Monday, 14 December 2009

Digital dangers in a wired world

By Lim Mi-jin, Kim Jeen-kyung
JoongAng Daily
December 14, 2009

It's the stuff of action flicks. In "Live Free or Die Hard," terrorists
paralyze the United States by taking over all transportation systems,
broadcasting, communications and the power grid. It’s a total shutdown
and only Bruce Willis can save the world from the evil hackers.

But the plot’s not a total fiction.

In today’s interconnected world, system after system can collapse if a
central computing facility such as a supervisory control and data
acquisition, or Scada, system fails. These Scada collect data from
sensors at plants and other remote locations and then send data to a
central computer that manages and controls data.

So what we saw in the last Die Hard movie has actually already been
experienced. Ask the Poles. In January last year, a subway train
derailed in Lodz injuring several passengers after a 14-year-old boy
hacked into the railway operation system. And look at what happened in
the United States in August 2003 when a virus called a "Blaster Worm"
found its way into the Scada for the power grid in the northeast of the
U.S. Around 5,000 people in seven states were injured in the ensuing
blackout. "Once you hack into the Scada, you can manipulate all the
water, electricity and gas supply systems," said Park Chan-am, 20, the
winner of a hacking protection competition held in Korea this year, part
of Codegate 2009, an international event.

Korea has already installed Scada systems in most facilities across the
country. These facilities control everything from reserving train
tickets to supplying electricity and air-conditioning. They even control
the floodgates of multipurpose dams and the quality of tap water in
Seoul.

And we have seen what can happen when things go wrong. On Nov. 27, the
electric power in the Korea Railroad Corporation building in
Bongnae-dong, central Seoul, went off at 5:21 p.m. Within a minute,
Korail had supplied emergency electric power but all systems for issuing
train tickets nationwide were halted for nearly two hours because the
computer server managing train ticket reservations and issuance that was
installed in the Korail building malfunctioned.

The situation was not life threatening but it caused a major
inconvenience for passengers trying to buy tickets.

Korea's largest Scada system in scale is Korea Electric Power
Corporation’s "smart grid," which will be test run from 2011. The system
will have sensors and cameras installed in existing power plants and
power grids. Those sensors and cameras are going to allow Scada to
control the volume of regional power supply and demand. In that way, the
proper amount of electricity is expected to be provided to each region
at that right time.

Experts say this measure could save energy but electric power supply
operation across the country could be paralyzed if the Scada is
compromised. "It is almost impossible to hack into the smart grid system
because it is operated by a remote Internet network and it has advanced
security facilities attached," said an official at Kepco who asked not
to be identified.

However, experts in the security industry said the system could be
breached. Security experts say safeguard measures have to be included in
a law related to the establishment of the smart grid. They cite the
example of an employee from a company in charge of disposing garbage
penetrated the Scada and released a large amount of waste in a river in
Queens-land, Australia. Apparently he had a grudge against the local
council.

"Terrible damage, such as a large-scale power blackout, is highly likely
if the system is attacked by hackers," said Lim Jong-in, a professor at
Korea University’s Graduate School of Information Management and
Security. "The planned bill has to be revised in order to arrange for a
high security budget and secure human resources."

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News