Are national infrastructures at risk from cyber terror? Definitely!
What are potential targets? Power grids, water utility companies, oil pumps, large factories and many more interesting ones. How can they be reached? It's just a phone call away over cellular or landline, via Internet, and of course they now offer web interfaces so the job becomes easier and more familiar.
As disclosed recently on ReverseMode.com, a few fatal mistakes expose some SCADA equipment vendors to major problems in security. What is SCADA you ask? Well, that's the type of equipment targeted to command & control major infrastructure devices such as the ones used in power grids, telecommunication networks and other fun national toys.
Hmmm... We never looked that way, say the black-hats among you evil readers. We only tried web applications so far. Well, it appears that vendors such as intellicom are not any different than others, except maybe they've had a longer period of discretion hiding behind government-classified systems.
Nevertheless, you know what they say: security is not obscurity. And thus, after much buzz around cyber security by the Obama administration somebody actually sat down to reverse-engineer the leading protocols in the SCADA world (HICP), understand their inherited weaknesses - such as little to no authentication, and actually fuzzed some popular piece of software the good old-fashioned way just to find that buffer-overflows still plague these systems.
You have to understand that in SCADA business, secure software development is not the hottest topic taking into account that TCP/IP is not even around in some systems, and web interfaces are like WOW... for some of these guys. Shocked enough yet? hold on, here comes the best part: Ruben Santamarta, the researcher behind this project also introduces a search engine - SHODAN, that allows locating some SCADA Internet-facing Web interfaces around the globe.
I guess it did not come to me as such a surprise, having heard in the past that some oil barons like to wake up in the middle of the night and watch and control their oil pumps over Web interfaces.
With the rise of cyber super-powers such as China and Russia, it is this writer's belief that a major cyber attack is already in the works. If it hasn't struck already, unreported to the public, it is certainly imminent. Let this be a wake-up call to all vendors / operators / integrators of SCADA infrastructures: secure development life-cycles may be nice-to-have for others.
For you guys, this may be the last chance to fix things up before the bad guys arrive. The storm is already on the horizon, posing a clear and immediate danger in our contemporary political climate.
What are potential targets? Power grids, water utility companies, oil pumps, large factories and many more interesting ones. How can they be reached? It's just a phone call away over cellular or landline, via Internet, and of course they now offer web interfaces so the job becomes easier and more familiar.
As disclosed recently on ReverseMode.com, a few fatal mistakes expose some SCADA equipment vendors to major problems in security. What is SCADA you ask? Well, that's the type of equipment targeted to command & control major infrastructure devices such as the ones used in power grids, telecommunication networks and other fun national toys.
Hmmm... We never looked that way, say the black-hats among you evil readers. We only tried web applications so far. Well, it appears that vendors such as intellicom are not any different than others, except maybe they've had a longer period of discretion hiding behind government-classified systems.
Nevertheless, you know what they say: security is not obscurity. And thus, after much buzz around cyber security by the Obama administration somebody actually sat down to reverse-engineer the leading protocols in the SCADA world (HICP), understand their inherited weaknesses - such as little to no authentication, and actually fuzzed some popular piece of software the good old-fashioned way just to find that buffer-overflows still plague these systems.
You have to understand that in SCADA business, secure software development is not the hottest topic taking into account that TCP/IP is not even around in some systems, and web interfaces are like WOW... for some of these guys. Shocked enough yet? hold on, here comes the best part: Ruben Santamarta, the researcher behind this project also introduces a search engine - SHODAN, that allows locating some SCADA Internet-facing Web interfaces around the globe.
I guess it did not come to me as such a surprise, having heard in the past that some oil barons like to wake up in the middle of the night and watch and control their oil pumps over Web interfaces.
With the rise of cyber super-powers such as China and Russia, it is this writer's belief that a major cyber attack is already in the works. If it hasn't struck already, unreported to the public, it is certainly imminent. Let this be a wake-up call to all vendors / operators / integrators of SCADA infrastructures: secure development life-cycles may be nice-to-have for others.
For you guys, this may be the last chance to fix things up before the bad guys arrive. The storm is already on the horizon, posing a clear and immediate danger in our contemporary political climate.
오늘 연구실의 박사님을 통해 앞으로의 전망에 대한 이야기를 잠시 들었습니다. 스마트 그리드와 제어 시스템 보안 등에 대한 이야기를 해 주셨는데 정말 흥미로웠습니다. +_+
전자공학을 전공하고, 정보보안 대학원을 진학해서 공부할 생각이지만 전자공학에 대한 공부를 완전 놓을 수 없게 만드는 말들이었습니다. 만약, 우리나라의 S기업에 일정시간동안 전기가 공급되지 않는다면 얼마나 큰 타격을 입게 될까요? 물론 제가 하겠다는 말은 아닙니다. 아니, 할 수 있는 실력이 있을리 없습니다. -_ㅜㅋ;;
이렇듯 앞으로 정말 영화에서나 나올법한 일들이 곧 실현되지나 않을까하는 걱정이 듭니다.
아무튼 재밌는것 같습니다. ^^
※ SCADA란?
‘SCADA’는 ‘Supervisory Control And Data Acquisition’ 의 약어로써 ‘집중원격감시제어시스템’ 이라 부른다. 전기, 가스 등의 에너지 설비시설이나 대규모 산업 플랜트를 운영하기 위하여 필수적으로 사용되는 시스템으로 센서, 제어계통, 통신망 및 컴퓨터로 구성된다. 기존의 기계식(또는 전자식) 방식의 SCADA 시스템은 릴레이 및 유압기계를 이용하여 복잡한 시리얼 케이블 및 배선작업을 통해 현장에서 직접 감시, 제어를 할 수 있도록 설계되어 많은 공간을 차지하였으나, 현재 SCADA 시스템은 PLC 및 소형센서와 네트워크 통신기능을 갖추고 원격감시 제어 및 데이터를 취득 할 수 있어 광역화를 할 수 있게 되었다. 따라서, 기존의 SCADA 연결 방식이 전용선으로 연결되었다면, 현재의 SCADA는 인트라넷이나 인터넷과의 연동으로 구성된다.
아래 참고 문헌에 나오는 말 중에 마지막에 이런 말이 있습니다.
천하의 만리장성도 한 곳이 뚫리게 되면서 나라 전체가 망하게 되었듯이 SCADA 제어망이 Intranet에서만 존재하고 Internet과는 완전히 분리되어 Firewall로 방어되고 있다 하더라도, Intranet 내부에서의 통신부하 문제일 뿐만 아니라 Firewall에 구멍이라도 뚫리게 되면 SCADA 시스템 전체의 마비를 가져오게 되므로...
<참고 문헌 및 사이트>
[1] http://chaptersinwebsecurity.blogspot.com/2010/07/hacking-national-infrastructures-scada.html
[2] SCADA 보안과 TOFINO(SCADA 보안의 중요성과 솔루션에 대해), 김세환, (주)라이컴에스아이
'Nowaday > 보안 이슈' 카테고리의 다른 글
| 어두운 한국과 PuTTY 툴 행위 발견 (0) | 2013.04.08 |
|---|---|
| 익스플로잇 데이터베이스 웹사이트 Inj3ct0r 해킹 (0) | 2013.03.28 |
| DLL Hijacking (0) | 2010.08.27 |
