Back in September 2011 2010 Ralph Langner had hard evidence that the Stuxnet code was fingerprinting and attacking a specific process in a PLC. After Ralph announced his findings, and we blogged on them extensively, it was weeks before it got seriously picked up in the automation press and about a month before it started hitting the mainstream press.
A year later the press is salivating for a “SCADA Hack” with two great examples in recent months. Duqu got immediate and massive coverage even though there has been no evidence it is more than a Remote Access Trojan that happened to reuse some of the Stuxnet code. This factor warranted the initial attention, but it is still being treated by many as Stuxnet II for no apparent technical reason related to ICS.
Last week we had the Springfield Water System Hack making it high up on the Drudge Report and all over the mainstream press. This is a minor hack of a small system. It appears to have caused a pump to burn out. To date the rumor mill indicates it was some compromised passwords, poor network segmentation and classic ICS lack of authentication that allowed the attacker to control the process. Nothing particularly noteworthy there.
All this is not to criticize the press coverage, in the water system hack case. The press will decide what their readers are interested in, and Ralph commented in one of our podcasts this summer that one of his biggest surprises was how interested the general public was in the Stuxnet story.
It does show that at least for a while the public is hungry for stories on SCADA hacks and SCADA vulnerabilities. This should lead to more attacks, perhaps of this rather benign nature, as people love attention. And it could actually lead to some progress on some long ignored basic security issues.
Image by jurvetson