Worldwide Map of Internet Connected SCADA Systems

Every once in a while you run across some information that should not be accessible from the internet, and SCADA systems are by far no exception. Researchers from Free University Berlin are working on a stunning project of mapping internet accessible SCADA Systems worldwide using Shodan and a custom search program.

And… Their map includes sites that contain known vulnerabilities!

According to the project website SCADACS.org, their Industrial Risk Assessment Map (IRAM) “visualizes the approximate geospatial locations of ICS/SCADA and BMS network interfaces found on the Internet. Currently, we use Google Earth and Google Maps for this purpose.”

The custom map allows a user to “browse for ICS/SCADA systems by location and by keyword, and to drill down on information the map backend gathers on these systems from open sources. One such source is the Shodan computer search engine. Another source of information is the alpha version of our own crawler which covers services the Shodan engine does not cover.”

And as you can see from their video above, this map information backend includes a list of known vulnerabilities. Yes the video shows two locations that contain vulnerabilities, one in Austria and another in the US. But before you get too excited, these locations have been tagged as no longer publicly accessible.

So, how big a problem is internet connected SCADA systems, how many are there in Europe?

Oh, a few:

SCADA Systems Europe

Okay, how about America?

SCADA Systems USA

With all the hype about a “Cyber Pearl Harbor” (when Chinese hackers take over our country, kills our power and takes away FaceBook), that doesn’t really look so bad.

But there is a catch.

According to an exceptional article titled “The Great Cyberscare: Why the Pentagon is razzmatazzing you about those big bad Chinese hackers” by Dr. Thomas Rid (Reader in War Studies at King’s College London), the map only displays German manufactured systems:

“The United States looks as if it has the measles. But note that the map is incomplete: It is biased towards German products, the project’s founder told me. If that flaw can be fixed, the United States and other countries would look as bloody red as Germany does already.”

So there is definitely a lot of work to do in securing America’s public systems. Some good news is that the Pentagon plans to create 100 defensive cyber teams by 2015. Of the 100, thirteen teams will focus on defending our national infrastructure:

National mission forces will employ 13 teams focused on securing U.S. private networks powering critical infrastructure such as transportation systems and other vital industries.

Hopefully this will be done sooner, rather than later.

A sanitized public Google Maps and Google Earth version of the IRAM map can be located at SCADACS website.

Advertisements

US Power Stations hit by Viruses, DoD seeks to Jump the Gap into Secure Networks

 US Power Plant

The Control Systems of two American Power Stations were infected by viruses according to a report by the US Department of Homeland Security (ICS-CERT). Both were infected by USB drive based viruses. Interestingly enough, this is the same way Stuxnet was allowed to infect Iran’s air gaped secure network.

The US military is also looking at other ways to gain access to secure networks by “Jumping the Gap”.

Iran’s nuclear enrichment facilities were protected against outside attack, so they thought, because they used a closed or air gaped network. There was no physical network connections between the secured computers and the outside world. But Stuxnet, the virus that successfully attacked and hindered Iranian nuclear ambitions infiltrated the “air gap” via USB flash drive.

As America pushes to secure their critical infrastructure and SCADA systems from outside attacks, these two unnamed power plants were both infected late last year from internal threats.

One of the viruses seemed to have been brought in via USB drive by a third party contractor, infecting the control system with a crimeware type virus that infected 10 networked computers.

But the second is more concerning. The virus somehow infected a maintenance workers USB drive and two critical workstations:

Investigators found sophisticated although unspecified malware on two engineering workstations associated with running critical applications. The subsequent cleanup operation was complicated by a lack of backups.”

Though both of these infections were via USB flash drives, which are banned in most secure facilities(?!?!?), the ability to infect closed secured systems via alternate methods is of great interest to the military.

Recently, reps from 60 tech companies attended a government planning day hosted by the Army’s Intelligence and Information Warfare Directorate (I2WD) to discuss new methods of cyber and electronic warfare.

Included in the discussion were high tech methods to infiltrate secure networks without being physically present via RF and electromagnetic distortions using ground based and aerial units:

“Imagine being able to roll a vehicle near a facility, sit for a short period while inserting a worm, and leave without having to buy off any employee or sneak anything past an attentive guard. Better yet, a stealthy unmanned aerial vehicle could be quietly flown far above a facility to insert code even in contested airspace.”

Electronic warfare and cyber are two of the top areas of concern to the modern war fighter. “We have to understand better the electromagnetic spectrum,” said Admiral Jon Greenert, Chief of Naval Operations, “Cyber, our radar and communication, everything. If you control the electromagnetic spectrum, you control the fight.”

Imagine the possibilities of infiltrating a secured wired network by sniffing and manipulating electromagnetic waves. Next to the military’s targetable EMP beam weapon, this has to be the most fascinating cyber warfare research currently being undertaken.