Supervisory Control and Data Acquisition (SCADA) systems are used for remote monitoring and control in the delivery of essential services products such as electricity, natural gas, water, waste treatment and transportation. They used to be in closed networks, but nowadays more and more automation and control equipment are connected to Internet. Many of them are intentionally connected to allow remote operation and some are unintentionally connected to Internet. Many control systems connected to Internet have serious security issues (for example some have default passwords in them and some have known security vulnerabilities in their software).
Researchers at Aalto University did a study in January 2013 to look into the status of Finnish cyber-security. The researchers found 185 000 devices that answer to HTTP request in Finland. There is nothing wring in that. What is alarming that they which found in 2915 automation systems devices pretty openly connected to Internet in Finland (in re-check done in March 2013 some of them were not in network anymore, but still there were 1969 devices visible). Those open devices can be accessed from the public network and 60 per cent of found devices have known vulnerabilities. Also a number of devices have user names and passwords that are easy to get to know.
The conclusion on that was that you it would be well possible to interfere Finnish society with network attacks to open automation systems. Compromised systems were found in power plants, hospital, industrial automation systems, building automation, one prison and traffic control system. Most of the devices found hardly should be open on the Internet, because then they are vulnerable to attack.
For more details read the full report Suomen automaatioverkkojen haavoittuvuus – Raportti Internetissä julkisesti esillä olevista automaatiolaitteista. The report is written in Finnish. It is interesting reading.
The researchers used Shodan search engine to find those devices. The researchers used the information given by this search engine and did not try if those systems were hackable or not (that would have been illegal).
It is estimated that this search engine has mapped only 20 to 30 percent of Finland’s IP addresses, so in real life there are many more vulnerable devices connected to Internet in Finland. So it is well possible that in Finland would be up to 10 000 automation systems open to network attacks.
What is this Shodan the researchers used to get information on those devices? It is a special search engine that tries to map everything from desktop computers to network printers to Web servers connected to Internet. Over the past two years, Shodan has gathered data on nearly 100 million devices, recording their exact locations and the software systems that run them.
Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners (typically advertise service and version). Because Shodan makes locating devices in Internet easier. Cyber search engine Shodan exposes industrial control systems to new risks article tells that Homeland security officials have warned that the obscurity that had protected many industrial control systems was fast disappearing in a flood of digital light.
I also mentioned those dangers on my Security trends for 2013 article. The designers and installers who put together those automation systems should be more careful in what they do. And the people who buy those systems should also think about the safety (and demand it) instead just looking for the cheapest price. There are many ways to protect those devices and ways to do the communication through Internet safely. Advice to companies that use automation systems: check the protection of your systems.