Vulnerabilities of Control Systems in Drinking Water Utilities John McNabb Notacon 9 (Hacking Illustrated Series InfoSec Tutorial Videos)
Vulnerabilities of Control Systems in Drinking Water Utilities John McNabb
Notacon 9
Synopsis
The control systems of public drinking water systems are vulnerable to
attack by malicious hackers. This has been shown through several penetration
tests and the reported attack (which later was not corroborated by a DHS
investigation) on an Illinois public drinking water system by foreign
hackers in November, 2011, the most recent publicly known cyber attack on a
drinking water utility. This talk will examine the many vectors of attack on
the IT systems of a drinking water utility, their vulnerabilities, proposed
defensive measures, and potential consequences of a malicious hacker attack.
The control systems, including the programmable logic controllers (PLC’s)
and the human machine interface (HMI), will be described. The talk will
discuss the many institutional, cultural, and financial obstacles to
ensuring that the national public drinking water infrastructure is
adequately protected from attacks by malicious hackers. The current threat
environment of the national drinking water infrastructure will be discussed,
including the repeated threats by Al Qaeda to poison the US drinking water
supply, along with existing programs to address those threats and finally a
discussion of what more needs to be done.
Bio
John McNabb is Principal of InfraSec Labs, which researches security of
critical infrastructures. He was an elected Water Commissioner for a small
New England drinking water utility for 13 years. His current research
focuses primarily on security of the drinking water infrastructure. He has
presented papers on that subject at Defcon 18 (Cyberterrorism and the
Security of the National Drinking Water Infrastructure), Defcon 19, Black
Hat, and Shmoocon. John has published several papers on drinking water
infrastructure issues and recently wrote a chapter on drinking water
security for the book Weapons of Mass Destruction and Terrorism, 2nd Edition
(McGraw-Hill, 2012).