SCADA security—the gory details!

Verano tells some SCADA scare stories of compromised networks and embarrassing consequences.

Following our piece last month on Verano/PlantData’s SCADA security audits, Verano’s Lori Dustin has provided us with the following gory details of what the audit uncovered. In May 2006, an investigation into poor control system performance revealed that operators had found a way around console lockdown, allowing them to install and play games during the night shift, affecting system performance and ‘distracting’ the operators’ attention.


An employee, disgruntled at being fired from a major Asian transport site planted a Trojan to wipe out the site’s main SCADA servers. Transport services were stopped for several days and more time was required to reconstruct the server.


One North American power generation company discovered a laptop taped under a server cabinet running password sniffing software. Potential consequences included leaking of control system passwords and misuse of control system and/or loss of production. In another SCADA scare, a hacked data historian at a power generation company in the US was turned into a spam relay and file server. Here the fix was an industrial strength firewall, IDS/IPS and file, process and bandwidth monitoring.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.