SCADA, also known as Supervisory control and data acquisition is unfortunately used with critical infrastructure, like power grids. So, how do you shut down a power grid?
We will give you one horribly insecure example where a country connected their electric grid to the internet. Their admin backend where you can shutdown the power of different sections of the country, was exposed through Google cache, which let anyone have the ability to shutdown their power.
Now why didn’t researchers of this country discover this? Because they threaten to kill anyone who they deem to have hacked their site that lives in their country, however their threat model did not account in that the rest of the world may discover their electric grid issues.
In our mind this is so insecure it isn’t a hack, because if Google can access it and you access it on Google’s property, then you’re accessing it on Google’s servers, rather than hacking the companies servers.
How do you avoid this highly insecure setup?
Well, first if you have anything sensitive, do not connect it to the internet. Secondly, do not have SCADA online, for crying out loud. If you want to be hacked, then sure by all means go ahead, but this was so insecure you should never do this.
This is one very simple, glaring issue of how a system used for critical infrastructure can be used the way it was designed to shut it down, yet they didn’t consider they were designing it for others to use when they made it.
We will be writing more on SCADA in the near future.