This document discusses security risks related to SCADA systems and critical infrastructure. It outlines various threat profiles including blockbuster-watching operators, worms that have infected nuclear plants, disgruntled employees conducting sabotage, state-sponsored hacking of gas utilities, and intentionally flawed software leading to pipeline explosions. Recent incidents are described like road signs being hacked to say "Zombies Ahead". The document argues that all infrastructure is at risk from distracted insiders, casual hackers, and motivated attackers. However, technological tools, organizational strategies, and standards exist to prevent and mitigate risks and attacks.
1. Sistemi SCADA e profili criminali
di cosa ci dobbiamo preoccupare?
Roma, 6 Aprile 2011
Alessio L.R. Pennasilico
mayhem@alba.st
twitter: mayhemspp
FaceBook: alessio.pennasilico
2. $ whois mayhem
Security Evangelist @
Board of Directors:
CLUSIT, Associazione Informatici Professionisti (AIP/OPSI),
Associazione Italiana Professionisti Sicurezza Informatica (AIPSI),
Italian Linux Society (ILS), OpenBSD Italian User Group,
Hacker’s Profiling Project
Sistemi SCADA e profili criminali mayhem@alba.st 2
3. Infrastrutture critiche
I sistemi SCADA possono gestire
automazione industriale
centrali elettriche
fornitura di gas o acqua
comunicazioni
trasporti
Sistemi SCADA e profili criminali mayhem@alba.st 3
5. Blockbuster
“Il sistema di gestione della centrale elettrica
non rispondeva. L’operatore stava
guardando un DVD sul computer di
gestione”
CSO di una utility di distribuzione energia elettrica
Sistemi SCADA e profili criminali mayhem@alba.st 5
6. Worm
“In August 2003 Slammer infected a private
computer network at the idled Davis-Besse
nuclear power plant in Oak Harbor, Ohio,
disabling a safety monitoring system for nearly
five hours.”
Nist,Guide to SCADA
Sistemi SCADA e profili criminali mayhem@alba.st 6
7. Disgruntled employee
Vitek Boden, in 2000, was arrested,
convicted and jailed because he released
millions of liters of untreated sewage using
his wireless laptop. It happened in
Maroochy Shire, Queensland, may be as a
revenge against his last former employer.
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
Sistemi SCADA e profili criminali mayhem@alba.st 7
8. Gazprom
“Russian authorities revealed this week that
Gazprom, a state-run gas utility, came
under the control of malicious hackers last
year. […]The report said hackers used a
Trojan horse program, which stashes lines
of harmful computer code in a benign-
looking program.”
http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106
Sistemi SCADA e profili criminali mayhem@alba.st 8
9. Sabotaggio
Thomas C. Reed, Ronald Regan’s Secretary, described in his book
“At the abyss” how the U.S. arranged for the Soviets to receive
intentionally flawed SCADA software to manage their natural
gas pipelines.
"The pipeline software that was to run the pumps, turbines, and
values was programmed to go haywire, after a decent interval,
to reset pump speeds and valve settings to produce pressures
far beyond those acceptable to pipeline joints and welds." A 3
kiloton explosion was the result, in 1982 in Siberia.
http://www.themoscowtimes.ru/stories/2004/03/18/014.html
SCADA Security, Security Summit Milano – 11 Giugno 2009
Sistemi SCADA e profili criminali mayhem@alba.st
R. Chiesa, F. Guasconi, A. Pennasilico, E. Tieghi 9
10. Incidenti recenti
Texas: warning, zombies ahead
Transportation officials in Texas are scrambling
to prevent hackers from changing messages
on digital road signs after one sign in Austin
was altered to read, "Zombies Ahead."
Chris Lippincott, director of media relations for the
Texas Department of Transportation, confirmed
that a portable traffic sign at Lamar Boulevard and
West 15th Street, near the University of Texas at
Austin, was hacked into during the early hours of
January 19 2009.
"It was clever, kind of cute, but not what it was
intended for. Those signs are deployed for a
reason — to improve traffic conditions, let folks
know there's a road closure."
Sistemi SCADA e profili criminali mayhem@alba.st 10
12. Previsioni
Critical Infrastructure Prime Target For Cyber Criminals
The report, "Cyber Threats and Trends" seeks to aid education
efforts about cyber security threats facing networks, enterprises
and end-users by highlighting important trends that emerged in
previous years, and attempts to predict security trends and
disruptors that may develop in next years with lasting
consequences for businesses in the coming decade.
http://www.secprodonline.com/articles/70136/
Sistemi SCADA e profili criminali mayhem@alba.st 12
13. Esempio di intrusione
fonte INL (Idaho National Lab – DHS US
Sistemi SCADA e profili criminali mayhem@alba.st 13
14. Il wireless arriva in fabbrica
Smart Wireless
Smart Control
Systems
Smart
Analytical
Smart Asset
Optimization Smart
Measurement
Smart Final
Control Smart Machinery
Health
Smart Safety
14
15. Stuxnet
Come intendiamo bloccare le minacce?
(pensiamo a quel che ha detto
Dennis Bergstrom di Sonicwall prima di me)
Sistemi SCADA e profili criminali mayhem@alba.st 15
19. Conclusioni
Tutte le infrastrutture sono a rischio
Collaboratori distratti o infedeli
Attaccanti casuali, attaccanti motivati,
più o meno esperti
Sistemi SCADA e profili criminali mayhem@alba.st 19
20. Conclusioni
Gli strumenti tecnologici
Le strategie organizzative
Gli standard da seguire
per prevenire e mitigare rischi ed attacchi
esistono!
Sistemi SCADA e profili criminali mayhem@alba.st 20
21. These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-
ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)
Domande?
Grazie per l’attenzione!
Roma, 6 Aprile 2011
Alessio L.R. Pennasilico
mayhem@alba.st
twitter: mayhemspp
FaceBook: alessio.pennasilico