Digital Conflict

By Kevin Coleman

Blog archive
Kevin Coleman

Attack on control systems may be on the horizon

Recently, information about a new cyberattack that targets schematics and blueprints became public. Some cybersecurity professionals believe that this attack was a reconnaissance mission, and the documents were badly needed intelligence to plan cyberattacks against control systems. The highly focused attack appears to have targeted AutoCAD files. AutoCAD is a popular computer-aided design software program. It supports drafting and also 2D- and 3D-design and modeling. This CAD software is commonly used within the aerospace and defense industries, and also in the energy sectors including the nuclear engineering thus increasing the concern over this attack.

Investigations into this new piece of malicious software have uncovered that the thousands of schematics and blueprints collected by the espionage malware were sent via e-mail to an inbox traced back to China. For some reason yet unknown the malicious software has a high degree of concentration in Latin America. According to the Latin American Economic Outlook 2012 report the Latin American region is expected to grow 4.1 percent economically this year.

This high growth could be one driver behind the concentration. Another consideration is the fact that industrial activities represent an important source of economic growth in that region. Current details about this attack would seemt o indicate that the broad nature of the document collection does not lend itself to the identification of a specific programmable logic controller (PLC), manufacturer of supervisory control and data acquisition (SCADA) equipment or distributed control (DC) system. We are very early in the investigation of this incident and information is quite limited. It will be interesting to see if there are cyberattacks against the systems and equipment associated with the stolen CAD files as the investigation evolves.

The most noted attack of this type is Stuxnet. Stuxnet was a sophisticated computer worm and Trojan that attacked a widely used industrial control system and it appears to have been aimed directly at the Iranian nuclear enrichment program. Cyber investigator Jeff Karr pointed out that it was the Stuxnet worm that attacks control systems that was responsible for disruption of the Indian Space Research Organization satellite INSAT 4B. When looking at who might have been responsible for this and other acts of cyber aggression, fingers are often pointed toward China and Pakistan. It is important to note that India learned from this and other cyberattacks and took defensive measures. These measure were responsible for stopping a 2010 SCADA system attack that targeted India and could have disrupted or damaged 70 rigs of the Oil and Natural Gas Corp. that operate within India.

The risk of this type of cyberattack on control systems has made it to the most senior levels in business, government, industry, homeland security and the military. Cyberattacks on PLCs, SCADA systems and DCs represent high value targets and worry government officials in many countries. To help mitigate this threat the National Institute of Standards provides guidance on establishing secure industrial control systems. In addition, a May 2012 article in Government Security News titled “The Danger of SCADA Vulnerability Exposure” points out that “government agencies, contractors and SCADA suppliers must continue to invest in defensive security measures to mitigate the risk of cyberattack.”

The vulnerability of controls systems to cyberattacks is now being addressed by industrial control and security industries. Just recently one vendor announced a SCADA firewall product – a giant step in the right direction. However, there is much more that is needed to reduce the risks of control system attacks resulting in service disruptions. The big question: Do we have enough time before a serious cyberattack is successful?

Posted by Kevin Coleman on Jun 28, 2012 at 12:54 PM


Reader Comments

Mon, Aug 6, 2012

Of course, SCADA vulnerabilities are serious. However, the Latin American information gathering might just be about economic and other intelligence, rather than cyber attacks. The Chinese and others use cyber methods extensively to gather intel for business and economic purposes - to gain in edge in diplomacy, in negotiations, in business dealings, etc.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Defense Systems eNewsletters