Imagine one morning you get that call, the call that every data center manager dreads, a breathless call that informs you that there has been a major equipment failure at your data center. You sprint to your car and make the best possible time to your critical facility. As you approach the site, your heart sinks when you see a thick stream of black smoke rising from the generator yard into the morning sky.
A few minutes later, you are standing next to smoldering wreckage of your standby generators. Your perplexed facility manager informs you that there was no scheduled automatic generator run and no electrical system maintenance going on that evening. He explains that the generator cranked up “out of the blue” and immediately started smoking and shaking violently. Before he could hit the generator EPO switch, arcing currents flashed from inside the alternator, smoke poured from the engine, and the generator died a sudden death.
The BMS and SCADA system event loggers say that there was no interruption of utility power to trigger the generator start. Further adding to the mystery, the generator mode selector switch is still in the auto position, indicating that the generator could not have been started manually. In short, there is no readily discernible reason that the generator started and certainly no apparent explanation for its dramatic failure.
A new high-priority email catches your eye as you reach for your smart phone to call your generator service provider. It reads, “EXTORTION! We control your data center infrastructure. The catastrophic failure of your diesel generator at 05:00 EST was a demonstration of our capability. Deliver $4 million to the account below before 17:00 EST today, or we will shut down your facility. We have altered your switch gear PLC programming. Any breaker operation or control system tampering prior to 17:00 EST will initiate an open-all-breakers command.”
Your heart sinks as you realize that your mission-critical infrastructure has been hacked. You are the latest victim of a cyber warfare weapon known as a supervisory control and data acquisition, or SCADA, worm.
Until recently, the idea that SCADA systems were vulnerable to a cyber attack was just a theory. System manufacturers and operators relied confidently on system complexity and esoteric communication protocols to provide security from cyber attacks. They reasoned that industrial controls systems (ICS) such as SCADA are simply too different from traditional IT systems to present a valid target for hackers. Differences that seemed to rule out ICSs as valid cyber attack targets include: