Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Case Study Maroochy water breach

Published byKristin Florence Newton Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Case Study Maroochy water breach"— Presentation transcript:

1 Cybersecurity Case Study Maroochy water breach

2 Maroochy Shire Image credit:

3 Maroochy shire sewage system
SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999 In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage

4 SCADA setup Typical SCADA-controlled sewage system
This is not the system that was attacked

5 SCADA sewage control Special-purpose control computer at each station to control valves and alarms Each system communicates with and is controlled by central control centre Communications between pumping stations and control centre by radio, rather than wired network

6 What happened More than 1m litres of untreated sewage released into waterways and local parks

7 Technical problems Sewage pumps not operating when they should have been Alarms failed to report problems to control centre Communication difficulties between the control centre and pumping stations

8 Insider attack Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation. He left in 1999 after disagreements with the company. He tried to get a job with local Council but was refused.

9 Revenge! Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems He hoped that Hunter Watertech would be blamed for the failure Insiders don’t have to work inside an organisation!

10 What happened? Image credit:

11 How it happened Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station Insecure radio links were used to communicate with pumping stations and change their configurations

12 Incident timeline Initially, the incidents were thought to have been caused by bugs in a newly installed system However, analysis of communications suggested that the problems were being caused by deliberate interventions Problems were always caused by a specific station id

13 Actions taken System was configured so that that id was not used so messages from there had to be malicious Boden as a disgruntled insider fell under suspicion and put under surveillance Boden’s car was stopped after an incident and stolen hardware and radio system discovered

14 Causes of the problems Installed SCADA system was completely insecure
No security requirements in contract with customer Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software Insecure radio links were used for communications

15 Causes of the problems Lack of monitoring and logging made detection more difficult No staff training to recognise cyber attacks No incident response plan in place at Maroochy Council

16 Aftermath On October 31, 2001 Vitek Boden was convicted of:
26 counts of willfully using a computer to cause damage 1 count of causing serious environment harm Jailed for 2 years

17 Finding out more

Download ppt "Cybersecurity Case Study Maroochy water breach"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
BELASTINGEN EN INVORDERINGEN Administratie der Douane en Accijnzen 19 October 2006 1.What is the Megaports Initiative and which are its objectives? The.

BELASTINGEN EN INVORDERINGEN Administratie der Douane en Accijnzen 19 October What is the Megaports Initiative and which are its objectives? The.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.

EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Protecting ICT Systems

Protecting ICT Systems
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.

Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Cost of Ownership of a PC Acknowledgements to Euan Wilson (Staffordshire University)

Cost of Ownership of a PC Acknowledgements to Euan Wilson (Staffordshire University)

Similar presentations

Ads by Google