There exists a 0-day vulnerability in a particular line of SCADA Master products that are widely used in petrochemical facilities. Furthermore, since the telemetry between the Master and the RTUs (the units located at valves, gauges, etc.) is particularly fragile under attack, the attackers are able to take a two-tiered approach to the damage they cause.
The vulnerability is designed to simply replace a small bit of code in the SCADA Master so that upon communication with the RTUs, it will unpredictably send invalid data; the way in which the communications are invalid also varies somewhat. The symptoms of this appear not at the Master level, but in the RTUs themselves, which have unpredictable results. The first set of disasters occur as valves fail to close or open, or particular RTUs cease providing data.
It takes a bit of time for law enforcement to have a solid handle on things, as they are currently battling their own issues, but they notice the pattern. The SCADA systems are immediately segmented from other networks, and work begins on replacing RTUs. This, however, has no effect, and as time passes the ripples of the attack spread. Gas stations run out of gas, followed shortly by freight carriers. Private individuals and local police and fire departments are not far behind.
Disaster can only be prevented by Reuben, an elite cyber-security researcher who stumbles across the plot while contracting for the federal government.
About the Author Rob Shein, also known as Rogue Shoten, works as an independent consultant in the Washington, DC area. His experience includes doing hard time at Network Solutions, followed by VeriSign, where he was a member of the FIRE Team, providing incident response and penetration testing services to Fortune 100 clients.
Marcus H. Sachs is the Director of the SANS Internet Storm Center and is a cyberspace security researcher, writer, and instructor for the SANS Institute. He previously served in the White House Office of Cyberspace Security and was a staff member of the President's Critical Infrastructure Protection Board. While a member of the White House staff, Mr. Sachs coordinated efforts to protect and secure the nation's telecommunication and Internet infrastructures, leveraging expertise from United States government agencies, the domestic private sector, and the international community.
David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognized by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software companies (the majority in Microsoft, Oracle).
