Industrial IoT; ICS, SCADA, Cyberattacks, and plant hacks – key extracts
Internet of Things: When cyberattacks have physical effects
Federal officials, especially those at the Department of Homeland Security, are alert to cyber-physical threats to SCADA systems that control critical infrastructure. With the proliferation of IoT instrumentalities, we can expect greater interconnectivity and integration among control systems and controlled equipment. IoT endpoint devices will be employed for many purposes, including “informational” functions (e.g., status reports on condition and capacity) and those for “control” (e.g., activation/deactivation). Distinct to the now-emerging IoT “4th generation” of SCADA systems, control functionality will be increasingly automated with decisions made on a machine-to-machine basis, without human intervention.
Advanced manufacturing capabilities rely upon Industrial Control Systems (ICS). If we think of SCADA as large-scale control systems that typically cover a broad geographic area and multiple-site infrastructure systems (e.g., dams and irrigation, pipelines), ICS may be considered a subset of SCADA that refers to industrial automation and is more site-specific. Read more by Robert Metzger of law firm Rogers Joseph O’Donnell PC.
Water treatment plant hacked, chemical mix changed for tap supplies – Well, that’s just a little scary
The hack – which involved SQL injection and phishing – exposed KWC’s ageing AS/400-based operational control system because login credentials for the AS/400 were stored on the front-end web server. This system, which was connected to the internet, managed programmable logic controllers (PLCs) that regulated valves and ducts that controlled the flow of water and chemicals used to treat it through the system. Many critical IT and operational technology functions ran on a single AS400 system, a team of computer forensic experts from Verizon subsequently concluded….read more
A security checklist for SCADA systems in the cloud
Given the critical nature of operations that supervisory control and data acquisition (SCADA) systems manage, an article containing the words “cloud,” “SCADA” and “vulnerabilities” together should raise the hair on the necks of information security professionals. See 9 following areas that should be considered when evaluating cloud provider capabilities here
Physical Damage: SCADA Attacks Easily Theorized, Hard to Execute
See more at opendns