An insider SCADA attack
For all the talk of attacks on SCADA systems (for those not in-the-know, those are systems used to control things like power plants and water pipelines), there have been few publicly acknowledged actual attacks. Probably the most famous was in Australia last year where an attack on the systems controlling a water treatment plant caused raw sewage to be dumped onto the beach.
There was also an article and video recently talking about how one could use an attack on a SCADA system to blow up a generator. Not clear to me whether that was just theatre, but in any case it wasn't an actual attack.
But this is an interesting case - an employee of a California water authority attacked the system and diverted water. It's interesting not because of the level of damage or the ease of causing damage, but because it was an insider attack. Lots of systems, including control systems and voting systems assume that the insiders are trustworthy, and only worry about outsider attacks. Just as I wrote about insiders and voting when viewed through the lens of the Washington DC real estate scandal, perhaps we need to reconsider insider SCADA attacks, which were previously ignored.
There was also an article and video recently talking about how one could use an attack on a SCADA system to blow up a generator. Not clear to me whether that was just theatre, but in any case it wasn't an actual attack.
But this is an interesting case - an employee of a California water authority attacked the system and diverted water. It's interesting not because of the level of damage or the ease of causing damage, but because it was an insider attack. Lots of systems, including control systems and voting systems assume that the insiders are trustworthy, and only worry about outsider attacks. Just as I wrote about insiders and voting when viewed through the lens of the Washington DC real estate scandal, perhaps we need to reconsider insider SCADA attacks, which were previously ignored.