Following our piece last month on Verano/PlantData’s SCADA security audits, Verano’s Lori Dustin has provided us with the following gory details of what the audit uncovered. In May 2006, an investigation into poor control system performance revealed that operators had found a way around console lockdown, allowing them to install and play games during the night shift, affecting system performance and ‘distracting’ the operators’ attention.
Trojan
An employee, disgruntled at being fired from a major Asian transport site planted a Trojan to wipe out the site’s main SCADA servers. Transport services were stopped for several days and more time was required to reconstruct the server.
Sniffer
One North American power generation company discovered a laptop taped under a server cabinet running password sniffing software. Potential consequences included leaking of control system passwords and misuse of control system and/or loss of production. In another SCADA scare, a hacked data historian at a power generation company in the US was turned into a spam relay and file server. Here the fix was an industrial strength firewall, IDS/IPS and file, process and bandwidth monitoring.
© Oil IT Journal - all rights reserved.