As the cyberwar to save Ukraine enters Round 2, SCADA/ICS is likely to become the target of both sides. In this article, I simply try to lay out a case of why SCADA Hacking and Security is among the most critical area of cybersecurity (update March 23, 2022).
Recently, the US National Security Administration (NSA) warned that hackers were attempting to compromise multiple elements of the US and other nations' SCADA/ICS infrastructure. Then, on May 7, hackers successfully compromised a major pipeline between the US Gulf Coast and the major metropolitan area of the US disrupting 45% of the gasoline supply to this critical area. It has now been reported that Colonial paid the hackers 75 BTC or about $5 million.
In addition, in 2018, the US Federal Bureau of Investigation (FBI) and U.S. Homeland Security announced that the Russians are hacking and attacking the US electric grid and nuclear facilities. This continues into 2021 and will likely do so until this industry takes cyber security seriously. Apparently, the Russian hackers have breached dozens of power plants. This is just one more example of the criticality of SCADA Hacking in our new world of cyber war.
SCADA hacking and security has become one the most important areas of information security and hacking in recent years. SCADA stands for Supervisory Control and Data Acquisition. Its an acronym meant to cover systems that control nearly every type of industrial system such as the electrical grid, power plants, manufacturing systems, sewage and water systems, oil and gas refineries and nearly every type of industrial system. Very often, people use the term ICS or Industrial Control Systems synonymously with SCADA.
The world has changed dramatically in the last 20 years. Nearly everything is driven by digital systems. This has made our systems easier to control, more precise and easier to communicate with, but has also made them more vulnerable.
Imagine this scenario. Two nations are at war. One nation has the capability to manipulate and even DoS (Denial of Service) the other's industrial infrastructure such as the electrical grid, water and sewage systems, oil refineries, etc. How long can a nation and war effort be sustained without these critical services? An even scarier scenario can be imagined where manipulation and control of these industrial systems could itself become a weapon. How many people would die if a pressure valve in an oil refinery or nuclear power plant were controlled remotely and maliciously?
In the 21st century, every conflict will have a SCADA/ICS element. The first salvo in the era of cyber war may have been fired by Russia in 2008 in its conflict with Georgia over South Ossetia. If there were any doubts as to the shape of future warfare, the U.S. NSA Stuxnet attack on Iran's nuclear facilities in 2010, left no doubt. SCADA/ICS is THE target for any cyber war.
There have been numerous examples of additional SCADA attacks in the intervening 10 years since Stuxnet, most of them quietly resolved, but the conflict between Russia and the Ukraine may be a harbinger of things to come. In a recent article in "Wired" magazine, Andy Greenberg details the Russian attacks on the Ukraine SCADA/ICS systems including their electrical grid (you can read more about the Blackenergy3 attack here). He further speculates that Russia is using the Ukraine as a test lab for their SCADA/ICS attack vectors and may be preparing to use them against other nations. Michael Hayden, former director of the NSA, states, "This is a whiff of August 1945. Somebody just used a new weapon and this weapon will not be put back in a box" when referring to cyber SCADA/ICS attacks.
SCADA/ICS is Different
Most of us in the field of cyber security are accustomed to working with traditional IT systems. These systems use TCP/IP and other communication protocols as part of that suite that includes UDP, DNS, SMB, SMTP etc. The protocols used by SCADA/ICS systems are different. SCADA/ICS protocols were originally developed to run over serial connections and use different packets and systems for communication internally. Most now have been ported to communicate over TCP/IP externally, but internally these use such obscure protocols as MODBUS, DNP3, OPC, PROFINET, etc.
If you are to protect or attack these systems you must be familiar with these protocols and the specialized tools to work with them. For instance, because the packets are different, most off-the-shelf perimeter defense systems such IDS's won't work in a SCADA/ICS environment and most AV software is ineffective in detecting attacks against them.
Every major nation and every major industry is seeking individuals cognizant of the risks and vulnerabilities of SCADA/ICS systems. IT security engineers are in high demand with virtually no unemployment, but the demand for those capable of protecting, testing and pentesting SCADA/ICS systems far outstrips the supply. Each nation's military and espionage units are gearing up with SCADA/ICS knowledge and skills (I know, I have trained many of them including the NSA). Pentesting and IT security firms are scrounging fruitlessly for SCADA/ICS trained people. Each of the many industries included in this broad category of SCADA/ICS is seeking people with the knowledge and skill to protect their valuable systems.
Setting Yourself Apart
SCADA/ICS skills are still rare in our industry. Ask your colleagues how much they know about SCADA/ICS and you are likely to receive shrug. If you want to push your career to the next level and set yourself apart from other cyber security engineers, SCADA/ICS is a must.
To acquire the background and skills is this rapidly growing and critically important field, consider attending the next SCADA/ICS Security course here at Hackers-Arise. We at Hackers-Arise were the first to demonstrate the hack of the Schneider Electric AS server last year that received international recognition and the found the vulnerability in the Schneider Electric TM221.
Wouldn't you rather study with someone who has actually been there, rather than someone who has simply read about it?