Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Loading in …3
×
1 of 17

Maroochy water breach

3

Share

Download to read offline

Slides to accompany video. Describes cybersecurity case study of an attack on critical infrastructure

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Maroochy water breach

  1. 1. Maroochy SCADA attack, 2013 Slide 1 Cybersecurity Case Study Maroochy water breach http://www.slideshare.net/sommervi/cs5032- case-study-maroochy-water-breach
  2. 2. Maroochy SCADA attack, 2013 Slide 2 Maroochy Shire Image credit: http://www.hinterlandtourism.com.au/attractions/the-maroochy-river/
  3. 3. Maroochy SCADA attack, 2013 Slide 3 Maroochy shire sewage system • SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999 • In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage
  4. 4. Maroochy SCADA attack, 2013 Slide 4 SCADA setup Typical SCADA-controlled sewage system This is not the system that was attacked
  5. 5. Maroochy SCADA attack, 2013 Slide 5 SCADA sewage control • Special-purpose control computer at each station to control valves and alarms • Each system communicates with and is controlled by central control centre • Communications between pumping stations and control centre by radio, rather than wired network
  6. 6. Maroochy SCADA attack, 2013 Slide 6 What happened More than 1m litres of untreated sewage released into waterways and local parks
  7. 7. Maroochy SCADA attack, 2013 Slide 7 Technical problems • Sewage pumps not operating when they should have been • Alarms failed to report problems to control centre • Communication difficulties between the control centre and pumping stations
  8. 8. Maroochy SCADA attack, 2013 Slide 8 Insider attack • Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation. • He left in 1999 after disagreements with the company. • He tried to get a job with local Council but was refused.
  9. 9. Maroochy SCADA attack, 2013 Slide 9 Revenge! • Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems – He hoped that Hunter Watertech would be blamed for the failure • Insiders don’t have to work inside an organisation!
  10. 10. Maroochy SCADA attack, 2013 Slide 10 What happened? Image credit: http://www.pimaweb.org/conference/april2003/pdfs/MythsAndF actsBehindCyberSecurity.pdf
  11. 11. Maroochy SCADA attack, 2013 Slide 11 How it happened • Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop • He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station • Insecure radio links were used to communicate with pumping stations and change their configurations
  12. 12. Maroochy SCADA attack, 2013 Slide 12 Incident timeline • Initially, the incidents were thought to have been caused by bugs in a newly installed system • However, analysis of communications suggested that the problems were being caused by deliberate interventions • Problems were always caused by a specific station id
  13. 13. Maroochy SCADA attack, 2013 Slide 13 Actions taken • System was configured so that that id was not used so messages from there had to be malicious • Boden as a disgruntled insider fell under suspicion and put under surveillance • Boden’s car was stopped after an incident and stolen hardware and radio system discovered
  14. 14. Maroochy SCADA attack, 2013 Slide 14 Causes of the problems • Installed SCADA system was completely insecure – No security requirements in contract with customer • Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software • Insecure radio links were used for communications
  15. 15. Maroochy SCADA attack, 2013 Slide 15 Causes of the problems • Lack of monitoring and logging made detection more difficult • No staff training to recognise cyber attacks • No incident response plan in place at Maroochy Council
  16. 16. Maroochy SCADA attack, 2013 Slide 16 Aftermath • On October 31, 2001 Vitek Boden was convicted of: – 26 counts of willfully using a computer to cause damage – 1 count of causing serious environment harm • Jailed for 2 years
  17. 17. Maroochy SCADA attack, 2013 Slide 17 Finding out more http://www.pimaweb.org/conference/april2 003/pdfs/MythsAndFactsBehindCyberSec urity.pdf http://harbor2harbour.com/?p=144 http://www.ifip.org/wcc2008/site/IFIPSampleChapter.p df http://csrc.nist.gov/groups/SMA/fisma/ics/documents/M aroochy-Water-Services-Case-Study_report.pdf

×