No, I’m not talking physical borders here—I’m talking cyber borders. I’ve talked a number of times about the relative insecurity of Supervisory Control and Data Acquisition (SCADA) systems. My biggest personal concern is how leaks in these systems can affect people with special needs. At a minimum, implanted devices used by people today are open to hacking. However, there are some reports that say that hackers could eventually become murderers. I wrote Accessibility for Everybody: Understanding the Section 508 Accessibility Requirements with the idea that implanted devices and other aids should help people, not hurt them.
However, other sorts of devices are leaky. Just about any hacker could attack our water supply, power grid, or any other utility. A hacker could turn off your car engine by remote control, lock you into the car, and then do whatever nefarious deed seemed pleasant at the time. These posts aren’t meant to scare you as much as to inform you that the borders of your devices are wide open to attack in many cases. Yet, despite a huge number of newspaper articles, radio talk shows, government inquiries, and odd assorted other do nothing activities, surprisingly little has been done to secure anything.
It probably won’t surprise you to know that the latest casualty, in a long list of problematic devices, is the gas pump. Yep, your gas pump can turn against you. I hadn’t really thought about a gas pump as being anything particularly worthwhile to hack. Yes, you could possibly turn on the pump and get free gas or deny someone else their gas, but it really didn’t strike me as something that hackers would invest time in learning about. Actually, it turns out that gas pumps are connected to all sorts of monitors and messing with the pump can cause those monitors to go off. It doesn’t seem like alarms are anything to worry about either, but think about someone intent on disrupting the emergency services network in a city so that they can attack in some other way. While everyone is distracted with the gas pump spills that haven’t actually happened, someone could do something that would cause the city to go into overload because emergency services are already overwhelmed.
The thing that gets me about a lot of these deficiencies is that they aren’t caused by systems that are secured, but someone has manged to get into anyway. They’re caused by systems that have no security at all. That’s right—someone connected those gas pumps to the Internet so they could monitor them remotely and didn’t add any security at all. Someone who knows the right information can just walk right in and cause all sorts of mischief.
From direct attacks on our infrastructure, to feints used for distraction, to personal attacks, SCADA systems will let us down at some point. I’m surprised that we haven’t had a major issue so far. Perhaps someone is out there right now planning just the right sort of attack that’s designed to cause a maximum of damage. Until we make security a priority, these open systems will continue to pose a serious risk to everyone, whether you have special needs or not. Let me know your thoughts about insecure SCADA systems at [email protected].
