Real-time Operation systems and attacks

Question

I'm interested on kind of attacks which can be used on 'Industry Control Systems'.

I only have found that following malwares:

switching-off/disablement the systems
stole the information

What else consequences can be occurred?

Not directly related to your question, but one more issue is that many of these installations have relatively poor security measures - like default passwords, etc. and rely mainly one physical disconnection from other networks or security by obscurity (another explanation is that they are of the 'radar' of security personnel who traditionally target conventional IT systems) — Ophir Yoktan, Mar 22 '11 at 07:23

Rory Alsop · Accepted Answer · 2011-03-22T08:49:00.620

6

I think you really need to rethink the question, however to answer what I think you are asking (what effects can an attack on SCADA systems have) then the list would have to include:

Switching off Power
Information theft
Destruction of power plants (through overload, oscillation, over-pressure, disabling of safety cutouts etc - see the generator destruction video IOActive showed at Defcon)
Environmental damage (opening of oil pipelines, opening of hydroelectric valves incorrectly etc)
Processes running inefficiently (eg the effect Stuxnet had on centrifuges producing essential products for the nuclear industry)

Basically, anything that is controlled by a SCADA system is at risk - so it's kind of the same question as "what damage can an attack on an IT system do?" - it all depends on what the IT system does.

If you can clarify your question as per the FAQ, we could definitely give you more appropriate answers.

Update: Dozens of exploits released for SCADA systems. some more info for you.

edited Mar 22 '11 at 08:49

answered Mar 20 '11 at 19:16

Rory Alsop

61,367
12
115
320

Your answer is what I wanted to know! Thanks a lot! – davs Mar 20 '11 at 20:59
@davs - feel free to click the little tick icon on my answer. On stack exchange that works even better than thanks :-) – Rory Alsop Mar 20 '11 at 22:04
♦ : Ok. Sorry.. I've forgot :( – davs Mar 20 '11 at 22:37
@davs - no worries. welcome to security se. The FAQ is useful to read, both because it helps people to answer questions appropriately, but also because it can help you to write questions to get better answers. – Rory Alsop Mar 20 '11 at 22:54

score 0 · Answer 2 · answered Oct 10 '16 at 12:39

0

Seriuos economic problem for a country. Example the Siberian Gas Pipeline Explosion in 19821

answered Oct 10 '16 at 12:39

Henry Raúl González Brito

1
1

Can you provide some reference which backs that this explosion was the consequence of an cyberattack? – kaidentity Oct 10 '16 at 13:02
http://www.risidata.com/Database/Detail/cia-trojan-causes-siberian-gas-pipeline-explosion – Henry Raúl González Brito Oct 10 '16 at 15:05
http://www.zdnet.com/article/us-software-blew-up-russian-gas-pipeline/ – Henry Raúl González Brito Oct 10 '16 at 15:06
this things are secrets but ¿how know? Only in book of memories are exposed – Henry Raúl González Brito Oct 10 '16 at 15:08
This story is no longer considered credible by informed sources. https://skeptics.stackexchange.com/questions/44212/did-the-cia-blow-up-a-siberian-pipeline-in-1982 – Foo Bar Jun 19 '21 at 12:52

Real-time Operation systems and attacks

2 Answers2