Lack of security in remote oil drilling stations and other similar environments vulnerable to rudimentary but potentially disastrous attacks
BLACK HAT USA -- SCADA experts here today demonstrated just how easy it is to commandeer the antiquated networking protocols used in an oil-well pumping station and other SCADA environments, causing a simulated oil tank to nearly overflow using spoofed commands to the programmable logic controller (PLC).
The researchers, whose day jobs include installing and supporting SCADA systems in oil rigs, basically wrote a few basic Python scripts that told the remote controllers what to do. In the live demo, they commanded the valve and pump to work on "high" and to nearly overflow the simulated oil. They also showed how they could send phony data that convinced the system that the pump was empty when it was actually rising, forcing it to nearly overflow.
Putting aside the fact that national infrastructure is very, VERY vulnerable due to the aged hardware and software, this demo should indicate the need for red teaming across the board at a national level.