Chapter 48. Critical Infrastructure
About once a year, there’s a big commotion in the security press about attacks on utilities like the power grid. So far, I’ve never seen any evidence that there have been any significant issues. But that doesn’t mean it couldn’t happen.
First, it’s important to note that the people who design critical infrastructure IT control systems, usually called SCADA systems (Supervisory Control and Data Acquisition), care about these kinds of issues and take them into account when designing. For instance, such systems generally are not ever directly connected to the Internet.
However, there have been several studies showing weaknesses in critical infrastructure systems. I know of several instances in which systems were indirectly accessible from the Internet, despite the intentions of the system designers. For instance, if one computer has two networks, one cable leading to the SCADA system and another to the Internet, anyone on the Internet who breaks in to that machine can see the SCADA system. I have no doubt that there have been many instances in which bad guys have infected a machine that had another foot on a SCADA network, but nobody ever noticed.
What I wonder is how many people are actually looking to target nuclear power plants, the way they do on 24? Or shut down the Internet (which I’ve studied for a government project once…it’s a heck of a lot harder than you might think)?
Anyway, I am not panicking. I think things are mostly OK. Critical infrastructure ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
