Internet Worm Targets SCADA
Stuxnet is a new Internet worm that specifically targets Siemens WinCC SCADA systems: used to control production at industrial plants such as oil rigs, refineries, electronics production, and so on. The worm seems to uploads plant info (schematics and production information) to an external website. Moreover, owners of these SCADA systems cannot change the default password because it would cause the software to break down.
Carlo Graziani • July 23, 2010 9:57 AM
There are so many baffling questions for me…
(1) Why do so many database applications use this 1985-style authentication model? Its dangerous brokenness has been un-ignorable since the events described in Stoll’s “The Cuckoo’s Egg”, where hundreds of VAXes with system passwords set to “SYSTEM” were targeted for espionage. It’s not just SCADA. Lots of applications do this, and lots are being written now that still do this. Why? Are the right people not being sued?
(2) On SCADA: Why are SCADA systems not on air-gapped networks? Is it really necessary for them to see the porn-net? If inbound remote access is required, couldn’t this be through a VPN served by a hardened OpenBSD citadel in a DMZ? And why do critical systems not have their USB ports silly-puttied shut?
Radical isolation of this stuff seems so obvious that I’m sure it’s more likely that I’m missing something than that SCADA admins are idiots. Does anyone here work with SCADA systems? What’s the deal?