Home > Critical Infrastructure Security, SCADA Security > A Shortlist of Reported SCADA Incidents

A Shortlist of Reported SCADA Incidents

In a good report by the Infrastructure Security Partnership (TISP.org) called THE ROADMAP TO SECURE CONTROL SYSTEMS IN THE WATER SECTOR I found a good list that helped me remember several of the well-known, “Reported” SCADA incidents including:

Insider hacks into sewage treatment plant (Australia, 2001)—A former employee of the software development team repeatedly hacked (46 occasions) into the SCADA system that controlled a Queensland sewage treatment plant, releasing about 264,000 gallons of raw sewage into nearby rivers and parks. ( My Comments: If I remember correctly He was able to use the company WIFI from the company’s Parking Lot”.
Equipment malfunction at water storage dam (St. Louis, MO, 2005)—The gauges at the Sauk Water Storage Dam read differently than the gauges at the dam’s remote monitoring station, causing a catastrophic failure which released one billion gallons of water.
Intruder plants malicious software in a water treatment system (Harrisburg, PA, 2006)—A foreign hacker penetrated security of a water filtering plant through the internet. The intruder planted malicious software that was capable of affecting the plant’s water treatment operations.
Reported Vulnerability (Aurora 2007)—CNN reported a control system vulnerability that could damage generators and motors. (My Comments: Many argued the credibility of this test, But I think it was deliberately downplayed for the right reasons”.
Intruder sabotages a water canal SCADA system (Willows, CA, 2007)—An intruder installed unauthorized software and damaged the computer used to divert water from the Sacramento River.
• CIA Confirms Cyber Attack Caused Multi-City Power Outage (New Orleans, 2008)—CIA has information that cyber intrusions into utilities (followed by extortion demands) have been used to disrupt power equipment in several regions outside the United States.

I would like to add the following Incidents:

• January 8, 2008 –Teenage boy ‘hacks’ into the track control system of the Lodz city tram system, derailing four vehicles
He had adapted a television remote control so it could change track switches.

• In 2003 Slammer worm crashed Ohio nuke plant network “This is in essence a backdoor from the Internet to the Corporate internal network that was not monitored by Corporate personnel” quoted the full report HERE (http://www.securityfocus.com/news/6767)

• In 2000 Hackers cracked Gazprom security, controlled gas-flow switchboard,”we were very close to a major natural disaster” commented a russian minister as Reported Here : http://www.time.com/time/magazine/article/0,9171,901020617260664,00.html

Also the report listed the following under How Can Cyber Events Affect Water Systems?

Cyber events can affect water system operations in a variety of ways, some with potentially significant adverse effects in public health. Cyber events could do the following:
• Interfere with the operation of water treatment equipment, which can cause chemical over or under-dosing
• Make unauthorized changes to programmed instruction in local processors to take control of water distribution or wastewater collection systems, resulting in disabled service, reduced pressure flows of water into fire hydrants, or overflow of untreated sewage into public waterways
• Modify the control systems software, producing unpredictable results
• Block data or send false information to operators to prevent them from being aware of conditions or to initiate inappropriate actions
• Change alarm thresholds or disable them
• Prevent access to account information
• Although many facilities have manual backup procedures in place, failures of multiple systems may overtax staff resources—even if each failure is manageable in itself
• Be used as ransomware

  1. June 22, 2009 at 1:34 pm

    What find interesting about all of the ‘incidents’ mentioned are one thing: they’re all from the IT portion of SCADA, and in most circumstances, are due to simple negligence (not patching correctly, not patching at all, etc.). Another thing that many don’t realize is the word ‘cyber attack’. To many, simple port scanning would constitute an ‘attack’. This word is so over-utilized, it needs better refinement.

  2. April 14, 2010 at 3:39 pm

    Additional SCADA security incidents?

    Per: “Is the SCADA Infrastructure Secure?” by Jack Ganssle http://www.embedded.com/columns/breakpoint/224202612

    I have been told (by the NSA) that a Tylenol factory has been hacked.

    Vancouver’s traffic lights have been compromised.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: