Environmental Engineering Reference
In-Depth Information
months. Somehow the system was leaking hundreds of thousands of
gallons of putrid sewage into parks, rivers and the manicured grounds
of a Hyatt Regency hotel—marine life died, the creek water turned black
and the stench was unbearable for residents. Until the former employee's
capture—during his 46th successful intrusion—the utility's managers
did not know why.
Specialists study this case of cyber-terrorism because it is the only one
known in which someone used a digital control system deliberately to
cause harm. The former employee's intrusion shows how easy it is to
break in—and how restrained he was with his power.
To sabotage the system, the former employee set the software on his
laptop to identify itself as a pumping station, and then suppressed all
alarms. The former employee was the “central control station” during
his intrusions, with unlimited command of 300 SCADA nodes govern-
ing sewage and drinking water alike.
The bottom line: as serious as the former employee's intrusions were
they pale in comparison with what he could have done to the fresh water
system—he could have done anything he liked.
—Barton Gellman (2002)
In 2000, the Federal Bureau of Investigation (FBI) identified and listed
threats to critical infrastructure. These threats are listed in
Table 12.1
. In
the past few years, especially since 9/11, it has been somewhat routine for
us to pick up a newspaper or magazine or to view a television news pro-
gram where a major topic of discussion is cyber security or the lack thereof.
Many of the cyber intrusion incidents we read or hear about have added new
terms or new uses for old terms to our vocabulary; for example, old terms
such as Trojan horse, worms, and viruses have taken on new connotations
with regard to cyber security issues. Relatively new terms such as scanners,
Windows NT hacking tools, ICQ hacking tools, mail bombs, sniffer, logic
bomb, nukers, dots, backdoor Trojan, key loggers, hackers' Swiss knife, pass-
word crackers, and BIOS crackers are now commonly encountered.
Not all relatively new and universally recognizable cyber terms have sin-
ister connotation or meaning, of course. Consider, for example, the follow-
ing digital terms: backup, binary, bit, byte, CD-ROM, CPU, database, e-mail,
HTML, icon, memory, cyberspace, modem, monitor, network, RAM, Wi-Fi,
record, software, World Wide Web—none of these terms normally gener-
ates thoughts of terrorism in most of us. There is, however, one digital term,
SCADA, that most people have not heard of. This is not the case, however,
for those who work with the nation's critical infrastructure, including water/
wastewater. SCADA, an acronym for
supervisory control and data acquisition
and sometimes referred to as
digital control systems
or
process control systems
,
plays an important role in computer-based control systems. Many water/
wastewater systems use computer-based systems to remotely control sensi-
tive processes and system equipment previously controlled manually. These
SCADA systems allow a water/wastewater utility to collect data from sensors
