Maroochy water breach


Published on

Slides to accompany video. Describes cybersecurity case study of an attack on critical infrastructure

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Maroochy water breach

  1. 1. Maroochy SCADA attack, 2013 Slide 1Cybersecurity Case StudyMaroochy water breach
  2. 2. Maroochy SCADA attack, 2013 Slide 2Maroochy ShireImage credit:
  3. 3. Maroochy SCADA attack, 2013 Slide 3Maroochy shire sewage system• SCADA controlled system with 142 pumpingstations over 1157 sq km installed in 1999• In 2000, the area sewage system had 47unexpected faults causing extensive sewagespillage
  4. 4. Maroochy SCADA attack, 2013 Slide 4SCADA setupTypical SCADA-controlled sewage systemThis is not the system that was attacked
  5. 5. Maroochy SCADA attack, 2013 Slide 5SCADA sewage control• Special-purpose control computer at eachstation to control valves and alarms• Each system communicates with and iscontrolled by central control centre• Communications between pumping stationsand control centre by radio, rather than wirednetwork
  6. 6. Maroochy SCADA attack, 2013 Slide 6What happenedMore than 1m litres of untreated sewage releasedinto waterways and local parks
  7. 7. Maroochy SCADA attack, 2013 Slide 7Technical problems• Sewage pumps not operating when theyshould have been• Alarms failed to report problems to controlcentre• Communication difficulties between thecontrol centre and pumping stations
  8. 8. Maroochy SCADA attack, 2013 Slide 8Insider attack• Vitek Boden worked for Hunter Watertech(system suppliers) with responsibility for theMaroochy system installation.• He left in 1999 after disagreements with thecompany.• He tried to get a job with local Council butwas refused.
  9. 9. Maroochy SCADA attack, 2013 Slide 9Revenge!• Boden was angry and decided to takerevenge on both his previous employer andthe Council by launching attacks on theSCADA control systems– He hoped that Hunter Watertech would be blamedfor the failure• Insiders don’t have to work inside anorganisation!
  10. 10. Maroochy SCADA attack, 2013 Slide 10What happened?Image credit:
  11. 11. Maroochy SCADA attack, 2013 Slide 11How it happened• Boden stole a SCADA configuration programfrom his employers when he left and installedit on his own laptop• He also stole radio equipment and a controlcomputer that could be used to impersonate agenuine machine at a pumping station• Insecure radio links were used tocommunicate with pumping stations andchange their configurations
  12. 12. Maroochy SCADA attack, 2013 Slide 12Incident timeline• Initially, the incidents were thought to havebeen caused by bugs in a newly installedsystem• However, analysis of communicationssuggested that the problems were beingcaused by deliberate interventions• Problems were always caused by a specificstation id
  13. 13. Maroochy SCADA attack, 2013 Slide 13Actions taken• System was configured so that that id was notused so messages from there had to bemalicious• Boden as a disgruntled insider fell undersuspicion and put under surveillance• Boden’s car was stopped after an incidentand stolen hardware and radio systemdiscovered
  14. 14. Maroochy SCADA attack, 2013 Slide 14Causes of the problems• Installed SCADA system was completelyinsecure– No security requirements in contract withcustomer• Procedures at Hunter Watertech wereinadequate to stop Boden stealing hardwareand software• Insecure radio links were used forcommunications
  15. 15. Maroochy SCADA attack, 2013 Slide 15Causes of the problems• Lack of monitoring and logging madedetection more difficult• No staff training to recognise cyber attacks• No incident response plan in place atMaroochy Council
  16. 16. Maroochy SCADA attack, 2013 Slide 16Aftermath• On October 31, 2001 Vitek Boden wasconvicted of:– 26 counts of willfully using a computer to causedamage– 1 count of causing serious environment harm• Jailed for 2 years
  17. 17. Maroochy SCADA attack, 2013 Slide 17Finding out more
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.