The appearance of Stuxnet opened many eyes to the vulnerabilities of SCADA Systems and Programmable Logic Controllers (PLCs). In 2010, Stuxnet was used to attack 5 Iranian organizations but most notably was the damage that was caused to Iran’s Uranium Enrichment process.
PLC’s are used in many different organizations for numerous systems and processes. It begs one to wonder, what else could be vulnerable to attacks?
How about prisons?
Well, according to a white paper released last week, jails and prisons could contain SCADA and PLC vulnerabilities. SCADA & PLC VULNERABILITIES IN CORRECTIONAL FACILITIES (pdf) written by Teague Newman, Tiffany Rad and John Strauchs explains how PLC’s are used in prisons and why they could be vulnerable to attack.
Prison systems have become very sophisticated. According to the paper, a single pneumatic sliding door could have up to 34 points to monitor. Add to that the sheer number of doors and throw in security and video systems (let’s not forget reduced staffing) and you can see why electronic monitoring and control is imperative.
If a prison PLC system could be exploited, prison doors could be opened allowing prisoners to escape, or doors could be forced closed creating safety issues. Also, all of the doors could be opened or closed at the same time damaging the control systems with an influx of a large amount of current.
But wouldn’t these systems be protected? Certainly, they would not be connected to the internet, and prisoners would not be able to access them.
Not necessarily so, according to the report:
A location our team surveyed, indeed, had connections to the Internet from in the Control Room. During our survey, a Control Room guard was accessing Gmail and commenting that there are problems with viruses and worm from guards accessing online images and movies. Additionally, many federal prisons use a ―security through obscurity‖ method by obscuring a data port under the legs of the control panel console.
We have found some points where prison Commissaries connect to network segments on which the PLCs are located. Some correctional facilities also provide Internet access for inmates. Granted, they are not connected to prison control and monitoring systems, but they are a point at which a vulnerability can be exploited, albeit difficult.
Finally, the authors were able to create exploits that worked in a few hours in a workshop lab that only cost $2500 dollars. With the danger and the relatively low cost of exploit development, it is imperative that these systems get checked out and hardened.
Re-evaluating security procedures and enforcing security policies should limit the chances that an attack would succeed. This also stresses the importance of non-energy based PLC users to take a good hard look at securing their systems.