SCADA Watch: America's Hackable Backbone

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Forbes.com (hat-tip: zone-h news).

[snip]

The first time Scott Lunsford offered to hack into a nuclear power station,
he was told it would be impossible. There was no way, the plant's owners
claimed, that their critical components could be accessed from the
Internet. Lunsford, a researcher for IBM's Internet Security Systems, found
otherwise.

"It turned out to be one of the easiest penetration tests I'd ever done,"
he says. "By the first day, we had penetrated the network. Within a week,
we were controlling a nuclear power plant. I thought, 'Gosh. This is a big
problem.'"

In retrospect, Lunsford says--and the Nuclear Regulatory Commission
agrees--that government-mandated safeguards would have prevented him from
triggering a nuclear meltdown. But he's fairly certain that by accessing
controls through the company's network, he could have sabotaged the power
supply to a large portion of the state. "It would have been as simple as
closing a valve," he says.

[snip]

More:
http://www.forbes.com/home/security/2007/08/22/scada-hackers-infrastructure
- -tech-security-cx_ag_0822hack.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFGzxo1q1pz9mNUZTMRAn2uAJ9Gjm2BZmCku334qUB9U1RJiaM6+ACeNPDD
68K5Wp99k1g6SQ9tVCtWHlw=
=mczz
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.