So ask yourself who might be interested. Criminals, perhaps? Well, guess what's controlled by these very same SCADA systems: prisons:
So what can you do via a hacked prison SCADA system? Everything: turn the lights on or off, open the cell doors, shut down the CCTV monitoring systems. And control what information is shown to the guards - for example, you could open cell doors while having the display in the control room show that they were closed.
Strauchs began his project to investigate the security of industrial control systems in prisons after he was asked to investigate an incident during which all the cell doors on one (unnamed) prison's death row spontaneously opened. The cause was eventually traced back to a random power surge, but the incident got Strauchs thinking and prompted him to have a closer look at the security of industrial control systems in prisons.
Industrial control systems in prisons have no business being connected to the internet. Despite this, the team of researchers led by Strauchs discovered every prison system they looked at was connected to the internet one way or another.
What could possibly go wrong?
Connected to the Internet. Sheesh. I can fix that one ...
The Register article makes it sound like this presentation was very similar to the one Strauchs et al gave at DEFCON 19 earlier this year.
ReplyDeleteIn case anyone's interested, here's a link to their white paper.
What I the Good Lord's name is with this obsession with connecting nearly unsecured vital systems to the internet? Does everyone in charge have no imagination at all? WTF is wrong with these people? If you want to pass status reports and such back and forth, how hard would it be to put a PDF file from the system or something like it on a thumb drive, unplug, spin chair, plug into the connected terminal, scan load and send it?
ReplyDeleteWV: supewin; It's gonna be a supewin when some villain crashes all these systems at the same time.