There is a great debate over who is responsible for the latest propagation of malware targeting Supervisory Control And Data Acquisition (SCADA) systems but the facts are clear; We now have malware capable of inflicting damage to real physical equipment and processes. SCADA systems are used in nearly every industrial process, from water treatment plants to nuclear reactors – it is the system that runs nearly every sensor, motor, valve and machine in an industrial process. Over the last few decades these systems have been integrating into computer networks to share industrial process data and sensor readings for companies to better understand their processes and find ways to improve efficiency and safety.
With these systems being integrated at some point with a computer network it has inevitable that they would be hacked or would be exposed to malware. There have been rumors of attacks for years now, most have been dismissed as fear-mongering and many vendors selling and implementing these systems have turned a blind-eye to securing their software and hardware.
The first well documented case of malware infecting a SCADA network was a worm called StuxNet, which targeted nuclear material processing equipment in Iran, specifically the centrifuges that are thought to be used for enriching uranium to a fissile strength capable of being used in a nuclear bomb. This worm targeted a specific brand and model of SCADA systems used at the processing plants in Iran, but also in many industrial systems across the world. Once executed on a network with Programmable Logic Controllers (PLC’s), the worm would inject code into the PLCs and lay dormant – waiting for a kill command. PLC’s are the arms and hands of a SCADA network, they are responsible for opening and closing valves, monitoring pressures and temperatures and setting motor speeds.
Recently another worm targeting SCADA networks called Stars was found again in Iran, this time it seams to be merely a spying malware and not one capable of manipulating industrial contols. Although innocuous, it shows that there is growing knowledge of how to attack these systems and as these networks get more integrated into the business computer networks they will undoubtedly come under heavy fire by malware and hackers alike.
Many industrial engineers and plant managers across the world have started to take a defensive stance when it comes to opening their SCADA systems up to company networks. Many have implemented physical fail-safes into their SCADA environments to prevent malicious hackers or malware from causing death and destruction. Many have started to adopt security best-practices at their sites knowing that they are no longer isolated from the dangers of the internet.
More needs to be done to protect these systems. More security practices need to be adopted by the front-line engineers at the sites that run the systems, more processes and practices need to be applied by the companies that own these sites. More security safeguards need to be implemented and pushed down from the vendors that develop these systems. And there needs to be more communication about the threats posed against these systems, the attacks/malware being used against them and the ways systems have defended against the attacks.