SCADA – supervisory control and data acquisition

I doubt most people heard about the water treatment facility that had their SCADA system hacked a few days ago that ultimately led to the facility to shutdown for several hours in Illinois.  Most Americans don’t even know what this system does for us or just how critical it is to our daily lives until its too late and the systems are offline.

As the title suggests, SCADA stands for supervisory control and data acquisition.  In simple terms, it is a networked systems of switches, monitoring devices, control systems, and primary computer systems.  All of these together make it possible to run a facility, like a water treatment plant, without people physically having to be on-site.  The following industries have used or are currently using SCADA systems in their facilities:

  • electricity
  • water treatment
  • nuclear power
  • natural gas
  • petroleum
  • chemical

Now, hold on, I haven’t even gotten to the scary part yet.  Most of these industries have one thing in common.  They are in whole or part regulated by the Federal Government that use their own set of SCADA systems that, you guessed it, monitor the industrial SCADA systems on-site.  Sort of like a watchdog for the watchdogs.  Here is the really scary part……  they’re online!  As in, most of these systems with exception for most nuclear plants and chemical plants, can be accessed remotely from any computer with a network connection and credentials to enter the system.  The systems that can’t be accessed online are accessible if onsite, which for anyone determined enough is, in theory, possible.  Live Free or Die Hard was about just this very topic, but veiled under what they called a “Firesale” that enabled them to steal credit information.

Finally, the horrific part of this whole thing.  Gaining access to the main SCADA system could potentially allow a single hacker to take down every other SCADA system in its network.  This would mean, in simple terms, that you would be without electricity, water, natural gas, gasoline, or any petro-chemical that goes into literally hundreds of consumer products.  The entire system, although speculation, is decades old and in need of major upgrading and fortification from modern threats.  In fact, most of the IT systems used by the Federal Government are decades old and archaic when compared to modern entry-level standards.  Did you know that the military is STILL using a hardened version of Windows XP on all of their computer systems?  Windows XP is 12 years old!!

We know how to use these systems for damage.  The StuxNet virus the United States released on Iran SCADA systems sabotaged the centrifuges in their Uranium Enrichment Facilities to prevent them from building nuclear weapons.  The only reason it got out that it was even developed was that it affected SCADA systems outside of Iran in several neighboring countries through the Internet.

The Internet.  I’ve been aware of the fact that we don’t know what we’ve created or how it will develop.  I truly believe that artificial intelligence will be born out of the Internet.  Whether it takes over the world, wipes out the human race, or turns into a Terminator style future is anyone’s guess.

Technical details for this post were obtained from the below source:

http://en.wikipedia.org/wiki/SCADA