� Whale Farts | Main | Getting Used to Arnold �

August 15, 2003

SCADA Hacks

I hate to admit it, but as soon as the words 'modernize' came out of our President's mouth in regards to what needs to be done about the power grid, I wondered which energy companies he had been talking to this morning. This is not a technology problem. This is a process problem. We'll know more details in time.

Nevertheless my curiosity tends toward the infrastructural difference between power grids and peer networks. The internet works if you blow up any piece of it, but the power grid can have cascading failures. Why? I'm looking to find out soon.

What's clear is that the internet, which is more robust than the power grid can be hacked. Isn't the power grid then even more vulnerable to hacks? Probably so. It's not clear that they are as susceptible, however.

Meanwhile, here are some interesting links:

SCADA Hack One


To destroy a dam physically would require "tons of explosives," Assistant Attorney General Michael Chertoff said a year ago. To breach it from cyberspace is not out of the question. In 1998, a 12-year-old hacker, exploring on a lark, broke into the computer system that runs Arizona's Roosevelt Dam. He did not know or care, but federal authorities said he had complete command of the SCADA system controlling the dam's massive floodgates.

Roosevelt Dam holds back as much as 1.5 million acre-feet of water, or 489 trillion gallons. That volume could theoretically cover the city of Phoenix, down river, to a height of five feet. In practice, that could not happen. Before the water reached the Arizona capital, the rampant Salt River would spend most of itself in a flood plain encompassing the cities of Mesa and Tempe -- with a combined population of nearly a million.

SCADA Hack Two:

Paul Blomgren, manager of sales engineering at cyber-
security firm Rainbow Mykotronx in Torrance, Calif., measures control system vulnerabilities. Last year, his company assessed a large southwestern utility that serves about four million customers.

"Our people drove to a remote substation," he recalled. "Without leaving their vehicle, they noticed a wireless network antenna. They plugged in their wireless LAN cards, fired up their notebook computers, and connected to the system within five minutes because it wasn't using passwords.

"Within 10 minutes, they had mapped every piece of equipment in the facility," Blomgren said. "Within 15 minutes, they mapped every piece of equipment in the operational control network. Within 20 minutes, they were talking to the business network and had pulled off several business reports. They never even left the vehicle."

SCADA Hack Three

Posted by mbowen at August 15, 2003 12:18 PM

Trackback Pings

TrackBack URL for this entry:
http://www.visioncircle.org/mt/mt-tb.cgi/494

Comments

Well. That's not good.

Posted by: Prometheus 6 at August 15, 2003 11:04 PM