There's a lot being said about infrastructure security and susceptibility to sabotage by hacking. Some of it's just hype to get listeners or sell papers, but there's also a very real threat.
The heart of the issue is remote sensing and response actions, from simply activating pumps to react to low levels in storage tanks, to complex interactions of facility components managed through SCADA systems.
Remote sensing isn't new; telemetry goes back several decades. What's new is the conversion of communication from hardwired circuits, dedicated phone lines and radio channels (and more recently, cell phones), to implementation on the internet.
It's that last step, porting the communication to internet, that brings up the hacking vulnerability. It's true that phone lines can be tapped and cell calls and radio signals intercepted. But those avenues require at most, physical access to the communication lines, and at least, detailed knowledge of the system in the first place. Only when systems become internet nodes, with their own IP addresses, does it become possible to gain entry to a system before having detailed knowledge, then get that knowledge while exploring it, and finally design and execute interfering action.
Communication and SCADA functions can be handled through older telemetry methods, though granted,it is more expensive. But when we're dealing with WTPs, power plants, or their associated distribution systems, we're in the tens or usually hundreds of $Millions, which makes the savings between internet communications and dedicated channels a very small price to pay for securing those systems. Repeated hacks of major corporations with (presumably) highly professional IT operations demonstrate that internet "security" provides only a limited defense at best, and nowhere as secure as systems that don't have the exposure in the first place. Obviously, physical access from "bad actors" using flashdrives can be threats as well as internet access, but they have to be dealt with using direct HR and physical security approaches.
I'd like to hear others' thoughts about removing the "low hanging fruit" from the constellation of infrastructure threats.
------------------------------
Gene Rovak P.E., F.ASCE
SR Consultant, Horner & Shifrin Inc.
Saint Louis MO
grovak@...------------------------------