Aerospace and Electronic Systems Magazine May 2017 - 32

Security of SCADA Systems against Cyber-Physical Attacks
cious program caused the pressure in the pipeline to increase far
beyond an acceptable level, leading to an explosion with the power
of 3 kilotons of TNT [57].

Salt River Project Hack (1994)
Between July 8 and August 31, 1994, Lane Jarrett Davis gained unauthorized access to the computer network of the Salt River Project
using a dialup modem, enabling him to steal and alter essential
information such as water and power monitoring and delivery, customer information, and computer system log files [57]. The hacker
also installed a backdoor to the system so that he could access the
system later.

Russian Gas Pipelines (1999)
In 1999, hackers broke into Gazprom, the largest Russian gas company, through collaboration with a disgruntled employee [33]. It
was believed that the attackers used a Trojan horse to gain control of the central switchboard responsible for controlling gas flow
through the pipelines. This incident was reported in 2000 by the
Interior Ministry of Russia [42], [58], [59].

Maroochy Water Breach (2000)
In 2000, Vitek Boden, a disgruntled ex-employee, used a laptop
computer and a radio transmitter to take control of 150 sewage
pumping stations in Maroochy Shire, Queensland, Australia [43].
Over 3 months, he released 1 million liters of untreated sewage
into a stormwater drain, from which it flowed to local waterways.
The attack was motivated by revenge after he failed to obtain a job
at the Maroochy Shire Council.

Slammer Worm Crashed Ohio Nuke Plant Network (2003)
In January 2003, a Slammer worm penetrated a private computer
network at Ohio's Davis-Besse nuclear power plant and disabled
a safety monitoring system for nearly 5 hours, despite a belief by
plant personnel that the network was protected by a firewall [46],
[54]. The Slammer worm spread from the enterprise network to the
SCADA network by exploiting the vulnerabilities of the MS-SQL.
It was reported that process computers had crashed for hours, exacerbating the system operators' triage and repair.

Taum Sauk Hydroelectric Power Station Failure (2005)
The Taum Sauk incident in December 14, 2005, was not an attack
but instead a failure of a hydroelectric power station [60]. Various
explanations, including design or construction flaws, instrumentation malfunction, and human error, have been attributed to the
catastrophic failure of an upper reservoir. It was reported in [60]
that the sensors failed to indicate that the reservoir was full and the
pumps were not shut down until the water overflowed for about
5-6 min. This overflow undermined the parapet wall, resulting in
the collapse of the reservoir. Though this incident was (apparently)
not an attack, the idea behind it could be exploited to perform undetectable attacks in safety-critical infrastructures. For example,
the authors in [35] have suggest a means for a stealthy attack on
32

a SCADA water irrigation canal by sending compromised sensor
measurements to the control center.

Cyber Incident Blamed for Nuclear Power Plant Shutdown
(2008)
In March 2008, a nuclear power plant in Georgia was forced into
an emergency shutdown for 48 hours because a computer used to
monitor chemical and diagnostic data from the corporate network
rebooted after a software update [51]. When the updated computer
restarted, it reset the data on the control system. The safety systems
interpreted the lack of data as lowering of the levels in the water
reservoirs that cool the plant's radioactive nuclear fuel rods, thus
triggering a system shutdown.

Electricity Grid in U.S. Penetrated by Spies (2009)
The Wall Street Journal reported on April 8, 2009, that cyber spies
had penetrated the U.S. electric power grid and left behind a software program that could be used to disrupt the system [61]. On
August 14, 2003, the Northeast and Midwest regions of the United
States and some provinces in Canada suffered a serious blackout
because of a software bug [52]. These incidents have raised concerns about the security of electric power grids, because disrupting
national power systems might cause catastrophic damage.

Stuxnet Virus (2010)
Stuxnet [47], [62] is a computer worm that was primarily written to target Iranian nuclear centrifuges. Its final goal is to disrupt ICSs by modifying programs implemented on PLCs to make
them work in a manner that the attacker intended and to hide
those changes from system operators. It is believed that Stuxnet
is introduced to a computer network through an infected removable drive. The virus, once in a Windows computer, installs its
own drivers by using stolen certificates from well-known companies, JMicron and Realtek. To hide itself while spreading across
the network and realizing the final target, the virus installs a Windows rootkit by exploiting four 0-day vulnerabilities. To hide itself in the PLC environment, Stuxnet uses the first known PLC
rootkit. More information about how the virus propagates from a
Windows computer to the PLC environment can be found in [47]
and [62]. The success of the virus in penetrating the PLC environment shows that traditional security measures are not sufficient for the complete protection of safety-critical infrastructures
[41], [58], [63].

Duqu (2011) and Flame (2012)
Duqu and Flame [48] are computer malwares that were discovered
in 2011 and 2012, respectively. It has been reported that Duqu is
nearly identical to Stuxnet but with a different purpose. The goal
of Duqu is to collect information that could be useful in attacking
ICSs later. Similar to Stuxnet and Duqu, Flame uses rootkit functionality to evade information security methods. Unlike Stuxnet,
which was designed to sabotage ICSs, the target of Flame is to
gather technical diagrams such as AutoCAD drawings, PDFs, and
text files. Though Duqu and Flame were not designed to target

IEEE A&E SYSTEMS MAGAZINE

MAY 2017

Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine May 2017