Yea, It is fascinating the damage that can be caused by a pump ignoring the upper limit switch on a water reservoir, and the subsequent damage to the foundations....
I hope you're able to get your managers to listen.... Kindest regards, Doug Jackson em: [email protected] ph: 0414 986878 Follow my amateur radio adventures at vk1zdj.net On Sun, 27 Jul 2025 at 13:10, Devin <[email protected]> wrote: > Thank you for the information. Sadly i wish we were on the "soft and > squishy" security model as you describe it. Ive raised concerns, and its > not been made a priority. Most of what we have is very dumb 1200 baud > packet modems, all the stations get polled by a central station and they > just reply with sensor readings and levels. This is changing with some of > our newer models of plc tech, but of course if its not broke, why replace > it? That 15 year old plc is just fine dont change it.... Adoption of our > latest more secure hardware is extremely slow. Interesting to hear the > security concerns you mentioned. > > I had gone to defcon, they had a neat little model of a city there you > could try to wreck. The whole city was run by different plc vendors, > intentionally set up insecure, so you could break in, kill the power, > overflow wells etc. Nice illistrative example of whats at stake. > > --Devin D.. > > > On July 25, 2025 9:12:40 PM EDT, Doug Jackson via cctalk < > [email protected]> wrote: > >> As part of my day job, I have been involved with ethical hacking of some >> SCADA environments. >> >> Typically, they use encrypted radios for communicating with remote sites. >> The RF side is pretty good. But, once you are at a remote site and you >> open an outside control box beside some pumps, they almost never have the >> alarm sensors configured and you can access the data side of the encrypted >> radio. Once there, everything is like a university network (hard on the >> outside, soft and squishy inside)! >> >> And because it's SCADA, nobody flashes firmware or does other upgrades, >> because they are scared of the system coming down. So the list of open >> exploits is massive. Sometimes they even trust network traffic coming in >> from the SCADA environment because they think it's secure, and it provides >> a useful launchpad into the corporate network..... Then it gets fun. >> >> Kindest regards, >> >> Doug Jackson >> >> em: [email protected] >> ph: 0414 986878 >> >> Follow my amateur radio adventures at vk1zdj.net >> >> >> >> On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <[email protected]> >> wrote: >> >> On 7/25/25 15:28, Fred Cisin via cctalk wrote: >>> >>>> Also, way back, there was a case where a SCADA >>>>> manufacturer thought some of their gear was being bought >>>>> for the trans-Siberia pipeline, and couldn't be sold for >>>>> that under trade restrictions. Somebody at that company >>>>> got in touch with a contact at the CIA, and asked if they >>>>> wanted to insert a "feature" into those units. They put >>>>> in a time bomb that was essentially the same as the Y2K >>>>> shutdown, and blew up the entire pipeline when all the >>>>> valves slammed shut at the same time. This info was >>>>> reported by the famous Jack Anderson in the Washington Post. >>>>> >>>> >>>> That's not just a nasty prank, that is an act of war. >>>> >>> >>> Well, this was during the "cold" war. This prank moved the >>> meter toward the hot side a bit. But, the Russians couldn't >>> really complain, they KNEW they were taking a risk to try to >>> circumvent trade restrictions. >>> >>> Get hold of the book Spycraft" by Robert Wallace and H. >>> Keith Melton, there are a bunch of similar stories described >>> there. >>> >>> Jon >>> >>>
