling infrastructure. Bridges, tunnels and the rest of the brick
and mortar that enables our lives are in disrepair, and we're told
things are getting worse. Shrinking budgets insure that repairs will
continue to fall behind. Pundits also say the electric grid is old and
not capable of meeting 21st century needs.
I recently met with a control engineer who works for a large
metropolitan water company. He's concerned about another kind of
infrastructure " the digital one that monitors and controls factories
and other large plants (including water plants, of course). These
ubiquitous SCADA systems (supervisory control and data acquisition)
often handle extremely high power actuators, like multi-thousand
Industrial automation equipment often runs for decades or longer. Years
ago, when working on a system in a steel mill, I came across a huge
motor stamped with a manufacturing date of 1899. It was still in
service. The electronics, too, often runs for decades.
That's a testament to great engineering and manufacturing, and is also
potentially a great hazard. These systems were largely designed before
security became an important issue. Many have been almost haphazardly
connected to the Internet in the intervening years, when management sees
the 'net as an easy way to monitor remotely and save money.
I have been told (by the NSA) that a Tylenol factory has been hacked. In
2003 a worm shut down all safety monitoring on an Ohio nuke plant for
five hours. Vancouver's traffic lights have been compromised. A
14-year-old turned the Polish city of Lodz's trams into his own giant
train set, derailing four cars and injuring at least a dozen people.
There are many more instances.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!