Own your local SCADA!24/08/2007 Written by minor
Doing penetration tests can bring sometimes surprising results. But doing penetration tests on critical targets should not bring any surprising results. As Forbes few days ago informed, Scott Lunsford was offered to penetrate into nuclear power station.
As owner of the plant claimed, critical components could not né accessed from the Internet.“It turned out to be one of the easiest penetration tests I’d ever done,” Lunsford said.
He added: “By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant.” System was powered by SCADA software. Ganesh Devarajan from Tipping Point presented at DefCon his security research on SCADA systems and possibilities to find vulnerabilities inside. No doubt this system is vulnerable, because it is not publicly available, so there is no pressure from users to fix possible vulnerabilities.
Another fact is, that system was designed in the time, there was no internet connection, so this explains, why developers were not concerning about possible security issues.
When connecting this revelation to fact, that Internet is weapon, we come to conclusion, that single attacker can cause great damage affecting thousands of citizens. For example, with one owned SCADA in nuclear power station you have weapon of mass destruction. Enough, or?