Phoenix Contact (2009) Hacking the industrial network
Phoenix Contact (2009) Hacking the industrial network

Malicious code, a Trojan program deliberately inserted into SCADA system software, manipulated valve positions
and compressor outputs to cause a massive natural gas explosion along the Trans-Siberian pipeline, according to
2005 testimony before a U.S. House of Representatives subcommittee by a Director from Sandia National
Laboratories.1 According to the Washington Post, the resulting fireball yielded “the most monumental non-nuclear
explosion and fire ever seen from space.”2 The explosion was subsequently estimated at the equivalent of 3
kilotons.3 (In comparison, the 9/11 explosions at the World Trade Center were roughly 0.1 kiloton.)
According to Internet blogs and reports, hackers have begun to discover that SCADA (Supervisory Control and
Data Acquisition) and DCS (Distributed Control Systems) are “cool” to hack.4 The interest of hackers has
increased since reports of successful attacks began to emerge after 2001. A security consultant interviewed by the
in-depth news program, PBS Frontline, told them “Penetrating a SCADA system that is running a Microsoft
operating system takes less than two minutes.”5 DCS, SCADA, PLCs (Programmable Logic Controllers) and other
legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic and
railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and
beverage lines, industrial processes, automotive assembly lines, and water treatment plants.
Sandia National Laboratories has been chartered over the last 15 years with testing and improving the security of
U.S. infrastructure control systems. When interviewed by Frontline, they confirm that their Red Team has never
failed to penetrate a U.S. system using publicly available methods. When they refer to the term SCADA, they
include all real-time digital control systems, process control systems and other related technologies.

Phoenix Contact (2009) Hacking the industrial network

Phoenix Contact (2009) Hacking the industrial network