Re: [SLUG] Fw: [SCAD] Hacker took over control of a Russian gas SCAD system?

From: Frank Roberts - SOTL (sotl155360@earthlink.net)
Date: Fri May 07 2004 - 06:44:23 EDT


May I respectively suggest that you leave the adjustment to power system
protection professionals, the calculations of breaker failure sequences to
high voltage protective relaying professionals, the adjustment and
callabration of power system SCADA networks to power system SCADA experts and
the project management of such projects to the approbate project managers of
which gosh knows I am not qualifies after having designed at least 20 power
plants and installed and started over 100. A computer expert I am not even
though I was a compouter controls engineer; power systems though I know a
little bit about from the engineering through the economics and project
management. Sorry the political realm is above my level.

The point of the reference was to prove that SCADA far being the simple
systems that one person assumed they are the peak of the pencil of
complication involving every aspect of computer controls from the simplest
through the ultimate super computer utilizing everything from real time
streamed video and realtime data transfers through simple historical data
transfers involving financial and accounting data. Cost range from the low
millions of dollars through the billions.

If one will recall the original post was a forward from the SCADA list
involving hackers breaking int the SCADA control systen for a Russian
pipeline and taking control of the pipeline system valving.

Like wise one should recall that immediately someone with little to zero
expertise in terrorist matters, SCADA, and Russian affairs denounces the
posting as a 10 Year CIA plot which sounds as smart to me as denouncing the
little fiasco in New York as a figment of one imagination.

To me the original posting was simply to show what can go wrong and how bad it
can get. It was not intended to start a war over credibility or bust anyone's
bubble that entertainment is the ultimate of computer networking.

Thus for having the tenacity of attempting to keep this list informed in what
is happening with the big money real world where a billions of dollars
expenditure is considered part of the coffee fund I apologize. In the future
I can assure you NO such postings will be made again.

Also, if anyone doughs that a billion dollars is a daily expenditure then you
have not been the places I have and observed the things I have as a very very
small bit player is a mega world power game.

Frank

On Thursday 06 May 2004 19:59, Ken Elliott wrote:
> >>Easy ? Maybe in the computer side but try playing with a Schweitzer relay
> >> for a while and then tell me they are easy.
>
> Well, if you set all the time/curves to random values, they would have a
> devil of a time finding the faults.
>
> <translation for all the not-power guys>
> These relays control big "circuit breakers". If a line "faults" (shorts
> out), you don't want all the breakers tripping at once. They all see the
> same amount of power, so the closer you are to the end, the quicker you
> trip open the breaker. That way, the closest upstream breaker will trip
> quickest. So, to find the fault, you start at the breaker and go
> downstream. If they are all set random, you might trip a breaker way
> upstream from the fault. So when they notice breaker #4 tripped, and the
> downstream breaker #5 didn't, they assume the fault is located between #4
> and #5. The actual fault might be downstream of #6, but if #5 and #6 were
> set to wait longer than #4, then #4 will trip before #5 and #6.
> </translation>
>
> Actually, I was thinking you could just send "open switch" commands and see
> if your UPS works. I saw an S&C padmount with a Cat-5 cable sticking out
> under the pad. Yep, Ethernet. The switches used them to route power in
> case of faults. A guy with a lap top could cause lots of trouble with
> that. But the installers had no clue about it. Why would they?
>
> Ken Elliott
> 1832 Lombardy Dr.
> Clearwater FL 33755
> cell 727-698-0276
>
> http://web.tampabay.rr.com/kelliott4/
> =====================
> -----Original Message-----
> From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Frank Roberts - SOTL
> Sent: Thursday, May 06, 2004 8:19 AM
> To: slug@nks.net; Ken Elliott
> Subject: Re: [SLUG] Fw: [SCAD] Hacker took over control of a Russian gas
> SCAD system?
>
> Boy did you hit the nail on the head with NO security.
>
> Easy ?
> Maybe in the computer side but try playing with a Schweitzer relay for a
> while and then tell me they are easy.
> http://www.selinc.com/
>
> Frank
>
> PS: You could get several PhD trying to understand a Schweitzer relay.
>
> On Wednesday 05 May 2004 19:58, Ken Elliott wrote:
> > SCADA systems are easy. No security of any kind. The controls will
> > simply accept any command issued by anyone. Did you know our electric
> > grid is SCADA-based?
> >
> > Worse, the US helped install the same stuff in Afganistan, so anyone
> > who knows that system has a pretty good understanding of ours...
> >
> > Ken Elliott
> >
> > =====================
> > -----Original Message-----
> > From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Bill Canaday
> > Sent: Wednesday, May 05, 2004 6:45 PM
> > To: slug@nks.net
> > Subject: Re: [SLUG] Fw: [SCAD] Hacker took over control of a Russian
> > gas SCAD system?
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wednesday 05 May 2004 01:55 pm, you wrote:
> > > On Sunday 02 May 2004 09:56, John Saunders wrote:
> > > > http://gtiservices.org/security/riskassess/gazprom_attack_04261999
> > > > .d oc This report no longer seems to be online, but you might
> > > > contact Bill Rush at GTI/AGA to get a copy.
> >
> > This sounds an awful lot like the purported CIA exploit of the Soviet
> > natural gas lines of a few years ago. Separate incidents or an urban
> > myth in the making?
> >
> > Bill
> > - --
> > http://cannaday.us (genealogy)
> > http://organic-earth.com (organic gardening) Uptimes below for the
> > machines that created / host these sites.
> > 18:42:00 up 4:30, 4 users, load average: 0.26, 0.29, 0.18
> > 18:35:01 up 2:36, 2 users, load average: 0.00, 0.00, 0.00
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFAmW5nSvjcx4uv21sRAoamAJ4rMf1YSt9EWAmjT/fARb9p/6LVtwCfbRjj
> > le7u1JwrYjPH1NyhyCU2208=
> > =ath/
> > -----END PGP SIGNATURE-----
> >
> >
> > ----------------------------------------------------------------------
> > - This list is provided as an unmoderated internet service by
> > Networked Knowledge Systems (NKS). Views and opinions expressed in
> > messages posted are those of the author and do not necessarily reflect
> > the official policy or position of NKS or any of its employees.
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.651 / Virus Database: 417 - Release Date: 4/5/2004
> >
> >
> > ----------------------------------------------------------------------
> > - This list is provided as an unmoderated internet service by
> > Networked Knowledge Systems (NKS). Views and opinions expressed in
> > messages posted are those of the author and do not necessarily reflect
> > the official policy or position of NKS or any of its employees.
>
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages posted
> are those of the author and do not necessarily reflect the official policy
> or position of NKS or any of its employees.
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.651 / Virus Database: 417 - Release Date: 4/5/2004
>
>
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:51:38 EDT