Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: http://uscgproceedings.epubxp.com/i/436751
46 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings their unique Internet Protocol addresses. 2 A 2005 report to the U.S. Congress estimated that Internet-connected super- visory control and data acquisition systems were probed by hackers on a daily basis. 3 Further, the commonality of various types of SCADA com- ponents, from software to hardware, raises the potential impact of a cyber attack. Newer systems often use commer- cial off-the-shelf technologies, and providers often publish standards for interconnection, alarm communication, and other types of control. Cyber attackers may take advantage of this information. Many of these systems come with a signifcant amount of interdependency and little isolation across multiple modes. Therefore, a cyber attack on a ter- minal management system could also affect aspects of con- nected truck, rail, and maritime transportation. A fnal signifcant contributor to SCADA systems' cyber vul- nerabilities lies in the human factor. Employees may intro- duce cyber vulnerabilities by using poor security practices, such as choosing weak passwords or allowing unauthorized personnel access. Risk Mitigation To mitigate cyber threats, IT personnel should conduct risk assessments and improve security policy training and enforcement. They should also eliminate any unnecessary connections between SCADA networks and other networks, and fortify necessary network connections, using measures such as frewalls at every point of entry. If organizations use commercial off-the-shelf supervisory control and data acquisition systems, personnel should Attack Vectors and Attacks Cyber threats may originate from a variety of actors, including disgruntled employees, criminals, hackers, nation- states, and terrorists, who may take advantage of the connectivity of these systems with Internet Protocol commu- nications networks. Threats Once a virus or worm is introduced to a SCADA system network, it will propa- gate itself through networked control computers and disrupt communica- tions to essentially prevent user control over the operating equipment. A Trojan horse (a malware program containing malicious code that can harm systems) may conduct damaging tasks, such as manipulating the system to make it more vulnerable to subsequent cyber attacks, or send false messages that cause unde- sirable control functions such as cycling valves or electric switches at the wrong times. Consequences Other cyber threats to SCADA systems exist irrespective of whether the system is connected to an IP network, including electronic communication threats such as radio frequency interference, elec- tromagnetic pulse, and electromag- netic interference. These threats can greatly impact components' ability to communicate with each other and prop- erly send information between the oper- ating equipment and the terminal units essential to monitoring and control. A disruptive cyber attack on a system can also cause direct physical and environmental damage. For example, failure in a system controlling a gantry crane could cause a container to drop on workers below. Malicious manipulation of valves in a ship-to-shore fuel transfer system could lead to a devastating explosion on the pier or release pollut- ants into waterways. Any sort of disrup- tion at a major seaport could cause significant disruptions in the global supply chain, affecting the shipment of essential goods, and cost billions of dollars. Defense - critical infrastruc ture also relies on SCADA systems. An attack would afect the nation's defensive ca- pabilities and thus national security, and the interdependency of MTS compo- nents and other infrastructure nodes could cause grave national and global consequences. Attacks Sadly, some of the possible scenarios have come to fruition. In 2000, a man rejected for employment at an Australian sewage plant used a laptop and radio equipment to issue commands to the plant's SCADA system, causing millions of gallons of untreated sewage to be dumped into rivers, parks, and other surrounding properties. 1 In 2010, the Stuxnet worm damaged Iranian industrial sites, including a nuclear plant. The worm traveled easily across systems linked to the Internet, and was introduced to isolated systems by simple human error, most likely via USB drives. 2 Finally, an unintentional disruption of critical valve operations at water, elec- tric, and gas companies, caused by electromagnetic interference from a U.S. Navy radar system, showed how even benign sources can interfere with vulnerable supervisory control and data acquisition systems. 3 Endnotes: 1. Weiss, Protecting Industrial Control, p.p. 108-109. 2. Hearing before the House of Representatives Subcom- mittee of National Security, Homeland Defense and Foreign Operations of the Committee on Oversight and Government Reform, Cybersecurity, 26; David Kushner, "The Real Story of Stuxnet," IEEE Spec- trum, Feb. 26, 2013. 3. US-CERT Control Systems Security Center, Cyber Incidents Involving Control Systems, Robert J. Turk, INL/EXT-05-00671 (October 2005): p. 32.