Information Technology Reference
In-Depth Information
cope with massive data loss and it usually assumes that its picture of the topology of
the network (i.e. which breakers are open or closed) is correct. This is a risky assump-
tion since there are often configuration errors and there is always the chance that an
attacker could be mediating between the control centre and the electricity network.
State estimation techniques are also less applicable when the equations relating the
data values are less well defined — in water systems and chemical plants for example.
When the state estimator cannot reach a result because of corruption or insufficient
data a second technique is brought into play. This is the suggestion of pseudo-
measurements, which are rough guesses (generally based on statistics) as to what the
corrupt or missing readings should be. Using these pseudo-measurements the state
estimator can come up with an improved guess about the true state of the network.
3
Vulnerabilities of SCADA Systems
Although there has been a lot of hype about the prospect of cyber-terrorists taking
control of SCADA systems
1
, there remains a very real threat to them from insiders
and outsiders. Power and energy companies are frequent targets of attacks and ap-
proximately 60% of them experienced at least one severe security alert in the last six
months [9]. There have also been a couple of incidents in the last few years where
SCADA systems have been severely compromised
2
:
•
In November 2001 an attacker used the Internet, a wireless radio and stolen control
software to release up approximately one million liters of raw sewage into the river
and coastal waters of Maroochydore in Queensland, Australia.
•
In 1994 an attacker broke into the computers of an Arizona water facility: the Salt
River Project in the Phoenix area
.
In addition to outside attacks there is also a threat from insiders
3
, whose greater
technical knowledge enables them to do greater damage to the system. Operator errors
are also a frequent source of disruption.
Once an attacker is inside an electricity SCADA system, there are a number of ma-
licious actions that they can perform:
•
Changing data values.
By manipulating data readings an attacker can deceive the
operators about the power and voltages on the network. If an operator acts on the
false information, they can put the electricity network into a dangerous state.
•
Changing control signals.
An attacker could block control signals and issue false
confirmations. Operators would be lead to think that breakers are closed when they
are open or that a transformer is malfunctioning when it is not.
•
Opening breakers.
The attacker could take direct control of the network and send
control signals to shut parts of it down. The operators' attempts to restart the net-
work could be blocked with a denial of service over the SCADA system.
1
See [11] for a critical assessment of this hype.
2
These examples are taken from [13] and [11]. More information about electricity vulnerabili-
ties can be found in [12].
3
The most recent dti survey [4] reports that 48% of large businesses blame their worst security
incident on insider activity.
