• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CS5032 Case study Maroochy water breach
 

CS5032 Case study Maroochy water breach

on

  • 704 views

 

Statistics

Views

Total Views
704
Views on SlideShare
704
Embed Views
0

Actions

Likes
0
Downloads
16
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CS5032 Case study Maroochy water breach CS5032 Case study Maroochy water breach Presentation Transcript

    • Maroochy SCADA attack, 2013 Slide 1CNI Case StudyMaroochy water breach
    • Maroochy SCADA attack, 2013 Slide 2Maroochy• Local government areaabout 100km north ofBrisbane, Australia• In 2000, the areasewage system had 47unexpected faultscausing extensivesewage spillage• SCADA controlledsystem with 142pumping stations over1157 sq km
    • Maroochy SCADA attack, 2013 Slide 3What happened• Pumps not operatingwhen they should havebeen• Alarms not reportingproblems to controlcentre• Communicationfailures betweencontrol centre andpumping stationsMore than 1m litres of untreatedsewage released intowaterways and local parks
    • Maroochy SCADA attack, 2013 Slide 4SCADA setup• Special-purpose controlcomputer at each station tocontrol valves and alarms• Each system communicateswith and is controlled bycentral control centre• Communications betweenpumping stations andcontrol centre byradio, rather than wirednetworkAutomated operationAll electronics in single cabinetPumps etc. are underground
    • Maroochy SCADA attack, 2013 Slide 5Insider attack• Vitek Boden worked for Hunter Watertech (systemsuppliers) with responsibility for the Maroochy systeminstallation. He left in 1999.• He tried to get a job with local Council but wasrefused• He then decided to get revenge on both his previousemployer and the Council by launching attacks on theSCADA systems• Insiders don’t have to work inside an organisation!
    • Maroochy SCADA attack, 2013 Slide 6How it happened• Boden stole a SCADA configuration program from hisemployers when he left and installed it on his ownlaptop• He also stole a control computer that could be usedto impersonate a genuine machine at a pumpingstation• Insecure radio links were used to communicate withpumping stations and change their configurationsImage credit:http://www.pimaweb.org/conference/april2003/pdfs/MythsAndFactsBehindCyberSecurity.pdf
    • Maroochy SCADA attack, 2013 Slide 7Incident timeline• Initially, the incidents were thought to have beencaused by bugs in a newly installed system• However, analysis of communications suggested thatthe problems were being caused by deliberateinterventions• Problems were caused by a specific station id (14)• System was configured so that that id was not usedso messages from there had to be malicious• Boden put under surveillance, car stopped and stolenhardware and radio system discovered
    • Maroochy SCADA attack, 2013 Slide 8Causes of the problems• Installed SCADA system was completely insecure– No security requirements in contract with customer• Procedures at Hunter Watertech were inadequate tostop Boden stealing hardware and software• Insecure radio links were used for communications• Lack of monitoring and logging made detection moredifficult• No staff training to recognise cyber attacks• No incident response plan in place at MaroochyCouncil
    • Maroochy SCADA attack, 2013 Slide 9Aftermath• On October 31, 2001 Vitek Boden wasconvicted of:– 26 counts of willfully using a computer to causedamage– 1 count of causing serious environment harm• Jailed for 2 years