SCADA Virus

Well, we knew that it had to happen sooner or later; the folks over at FindingsFromTheField.com are reporting on the first virus (more properly a Trojan) targeted at an industrial control system. Not unexpectedly the route of infection seems to be via USB sticks. There are indications that this is a very sophisticated attack vector; again as one would expect with anything targeted against control systems. It uses a new vulnerability; it is signed with a RealTek security signature, and it uses a Siemens password. Someone obviously knew what they were doing. I’m not going to try to discuss the technical details here. Andrew Ginter is an expert in the field so go read his detailed posting. What I am concerned about is the motivation of the virus writer. Typically virus writers are motivated by revenge, money, or status (not necessarily in that order). Each of these motivations has its own potential consequences for the chemical processing community. If someone is out for revenge against Siemens, for instance, then we would expect to see the technique freely released into the larger hacker community. The methods of making money from such a virus are also of concern as they include industrial data theft (espionage) or extortion. Probably the scariest situation would be if this attack came from the pure hacker community. If these folks have now started to target control systems then we can expect to see a number of different approaches being developed. We can almost think of these folks as the basic researchers of the trade. Any exploits that they develop in their attempts to out do their competitors will make their way into the criminal hacker tool boxes. In any case, those of us in the security side of the business now have a counter to the question of why we need to be concerned about control system security. Too often we have been asked why take the effort to secure control systems when they are too complex to deliberately attack? We always knew that there was no systems that was too complex to attack, now we have the proof.