Alessio L.R. Pennasilicomayhem@alba.sttwitter: mayhemsppFaceBook: alessio.pennasilico

Roma, 6 Aprile 2011

Sistemi SCADA e profili criminali

di cosa ci dobbiamo preoccupare?

Sistemi SCADA e profili criminali mayhem@alba.st

$ whois mayhem

Board of Directors:CLUSIT, Associazione Informatici Professionisti (AIP/OPSI),

Associazione Italiana Professionisti Sicurezza Informatica (AIPSI), Italian Linux Society (ILS), OpenBSD Italian User Group,

Hacker’s Profiling Project

2

Security Evangelist @

Sistemi SCADA e profili criminali mayhem@alba.st

Infrastrutture critiche

I sistemi SCADA possono gestire

automazione industriale

centrali elettriche

fornitura di gas o acqua

comunicazioni

trasporti

3

Di chi mi devo preoccupare?

Sistemi SCADA e profili criminali mayhem@alba.st

“Il sistema di gestione della centrale elettrica non r ispondeva. L’operatore stava guardando un DVD sul computer di gestione”

CSO di una utility di distribuzione energia elettrica

Blockbuster

5

Sistemi SCADA e profili criminali mayhem@alba.st

“In August 2003 Slammer infected a private computer network at the idled Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly five hours.”

Nist,Guide to SCADA

Worm

6

Sistemi SCADA e profili criminali mayhem@alba.st

Disgruntled employee

Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using

his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer.

http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/

7

Sistemi SCADA e profili criminali mayhem@alba.st

Gazprom

“Russian authorities revealed this week that Gazprom, a state-run gas utility, came

under the control of malicious hackers last year. […]The report said hackers used a

Trojan horse program, which stashes lines of harmful computer code in a benign-

looking program.”

http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106

8

Sistemi SCADA e profili criminali mayhem@alba.st

Sabotaggio

Thomas C. Reed, Ronald Regan’s Secretary, described in his book “At the abyss” how the U.S. arranged for the Soviets to receive

intentionally flawed SCADA software to manage their natural gas pipelines.

"The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds." A 3

kiloton explosion was the result, in 1982 in Siberia.

http://www.themoscowtimes.ru/stories/2004/03/18/014.html

9SCADA Security, Security Summit Milano – 11 Giugno 2009

R. Chiesa, F. Guasconi, A. Pennasilico, E. Tieghi

Sistemi SCADA e profili criminali mayhem@alba.st

Incidenti recenti

Texas: warning, zombies aheadTransportation officials in Texas are scrambling

to prevent hackers from changing messages on digital road signs after one sign in Austin

was altered to read, "Zombies Ahead."

Chris Lippincott, director of media relations for the Texas Department of Transportation, confirmed

that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into during the early hours of

January 19 2009."It was clever, kind of cute, but not what it was

intended for. Those signs are deployed for a reason — to improve traffic conditions, let folks

know there's a road closure."

10

Sistemi SCADA e profili criminali mayhem@alba.st

Injecting RDS-TMC

11

Sistemi SCADA e profili criminali mayhem@alba.st

Previsioni

Critical Infrastructure Prime Target For Cyber Criminals

The report, "Cyber Threats and Trends" seeks to aid education efforts about cyber security threats facing networks, enterprises and end-users by highlighting important trends that emerged in previous years, and attempts to predict security trends and disruptors that may develop in next years with lasting consequences for businesses in the coming decade.

http://www.secprodonline.com/articles/70136/

12

Sistemi SCADA e profili criminali mayhem@alba.st

Esempio di intrusione

13

fonte INL (Idaho National Lab – DHS US

14

Il wireless arriva in fabbrica

Smart Control Systems

Smart Analytical

Smart FinalControl

Smart AssetOptimization

Smart Safety

Smart Measurement

Smart MachineryHealth

Smart Wireless

Sistemi SCADA e profili criminali mayhem@alba.st

Stuxnet

Come intendiamo bloccare le minacce?

(pensiamo a quel che ha detto Dennis Bergstrom di Sonicwall prima di me)

15

Sistemi SCADA e profili criminali mayhem@alba.st

Profili

16

Sistemi SCADA e profili criminali mayhem@alba.st

Effetto delle leggi

17

Conclusioni

Sistemi SCADA e profili criminali mayhem@alba.st

Conclusioni

Tutte le infrastrutture sono a rischio

Collaboratori distratti o infedeliAttaccanti casuali, attaccanti motivati,

più o meno esperti

19

Sistemi SCADA e profili criminali mayhem@alba.st

Conclusioni

Gli strumenti tecnologici Le strategie organizzativeGli standard da seguire

per prevenire e mitigare rischi ed attacchi esistono!

20

Alessio L.R. Pennasilicomayhem@alba.sttwitter: mayhemsppFaceBook: alessio.pennasilico

Roma, 6 Aprile 2011

Domande?

These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)

Grazie per l’attenzione!