SCADA – supervisory control and data acquisition

I doubt most people heard about the water treatment facility that had their SCADA system hacked a few days ago that ultimately led to the facility to shutdown for several hours in Illinois.  Most Americans don’t even know what this system does for us or just how critical it is to our daily lives until its too late and the systems are offline.

As the title suggests, SCADA stands for supervisory control and data acquisition.  In simple terms, it is a networked systems of switches, monitoring devices, control systems, and primary computer systems.  All of these together make it possible to run a facility, like a water treatment plant, without people physically having to be on-site.  The following industries have used or are currently using SCADA systems in their facilities:

  • electricity
  • water treatment
  • nuclear power
  • natural gas
  • petroleum
  • chemical

Now, hold on, I haven’t even gotten to the scary part yet.  Most of these industries have one thing in common.  They are in whole or part regulated by the Federal Government that use their own set of SCADA systems that, you guessed it, monitor the industrial SCADA systems on-site.  Sort of like a watchdog for the watchdogs.  Here is the really scary part……  they’re online!  As in, most of these systems with exception for most nuclear plants and chemical plants, can be accessed remotely from any computer with a network connection and credentials to enter the system.  The systems that can’t be accessed online are accessible if onsite, which for anyone determined enough is, in theory, possible.  Live Free or Die Hard was about just this very topic, but veiled under what they called a “Firesale” that enabled them to steal credit information.

Finally, the horrific part of this whole thing.  Gaining access to the main SCADA system could potentially allow a single hacker to take down every other SCADA system in its network.  This would mean, in simple terms, that you would be without electricity, water, natural gas, gasoline, or any petro-chemical that goes into literally hundreds of consumer products.  The entire system, although speculation, is decades old and in need of major upgrading and fortification from modern threats.  In fact, most of the IT systems used by the Federal Government are decades old and archaic when compared to modern entry-level standards.  Did you know that the military is STILL using a hardened version of Windows XP on all of their computer systems?  Windows XP is 12 years old!!

We know how to use these systems for damage.  The StuxNet virus the United States released on Iran SCADA systems sabotaged the centrifuges in their Uranium Enrichment Facilities to prevent them from building nuclear weapons.  The only reason it got out that it was even developed was that it affected SCADA systems outside of Iran in several neighboring countries through the Internet.

The Internet.  I’ve been aware of the fact that we don’t know what we’ve created or how it will develop.  I truly believe that artificial intelligence will be born out of the Internet.  Whether it takes over the world, wipes out the human race, or turns into a Terminator style future is anyone’s guess.

Technical details for this post were obtained from the below source:

http://en.wikipedia.org/wiki/SCADA

Half-assed Tech

I should know better by now than to trust that technology, any technology, is implemented in such a way that its actually trustworthy enough to do what you expect it to do.  It seems that the more complex and cumbersome something is to install, administer, and maintain the harder it is to have it do what you need it to do.  More often than not it fails when you need it most.

Take my foray into technology gone wrong tonight.  Long story short, rebuilt a server OS from 32-bit to 64-bit, re-attached a SAN (storage attached network) and it was blank.  I know there was almost 250GB’s of data on that drive BEFORE I did the rebuild, so you can imagine my dismay and shock when it re-appeared as blank.  No production data, don’t pass go, your ass in the fire despite it not being your fault…  you get the idea.

Panic mode set in, and I started paging and calling everyone I could to try and figure out what happened.  As I was talking to the guy that actually runs the SAN systems (Clariion if anyone is interested), the data just re-appeared.  I didn’t reboot, rescan, or do anything of a nature that would trigger the data to stop by and say “Hi” to me again.  It felt like a warm blanket got pulled over me on a cold morning where you forgot to close the windows the night before……

Regardless of whether the data came back in the end or not, there is no excuse why a billion dollar company, not being named, should have technology systems in place that are so crude.  The unfortunate thing is that this scenario is played out hundreds of times around the world for the exact same reason.  No company likes to spend money on things that suck its bottom line like a vampire for a made up number that is referred to in Accounting circles as “return on investment”.  With that said, I believe that there are three schools of thought where you spend money for two reasons:

  1. IT guy sees a cool new technology, pitches it to management and gets a green light without knowing the true cost of being bleeding edge technology leaders.
  2. IT department utilizes resources and decides the best fit for their company and makes wise purchases.
  3. Company is stuck in the mode of thinking “this is how we’ve always done it” and refuses to purchase anything other than old parts off eBay to repair aging infrastructure.

Most companies, even though they would never admit it, fall into #3 almost always.  Companies like Google fall into #2.  Small companies with younger employees generally fall into #1, until they realize its expensive and morph into #2 or #3 over time.  I don’t know where my company falls currently, as they’re so big its hard to judge.  Based on some of the health reports I’ve seen lately, I think they’re in danger of falling into the #3 pit to hell where it’ll be time for me to jump ship looking for the #2 golden opportunity.

Ok, I feel better now 🙂