Maroochy water breach
-
Upload
sommerville-videos -
Category
Technology
-
view
964 -
download
0
description
Transcript of Maroochy water breach
![Page 1: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/1.jpg)
Maroochy SCADA attack, 2013 Slide 1
Cybersecurity Case StudyMaroochy water breach
http://www.slideshare.net/sommervi/cs5032-case-study-maroochy-water-
breach
![Page 2: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/2.jpg)
Maroochy SCADA attack, 2013 Slide 2
Maroochy Shire
Image credit: http://www.hinterlandtourism.com.au/attractions/the-maroochy-river/
![Page 3: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/3.jpg)
Maroochy SCADA attack, 2013 Slide 3
Maroochy shire sewage system
• SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999
• In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage
![Page 4: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/4.jpg)
Maroochy SCADA attack, 2013 Slide 4
SCADA setup
Typical SCADA-controlled sewage system This is not the system that was attacked
![Page 5: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/5.jpg)
Maroochy SCADA attack, 2013 Slide 5
SCADA sewage control
• Special-purpose control computer at each station to control valves and alarms
• Each system communicates with and is controlled by central control centre
• Communications between pumping stations and control centre by radio, rather than wired network
![Page 6: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/6.jpg)
Maroochy SCADA attack, 2013 Slide 6
What happened
More than 1m litres of untreated sewage released into waterways and local parks
![Page 7: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/7.jpg)
Maroochy SCADA attack, 2013 Slide 7
Technical problems
• Sewage pumps not operating when they should have been
• Alarms failed to report problems to control centre
• Communication difficulties between the control centre and pumping stations
![Page 8: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/8.jpg)
Maroochy SCADA attack, 2013 Slide 8
Insider attack
• Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation.
• He left in 1999 after disagreements with the company.
• He tried to get a job with local Council but was refused.
![Page 9: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/9.jpg)
Maroochy SCADA attack, 2013 Slide 9
Revenge!
• Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems
– He hoped that Hunter Watertech would be blamed for the failure
• Insiders don’t have to work inside an organisation!
![Page 10: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/10.jpg)
Maroochy SCADA attack, 2013 Slide 10
What happened?
Image credit: http://www.pimaweb.org/conference/april2003/pdfs/MythsAndFactsBehindCyberSecurity.pdf
![Page 11: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/11.jpg)
Maroochy SCADA attack, 2013 Slide 11
How it happened
• Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop
• He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station
• Insecure radio links were used to communicate with pumping stations and change their configurations
![Page 12: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/12.jpg)
Maroochy SCADA attack, 2013 Slide 12
Incident timeline
• Initially, the incidents were thought to have been caused by bugs in a newly installed system
• However, analysis of communications suggested that the problems were being caused by deliberate interventions
• Problems were always caused by a specific station id
![Page 13: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/13.jpg)
Maroochy SCADA attack, 2013 Slide 13
Actions taken
• System was configured so that that id was not used so messages from there had to be malicious
• Boden as a disgruntled insider fell under suspicion and put under surveillance
• Boden’s car was stopped after an incident and stolen hardware and radio system discovered
![Page 14: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/14.jpg)
Maroochy SCADA attack, 2013 Slide 14
Causes of the problems
• Installed SCADA system was completely insecure
– No security requirements in contract with customer
• Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software
• Insecure radio links were used for communications
![Page 15: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/15.jpg)
Maroochy SCADA attack, 2013 Slide 15
Causes of the problems
• Lack of monitoring and logging made detection more difficult
• No staff training to recognise cyber attacks
• No incident response plan in place at Maroochy Council
![Page 16: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/16.jpg)
Maroochy SCADA attack, 2013 Slide 16
Aftermath
• On October 31, 2001 Vitek Boden was convicted of:
– 26 counts of willfully using a computer to cause damage
– 1 count of causing serious environment harm
• Jailed for 2 years
![Page 17: Maroochy water breach](https://reader036.fdocuments.us/reader036/viewer/2022081413/5461e4b4b1af9fba388b4b9b/html5/thumbnails/17.jpg)
Maroochy SCADA attack, 2013 Slide 17
Finding out more
http://www.pimaweb.org/conference/april2003/pdfs/MythsAndFactsBehindCyberSecurity.pdf
http://harbor2harbour.com/?p=144
http://www.ifip.org/wcc2008/site/IFIPSampleChapter.pdf
http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy-Water-Services-Case-Study_report.pdf