Mike, Yes, I doubt that a major system was wifi enabled but I had to ask. Cant know if you don't ask right? =)
Anyhow, I don't doubt that smaller systems (SCADA and DCS) are wifi enabled, or if they will start becoming enabled. I am somewhat confused, the DCS you are referring to is just a Win based system, or WiFi enabled as well? Cheers, Geoff Shively, CHO PivX Solutions, LLC Are You Secure? http://www.pivx.com ----- Original Message ----- From: "Mike Outmesguine [hiptop]" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 5:47 PM Subject: Re: [SOCALWUG] Power outages related to DCOM Worm, WiFi accessible? > You give a lot of credit to the power industry. Most scada systems are > being used for building control of hvac and other environmental > controls. > > And distributed control is currently very limited in scale. The largest > dcs system I know of has about 10 megawatts operating. The new york > area was using 28,000 megawatts before the blackout. > > It is unlikely that the New York ISO has the whole NorthEast on a WiFi'd > win2k computer. > > This will all change in the next few years of course. Hint: watch > cisco. > > > On Fri, 15 Aug 2003 4:36PM -0800, Geoff Shively wrote: > > Power outages related to DCOM Worm, are SCADA and DCS WiFi Accessible? > > Some > > have said that they are accessible via WiFi and a potential attacker > > could > > break protection mechanisms thus gaining access to control and acquired > > data. Is there any truth to this, any SCADA, DCS, or HMI experts on the > > list? > > > > Furthermore, there has been allot of talk on bugtraq, full disclosure, > > and > > dsheild about the latest American power crisis being caused by > > malicious > > computer activities or worm. > > > > A bit of background on the systems that control power facilities. > > Distributed control systems (DCS) and supervisory control and data > > acquisition (SCADA) systems are the key elements of facility control. > > remote > > terminal units "RTU". SCADA runs under Win2000 / XP and the telemetry > > to > > the RTU is accessible via the Internet. > > > > SCADA (Supervisory Control And Data Acquisition) and DCS (Distributed > > Control Systems) are highly vulnerable to attack. An attacker could > > very > > well penetrate these systems to make changes or implement simple > > scripts to > > cause a legitimate operator to make unnecessary changes to a large > > scale > > power grid. These changes could result in massive failure causing an > > international power crisis. > > > > Be it from a worm or home grown hack, these latest power failures were > > unlikely to have been caused by a physical failure that would have > > surfaced > > by now. Power failures from the years past have brought about > > legislation > > and system changes that deal with most large scale issues as they arise > > to > > mitigate risk of large scale failure, whatever happened this time was a > > new > > problem the industry was not prepared for. > > > > We know that SCADA and DCS systems are supplied by one of 5 major > > vendors > > and these system are advertised on the vendors websites to run > > Microsoft > > Windows versions 95, 2000 and NT. Also advertised is DCOM and RPC > > support > > within these systems, RPC/DCOM recently became famous as the > > Lovsan/Blaster > > worm exploited this protocol to spread across the internet. With this > > said > > it is likely that an infected system infected a SCADA or DCS, and could > > be > > why we are seeing large scale outages across the country. This is not a > > Microsoft problem as many would like to say, though it is a problem > > with > > patch management. > > > > Below is documentation on the problem, the first one sums up the > > problem > > nicely (DCOM > > and SCADA white papers): > > > > http://www.automationtechies.com/sitepages/pid641.php > > > > http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/ > > > > http://www.scada-system.com/scada-software-windows.htm > > > > http://www.data-acquisition-software.com/index.htm > > > > Cheers, > > > > Geoff Shively, CHO > > PivX Solutions, LLC > > > > Are You Secure? > > http://www.pivx.com > -- > Mike Outmesguine > TransStellar, Inc. > > ** Complete Technology Services ** > > www.TransStellar.com > [EMAIL PROTECTED] > > Confidentiality applies to this message. >
