Presentation is loading. Please wait.

Presentation is loading. Please wait.

Object Oriented Programming and Software Engineering CIS016-2

Published byGwenda Daniel Modified over 6 years ago

Similar presentations

Presentation on theme: "Object Oriented Programming and Software Engineering CIS016-2"— Presentation transcript:

1 Object Oriented Programming and Software Engineering CIS016-2
Week 3: Cybersecurity Case Study – Maroochy Water Breach Sue Brandreth 17/05/2018

2 Maroochy Shire 17/05/2018

3 Maroochy Shire Sewage System
SCADA controlled system with 142 pumping stations over 1157 sq km installed in 1999 In 2000, the area sewage system had 47 unexpected faults causing extensive sewage spillage 17/05/2018

4 SCADA Setup 17/05/2018

5 SCADA Sewage Control Special-purpose control computer at each station to control valves and alarms Each system communicates with and is controlled by central control centre Communications between pumping stations and control centre by radio, rather than wired network 17/05/2018

6 What Happened 17/05/2018

7 Technical Problems Sewage pumps not operating when they should have been Alarms failed to report problems to control centre Communication difficulties between the control centre and pumping stations 17/05/2018

8 Insider Attack Vitek Boden worked for Hunter Watertech (system suppliers) with responsibility for the Maroochy system installation. He left in 1999 after disagreements with the company. He tried to get a job with local Council but was refused. 17/05/2018

9 Revenge! Boden was angry and decided to take revenge on both his previous employer and the Council by launching attacks on the SCADA control systems He hoped that Hunter Watertech would be blamed for the failure Insiders don’t have to work inside an organisation! 17/05/2018

10 What Happened? 17/05/2018

11 How it Happened Boden stole a SCADA configuration program from his employers when he left and installed it on his own laptop He also stole radio equipment and a control computer that could be used to impersonate a genuine machine at a pumping station Insecure radio links were used to communicate with pumping stations and change their configurations 17/05/2018

12 Incident Timeline Initially, the incidents were thought to have been caused by bugs in a newly installed system However, analysis of communications suggested that the problems were being caused by deliberate interventions Problems were always caused by a specific station ID 17/05/2018

13 Actions Taken System was configured so that that ID was not used so messages from there had to be malicious Boden as a disgruntled insider fell under suspicion and put under surveillance Boden’s car was stopped after an incident and stolen hardware and radio system discovered 17/05/2018

14 Causes of the Problem Installed SCADA system was completely insecure
No security requirements in contract with customer Procedures at Hunter Watertech were inadequate to stop Boden stealing hardware and software Insecure radio links were used for communications 17/05/2018

15 Causes of the Problem Lack of monitoring and logging made detection more difficult No staff training to recognise cyber attacks No incident response plan in place at Maroochy Council 17/05/2018

16 Aftermath On October 31, 2001 Vitek Boden was convicted of:
26 counts of willfully using a computer to cause damage 1 count of causing serious environment harm Jailed for 2 years 17/05/2018

17 Finding Out More…. Myths and Facts Behind Cyber Security of Industrial Control Lessons Learned from the Maroochy Water Breach Malicious Control System Cyber Security Attack Case Study–Maroochy Water Services, Australia 17/05/2018

Download ppt "Object Oriented Programming and Software Engineering CIS016-2"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
NERC Lessons Learned Summary December 2014. NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.

NERC Lessons Learned Summary December NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.

EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Protecting ICT Systems

Protecting ICT Systems
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.

Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.
NETWORK ADMINISTRATOR. EXAMPLES OF SOME COMPUTING RELATED CAREERS Multimedia Artist / Graphics Artist Information System Manager Computer Scientist Network.

NETWORK ADMINISTRATOR. EXAMPLES OF SOME COMPUTING RELATED CAREERS Multimedia Artist / Graphics Artist Information System Manager Computer Scientist Network.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Cost of Ownership of a PC Acknowledgements to Euan Wilson (Staffordshire University)

Cost of Ownership of a PC Acknowledgements to Euan Wilson (Staffordshire University)
Cyber Terrorism Shawn Carpenter Computer Security Analyst

Cyber Terrorism Shawn Carpenter Computer Security Analyst

Similar presentations

Ads by Google