Information Technology Reference
In-Depth Information
IRAN (2009)
Industrial processes such as chemical plants, oil and gas pipelines, and electrical power
grids require constant monitoring. In the precomputer era, monitoring was done by em-
ployees who watched gauges and warning lights, turned dials, and opened and closed
valves. Computers allowed the automation of centralized monitoring. In the 1980s, dis-
tributed control systems eliminated local control cabinets. Instead, networks carried
information to centralized control centers. Computer monitors with color-coded fields
replaced the gauges and warning lights. Initially, distributed control systems were pro-
prietary, but customers asked for “open systems, common protocols and vendor inter-
operability” [67]. They got what they wanted with the advent of supervisory control
and data acquisition (SCADA) systems based on the Internet protocol. Internet-based
SCADA systems are less expensive and are easier to maintain and administer than pro-
prietary systems (Figure 7.5). Another way to save money and time is to allow an outsider
to connect with the SCADA system remotely to perform diagnostics.
These advances carry with them security risks. Allowing remote diagnostics cre-
ates an opportunity for a malicious outsider to gain access. Many industrial machines
contain embedded microprocessors. Industrial machines last a long time, which means
many of these machines contain older microprocessors. Security patches designed to
ward off malware may not be available for these microprocessors, and even if they are
available, it may be impractical to install them because the processor is so slow that it
cannot run the security code and keep up with its machine-control responsibilities.
The Stuxnet worm, launched in 2009, attacked SCADA systems running Siemens
software [68]. The worm appeared to target five industrial facilities in Iran, and it may
have caused a temporary shutdown of Iran's nuclear program by infecting computers
FIGURE 7.5
Internet-based supervisory control and data acquisition systems can save money
and make systems easier to administer, but they also carry security risks.
(© p77/ZUMA
Press/Newscom)
