This blog has long been warning of the vulnerability of CNI (Critical National Infrastructure) SCADA (Supervisory Control and Data Acquisition) systems to hacking attacks. Over 85% of CNI is owned and managed by the private sector.
Last year, Keith Rhodes, who is responsible for testing the security of US SCADA systems on behalf of the US Government, visited the UK DEMOS "think tank" to deliver a chilling warning about the vulnerabilities of such systems, highlighting in particular threats from lone wi-fi devices, rogue modems, weak intrusion detection, social engineering, insiders, live buildings (multi-tenancy using common built-in Ethernet), script kiddies, PDAs, and mobile storage devices such as datasticks.
Now it seems prediction is becoming reality, according to Forbes, which carried the following news story on 18 January under the heading: Hackers Cut Cities’ Power:
Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday, those warnings quietly became a reality: Tom Donahue, a CIA official, revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and "in at least one case, caused a power outage affecting multiple cities." "We do not know who executed these attacks or why, but all involved intrusions through the Internet," Donahue said in a statement. "We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge." For more on this story, click here.
SCADA vulnerabilities is one of the subjects addressed in ARC Training’s new training programme Protecting Critical Infrastructure, which takes place 14-18 July 2008.