RE: [SLUG] Fw: [SCAD] Hacker took over control of a Russian gas SCAD system?

From: Ken Elliott (kelliott4@tampabay.rr.com)
Date: Fri May 07 2004 - 23:05:03 EDT


>>May I respectively suggest that you leave the adjustment to power system
protection professionals...

Perhaps I came across as a jerk. Sorry if that's the case.

I completely agree with you. I am supporting your position of pointing out
the lack of SCADA security has allowed critical systems to be exposed. I
wouldn't touch protective relays, even though I used to design switchgear
and substation controls. But some punk kid that gets into the system can
certainly mess it all up, by accident or otherwise. You don't have to be an
expert driver to wreck a car. Remember those kids who tossed bricks from an
overpass?

>>and callabration of power system SCADA networks to power system SCADA
experts

Most of those "experts" left wide-open systems. Trust me on that. What we,
as computer professionals, need to do is help others understand the
importance of security, so it gets built into the budget. Most 'experts'
simply don't believe what hackers can get into. Dumb folks cannot design
SCADA systems, but even the most intelligent of us have gaps in our
knowledge.

Your reply shows you might feel somewhat 'attacked;. I hope not. I'm only
supporting your post that SCADA is poorly secured in most cases. But when
you tossed out that link and implied SCADA was secure because the attached
devices were difficult to program, I felt it needed to be pointed out that
it's not really the case. It's a common logic that causes security to get
let out of the budget. How many times have I heard "But who would want to
break into our network?"

I'm glad you posted the link about the Russian system hack. You did a good
thing.

Ken Elliott

=====================
-----Original Message-----
From: Frank Roberts - SOTL [mailto:sotl155360@earthlink.net]
Sent: Friday, May 07, 2004 6:44 AM
To: slug@nks.net; Ken Elliott
Subject: Re: [SLUG] Fw: [SCAD] Hacker took over control of a Russian gas
SCAD system?

May I respectively suggest that you leave the adjustment to power system
protection professionals, the calculations of breaker failure sequences to
high voltage protective relaying professionals, the adjustment and
callabration of power system SCADA networks to power system SCADA experts
and the project management of such projects to the approbate project
managers of which gosh knows I am not qualifies after having designed at
least 20 power plants and installed and started over 100. A computer expert
I am not even though I was a compouter controls engineer; power systems
though I know a little bit about from the engineering through the economics
and project management. Sorry the political realm is above my level.

The point of the reference was to prove that SCADA far being the simple
systems that one person assumed they are the peak of the pencil of
complication involving every aspect of computer controls from the simplest
through the ultimate super computer utilizing everything from real time
streamed video and realtime data transfers through simple historical data
transfers involving financial and accounting data. Cost range from the low
millions of dollars through the billions.

If one will recall the original post was a forward from the SCADA list
involving hackers breaking int the SCADA control systen for a Russian
pipeline and taking control of the pipeline system valving.

Like wise one should recall that immediately someone with little to zero
expertise in terrorist matters, SCADA, and Russian affairs denounces the
posting as a 10 Year CIA plot which sounds as smart to me as denouncing the
little fiasco in New York as a figment of one imagination.

To me the original posting was simply to show what can go wrong and how bad
it can get. It was not intended to start a war over credibility or bust
anyone's bubble that entertainment is the ultimate of computer networking.

Thus for having the tenacity of attempting to keep this list informed in
what is happening with the big money real world where a billions of dollars
expenditure is considered part of the coffee fund I apologize. In the future
I can assure you NO such postings will be made again.

Also, if anyone doughs that a billion dollars is a daily expenditure then
you have not been the places I have and observed the things I have as a very
very small bit player is a mega world power game.

Frank

On Thursday 06 May 2004 19:59, Ken Elliott wrote:
> >>Easy ? Maybe in the computer side but try playing with a Schweitzer
> >>relay for a while and then tell me they are easy.
>
> Well, if you set all the time/curves to random values, they would have
> a devil of a time finding the faults.
>
> <translation for all the not-power guys> These relays control big
> "circuit breakers". If a line "faults" (shorts out), you don't want
> all the breakers tripping at once. They all see the same amount of
> power, so the closer you are to the end, the quicker you trip open the
> breaker. That way, the closest upstream breaker will trip quickest.
> So, to find the fault, you start at the breaker and go downstream. If
> they are all set random, you might trip a breaker way upstream from
> the fault. So when they notice breaker #4 tripped, and the downstream
> breaker #5 didn't, they assume the fault is located between #4 and #5.
> The actual fault might be downstream of #6, but if #5 and #6 were set
> to wait longer than #4, then #4 will trip before #5 and #6.
> </translation>
>
> Actually, I was thinking you could just send "open switch" commands
> and see if your UPS works. I saw an S&C padmount with a Cat-5 cable
> sticking out under the pad. Yep, Ethernet. The switches used them to
> route power in case of faults. A guy with a lap top could cause lots
> of trouble with that. But the installers had no clue about it. Why would
they?
>
> Ken Elliott
> 1832 Lombardy Dr.
> Clearwater FL 33755
> cell 727-698-0276
>
> http://web.tampabay.rr.com/kelliott4/
> =====================
> -----Original Message-----
> From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Frank Roberts -
> SOTL
> Sent: Thursday, May 06, 2004 8:19 AM
> To: slug@nks.net; Ken Elliott
> Subject: Re: [SLUG] Fw: [SCAD] Hacker took over control of a Russian
> gas SCAD system?
>
> Boy did you hit the nail on the head with NO security.
>
> Easy ?
> Maybe in the computer side but try playing with a Schweitzer relay for
> a while and then tell me they are easy.
> http://www.selinc.com/
>
> Frank
>
> PS: You could get several PhD trying to understand a Schweitzer relay.
>
> On Wednesday 05 May 2004 19:58, Ken Elliott wrote:
> > SCADA systems are easy. No security of any kind. The controls will
> > simply accept any command issued by anyone. Did you know our
> > electric grid is SCADA-based?
> >
> > Worse, the US helped install the same stuff in Afganistan, so anyone
> > who knows that system has a pretty good understanding of ours...
> >
> > Ken Elliott
> >
> > =====================
> > -----Original Message-----
> > From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Bill Canaday
> > Sent: Wednesday, May 05, 2004 6:45 PM
> > To: slug@nks.net
> > Subject: Re: [SLUG] Fw: [SCAD] Hacker took over control of a Russian
> > gas SCAD system?
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wednesday 05 May 2004 01:55 pm, you wrote:
> > > On Sunday 02 May 2004 09:56, John Saunders wrote:
> > > > http://gtiservices.org/security/riskassess/gazprom_attack_042619
> > > > 99 .d oc This report no longer seems to be online, but you might
> > > > contact Bill Rush at GTI/AGA to get a copy.
> >
> > This sounds an awful lot like the purported CIA exploit of the
> > Soviet natural gas lines of a few years ago. Separate incidents or
> > an urban myth in the making?
> >
> > Bill
> > - --
> > http://cannaday.us (genealogy)
> > http://organic-earth.com (organic gardening) Uptimes below for the
> > machines that created / host these sites.
> > 18:42:00 up 4:30, 4 users, load average: 0.26, 0.29, 0.18
> > 18:35:01 up 2:36, 2 users, load average: 0.00, 0.00, 0.00
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFAmW5nSvjcx4uv21sRAoamAJ4rMf1YSt9EWAmjT/fARb9p/6LVtwCfbRjj
> > le7u1JwrYjPH1NyhyCU2208=
> > =ath/
> > -----END PGP SIGNATURE-----
> >
> >
> > --------------------------------------------------------------------
> > --
> > - This list is provided as an unmoderated internet service by
> > Networked Knowledge Systems (NKS). Views and opinions expressed in
> > messages posted are those of the author and do not necessarily
> > reflect the official policy or position of NKS or any of its employees.
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.651 / Virus Database: 417 - Release Date: 4/5/2004
> >
> >
> > --------------------------------------------------------------------
> > --
> > - This list is provided as an unmoderated internet service by
> > Networked Knowledge Systems (NKS). Views and opinions expressed in
> > messages posted are those of the author and do not necessarily
> > reflect the official policy or position of NKS or any of its employees.
>
> ----------------------------------------------------------------------
> - This list is provided as an unmoderated internet service by
> Networked Knowledge Systems (NKS). Views and opinions expressed in
> messages posted are those of the author and do not necessarily reflect
> the official policy or position of NKS or any of its employees.
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.651 / Virus Database: 417 - Release Date: 4/5/2004
>
>
> ----------------------------------------------------------------------
> - This list is provided as an unmoderated internet service by
> Networked Knowledge Systems (NKS). Views and opinions expressed in
> messages posted are those of the author and do not necessarily reflect
> the official policy or position of NKS or any of its employees.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.651 / Virus Database: 417 - Release Date: 4/5/2004
 

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:57:26 EDT