SCADA – Getting Hacked

One initialism that we’re going to be hearing a lot more about in the future is SCADA, which stands for Supervisory Control And Data Acquisition.

It’s beginning to turn up more and more and in a lot more places.

Basically, it refers to a set of systems that can collect data and respond to that collected data, and in so doing, act in a manner that can help to control the systems that they’re monitoring. While it used to more generally refer to mechanical controls, this is become less and less the case.

A few weeks back we mentioned the CareTracker system. That was a means of data acquisition, but there is no means of control attached to that system, so it’s not really a SCADA system. But Google has a fully automated – as in driverless – car under development. That would rely upon a SCADA system in order to operate.

In just the last few days SCADA has turned up a few times within references to the Black Hat security conference, within the context of the potential for some SCADA systems to be hacked.

In one instance, a diabetic security researcher named Jay Radcliffe presented a paper entitled Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System. Radcliffe has been experimenting with these systems, and trying to see whether the various systems in place can potentially be hacked.

Specifically, if these systems – which constantly monitor his blood sugar levels and can respond by providing him with insulin – are able to be hacked, then what is the potential for a third party to be able to do this, and thereby endanger his (or your) life?

In the US, you can now have the option of having an on-board router installed within your new car, thereby giving you connectivity wherever you may roam, but also at this conference, some people from iSec Partners were able to demonstrate how to unlock, and then start the engine, of a car using an Android powered mobile phone.

And this is just the beginning.