SlideShare ist ein Scribd-Unternehmen logo

Maroochy water breach

Als PPTX, PDF herunterladen
S
sommerville-videos

Slides to accompany video. Describes cybersecurity case study of an attack on critical infrastructure

TechnologieBusiness
1 von 17
Maroochy SCADA attack, 2013 Slide 1 Cybersecurity Case Study Maroochy water breach http://www.slideshare.net/sommervi/cs5032- case-study-maroochy-water-breach
Maroochy SCADA attack, 2013 Slide 2 Maroochy Shire Image credit: http://www.hinterlandtourism.com.au/attractions/the-maroochy-river/
Maroochy SCADA attack, 2013 Slide 3 Maroochy shire sewage system • SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999 • In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage
Maroochy SCADA attack, 2013 Slide 4 SCADA setup Typical SCADA-controlled sewage system This is not the system that was attacked
Maroochy SCADA attack, 2013 Slide 5 SCADA sewage control • Special-purpose control computer at each station to control valves and alarms • Each system communicates with and is controlled by central control centre • Communications between pumping stations and control centre by radio, rather than wired network
Maroochy SCADA attack, 2013 Slide 6 What happened More than 1m litres of untreated sewage released into waterways and local parks
Maroochy SCADA attack, 2013 Slide 7 Technical problems • Sewage pumps not operating when they should have been • Alarms failed to report problems to control centre • Communication difficulties between the control centre and pumping stations
Maroochy SCADA attack, 2013 Slide 8 Insider attack • Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation. • He left in 1999 after disagreements with the company. • He tried to get a job with local Council but was refused.
Maroochy SCADA attack, 2013 Slide 9 Revenge! • Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems – He hoped that Hunter Watertech would be blamed for the failure • Insiders don’t have to work inside an organisation!
Maroochy SCADA attack, 2013 Slide 10 What happened? Image credit: http://www.pimaweb.org/conference/april2003/pdfs/MythsAndF actsBehindCyberSecurity.pdf
Maroochy SCADA attack, 2013 Slide 11 How it happened • Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop • He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station • Insecure radio links were used to communicate with pumping stations and change their configurations
Maroochy SCADA attack, 2013 Slide 12 Incident timeline • Initially, the incidents were thought to have been caused by bugs in a newly installed system • However, analysis of communications suggested that the problems were being caused by deliberate interventions • Problems were always caused by a specific station id
Maroochy SCADA attack, 2013 Slide 13 Actions taken • System was configured so that that id was not used so messages from there had to be malicious • Boden as a disgruntled insider fell under suspicion and put under surveillance • Boden’s car was stopped after an incident and stolen hardware and radio system discovered
Maroochy SCADA attack, 2013 Slide 14 Causes of the problems • Installed SCADA system was completely insecure – No security requirements in contract with customer • Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software • Insecure radio links were used for communications
Maroochy SCADA attack, 2013 Slide 15 Causes of the problems • Lack of monitoring and logging made detection more difficult • No staff training to recognise cyber attacks • No incident response plan in place at Maroochy Council
Maroochy SCADA attack, 2013 Slide 16 Aftermath • On October 31, 2001 Vitek Boden was convicted of: – 26 counts of willfully using a computer to cause damage – 1 count of causing serious environment harm • Jailed for 2 years
Maroochy SCADA attack, 2013 Slide 17 Finding out more http://www.pimaweb.org/conference/april2 003/pdfs/MythsAndFactsBehindCyberSec urity.pdf http://harbor2harbour.com/?p=144 http://www.ifip.org/wcc2008/site/IFIPSampleChapter.p df http://csrc.nist.gov/groups/SMA/fisma/ics/documents/M aroochy-Water-Services-Case-Study_report.pdf

Empfohlen

Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
introduction of Cyber securit
introduction of Cyber securitintroduction of Cyber securit
introduction of Cyber securitMohammed Kassem
 
Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)AashishTanania
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeAccenture
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Phishing
PhishingPhishing
PhishingHHSome
 

Empfohlen

Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
introduction of Cyber securit
introduction of Cyber securitintroduction of Cyber securit
introduction of Cyber securitMohammed Kassem
 
Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)Cyber Security Presentation By(Aashish Tanania)
Cyber Security Presentation By(Aashish Tanania)AashishTanania
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeAccenture
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Phishing
PhishingPhishing
PhishingHHSome
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Cyber security
Cyber security Cyber security
Cyber securityTanu Basoiya
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION Yash Shukla
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Cybercrime
CybercrimeCybercrime
CybercrimeVansh Verma
 
Perimeter security solutions
Perimeter security solutionsPerimeter security solutions
Perimeter security solutionsbappyni
 
Materi Pelatihan analisa malware
Materi Pelatihan analisa malwareMateri Pelatihan analisa malware
Materi Pelatihan analisa malwareSetia Juli Irzal Ismail
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxAnshumaanTiwari2
 
Windows Hacking
Windows HackingWindows Hacking
Windows HackingMayur Sutariya
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMd. Atiqur Rahman
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Physical security
Physical securityPhysical security
Physical securityTariq Mahmood
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 

Weitere ähnliche Inhalte

Was ist angesagt?

7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION Yash Shukla
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Perimeter security solutions
Perimeter security solutionsPerimeter security solutions
Perimeter security solutionsbappyni
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxAnshumaanTiwari2
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 

Was ist angesagt? (20)

7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
Cyber security
Cyber security Cyber security
Cyber security
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
Dmz
Dmz Dmz
Dmz
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Perimeter security solutions
Perimeter security solutionsPerimeter security solutions
Perimeter security solutions
 
Materi Pelatihan analisa malware
Materi Pelatihan analisa malwareMateri Pelatihan analisa malware
Materi Pelatihan analisa malware
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Windows Hacking
Windows HackingWindows Hacking
Windows Hacking
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 
Physical security
Physical securityPhysical security
Physical security
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 

Andere mochten auch

Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
Rapid elearning tools and techniques
Rapid elearning tools and techniquesRapid elearning tools and techniques
Rapid elearning tools and techniquesSteve Rayson
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 

Andere mochten auch (20)

Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
Rapid elearning tools and techniques
Rapid elearning tools and techniquesRapid elearning tools and techniques
Rapid elearning tools and techniques
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System safety
System safetySystem safety
System safety
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 

Ähnlich wie Maroochy water breach

LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...
LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...
LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...Silvair
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Io t based water level monitoring system of dams in
Io t based water level monitoring system of dams inIo t based water level monitoring system of dams in
Io t based water level monitoring system of dams insangamesh kumbar
 
APPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCY
APPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCYAPPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCY
APPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCYiQHub
 
Final presentation es1
Final presentation es1Final presentation es1
Final presentation es1Waed Shagareen
 
THE SMART BRIDGE ECE.pptx
THE SMART BRIDGE ECE.pptxTHE SMART BRIDGE ECE.pptx
THE SMART BRIDGE ECE.pptxAryanPandita10
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
Remote monitoring of noxious gases and automated control
Remote monitoring of noxious gases and automated controlRemote monitoring of noxious gases and automated control
Remote monitoring of noxious gases and automated controlPINAKI ROY
 
Tollgrade LightHouse Asset Management Techniques Using Smart Grid Sensors
Tollgrade LightHouse Asset Management Techniques Using Smart Grid SensorsTollgrade LightHouse Asset Management Techniques Using Smart Grid Sensors
Tollgrade LightHouse Asset Management Techniques Using Smart Grid SensorsTollgrade Communications
 
IRJET - Smart Drainage Management System
IRJET - Smart Drainage Management SystemIRJET - Smart Drainage Management System
IRJET - Smart Drainage Management SystemIRJET Journal
 
Intern PPT on signal and telecommunication
Intern PPT on signal and telecommunicationIntern PPT on signal and telecommunication
Intern PPT on signal and telecommunicationthaangu2003
 
Wireless Water Monitoring System
Wireless Water Monitoring SystemWireless Water Monitoring System
Wireless Water Monitoring SystemPraveen Sharma
 
Mini Project Presentaion
Mini Project Presentaion Mini Project Presentaion
Mini Project Presentaion Sai Mani
 
VIP Water Success Story
VIP Water Success StoryVIP Water Success Story
VIP Water Success StoryJoel Gil
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA SystemInductive Automation
 
Power Theft Detection Using IOT
Power Theft Detection Using IOTPower Theft Detection Using IOT
Power Theft Detection Using IOTSWAPNILCHAVAN28596
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA SystemInductive Automation
 

Ähnlich wie Maroochy water breach (20)

LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...
LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...
LFI18-Solving the challenges of commissioning a wireless lighting infrastruc...
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
Io t based water level monitoring system of dams in
Io t based water level monitoring system of dams inIo t based water level monitoring system of dams in
Io t based water level monitoring system of dams in
 
APPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCY
APPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCYAPPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCY
APPLYING DIGITAL METERING & REMOTE SENSORS TO DELIVER OPERATIONAL EFFICIENCY
 
Final presentation es1
Final presentation es1Final presentation es1
Final presentation es1
 
THE SMART BRIDGE ECE.pptx
THE SMART BRIDGE ECE.pptxTHE SMART BRIDGE ECE.pptx
THE SMART BRIDGE ECE.pptx
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
 
Remote monitoring of noxious gases and automated control
Remote monitoring of noxious gases and automated controlRemote monitoring of noxious gases and automated control
Remote monitoring of noxious gases and automated control
 
Tollgrade LightHouse Asset Management Techniques Using Smart Grid Sensors
Tollgrade LightHouse Asset Management Techniques Using Smart Grid SensorsTollgrade LightHouse Asset Management Techniques Using Smart Grid Sensors
Tollgrade LightHouse Asset Management Techniques Using Smart Grid Sensors
 
IRJET - Smart Drainage Management System
IRJET - Smart Drainage Management SystemIRJET - Smart Drainage Management System
IRJET - Smart Drainage Management System
 
Intern PPT on signal and telecommunication
Intern PPT on signal and telecommunicationIntern PPT on signal and telecommunication
Intern PPT on signal and telecommunication
 
Wireless Water Monitoring System
Wireless Water Monitoring SystemWireless Water Monitoring System
Wireless Water Monitoring System
 
Mini Project Presentaion
Mini Project Presentaion Mini Project Presentaion
Mini Project Presentaion
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
VIP Water Success Story
VIP Water Success StoryVIP Water Success Story
VIP Water Success Story
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System
 
Power Theft Detection Using IOT
Power Theft Detection Using IOTPower Theft Detection Using IOT
Power Theft Detection Using IOT
 
10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System10 Steps to Architecting a Sustainable SCADA System
10 Steps to Architecting a Sustainable SCADA System
 
Scada security
Scada securityScada security
Scada security
 

Mehr von sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Mehr von sommerville-videos (20)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 
System security
System securitySystem security
System security
 
System dependability
System dependabilitySystem dependability
System dependability
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Maroochy water breach

  • 1. Maroochy SCADA attack, 2013 Slide 1 Cybersecurity Case Study Maroochy water breach http://www.slideshare.net/sommervi/cs5032- case-study-maroochy-water-breach
  • 2. Maroochy SCADA attack, 2013 Slide 2 Maroochy Shire Image credit: http://www.hinterlandtourism.com.au/attractions/the-maroochy-river/
  • 3. Maroochy SCADA attack, 2013 Slide 3 Maroochy shire sewage system • SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999 • In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage
  • 4. Maroochy SCADA attack, 2013 Slide 4 SCADA setup Typical SCADA-controlled sewage system This is not the system that was attacked
  • 5. Maroochy SCADA attack, 2013 Slide 5 SCADA sewage control • Special-purpose control computer at each station to control valves and alarms • Each system communicates with and is controlled by central control centre • Communications between pumping stations and control centre by radio, rather than wired network
  • 6. Maroochy SCADA attack, 2013 Slide 6 What happened More than 1m litres of untreated sewage released into waterways and local parks
  • 7. Maroochy SCADA attack, 2013 Slide 7 Technical problems • Sewage pumps not operating when they should have been • Alarms failed to report problems to control centre • Communication difficulties between the control centre and pumping stations
  • 8. Maroochy SCADA attack, 2013 Slide 8 Insider attack • Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation. • He left in 1999 after disagreements with the company. • He tried to get a job with local Council but was refused.
  • 9. Maroochy SCADA attack, 2013 Slide 9 Revenge! • Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems – He hoped that Hunter Watertech would be blamed for the failure • Insiders don’t have to work inside an organisation!
  • 10. Maroochy SCADA attack, 2013 Slide 10 What happened? Image credit: http://www.pimaweb.org/conference/april2003/pdfs/MythsAndF actsBehindCyberSecurity.pdf
  • 11. Maroochy SCADA attack, 2013 Slide 11 How it happened • Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop • He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station • Insecure radio links were used to communicate with pumping stations and change their configurations
  • 12. Maroochy SCADA attack, 2013 Slide 12 Incident timeline • Initially, the incidents were thought to have been caused by bugs in a newly installed system • However, analysis of communications suggested that the problems were being caused by deliberate interventions • Problems were always caused by a specific station id
  • 13. Maroochy SCADA attack, 2013 Slide 13 Actions taken • System was configured so that that id was not used so messages from there had to be malicious • Boden as a disgruntled insider fell under suspicion and put under surveillance • Boden’s car was stopped after an incident and stolen hardware and radio system discovered
  • 14. Maroochy SCADA attack, 2013 Slide 14 Causes of the problems • Installed SCADA system was completely insecure – No security requirements in contract with customer • Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software • Insecure radio links were used for communications
  • 15. Maroochy SCADA attack, 2013 Slide 15 Causes of the problems • Lack of monitoring and logging made detection more difficult • No staff training to recognise cyber attacks • No incident response plan in place at Maroochy Council
  • 16. Maroochy SCADA attack, 2013 Slide 16 Aftermath • On October 31, 2001 Vitek Boden was convicted of: – 26 counts of willfully using a computer to cause damage – 1 count of causing serious environment harm • Jailed for 2 years
  • 17. Maroochy SCADA attack, 2013 Slide 17 Finding out more http://www.pimaweb.org/conference/april2 003/pdfs/MythsAndFactsBehindCyberSec urity.pdf http://harbor2harbour.com/?p=144 http://www.ifip.org/wcc2008/site/IFIPSampleChapter.p df http://csrc.nist.gov/groups/SMA/fisma/ics/documents/M aroochy-Water-Services-Case-Study_report.pdf