Digital dangers in a wired world
|Out-of-order notices are posted on ticket vending machines at Seoul Station in central Seoul on Nov. 27 when electricity in the Korea Railroad Corporation building in Bongnae-dong, central Seoul, went out after a computer server managing ticket reservations malfunctioned. All systems nationwide were halted for nearly two hours. By Kim Kyung-bin |
It’s the stuff of action flicks. In “Live Free or Die Hard,” terrorists paralyze the United States by taking over all transportation systems, broadcasting, communications and the power grid. It’s a total shutdown and only Bruce Willis can save the world from the evil hackers.
But the plot’s not a total fiction.
In today’s interconnected world, system after system can collapse if a central computing facility such as a supervisory control and data acquisition, or Scada, system fails. These Scada collect data from sensors at plants and other remote locations and then send data to a central computer that manages and controls data.
So what we saw in the last Die Hard movie has actually already been experienced. Ask the Poles. In January last year, a subway train derailed in Lodz injuring several passengers after a 14-year-old boy hacked into the railway operation system. And look at what happened in the United States in August 2003 when a virus called a “Blaster Worm” found its way into the Scada for the power grid in the northeast of the U.S. Around 5,000 people in seven states were injured in the ensuing blackout. “Once you hack into the Scada, you can manipulate all the water, electricity and gas supply systems,” said Park Chan-am, 20, the winner of a hacking protection competition held in Korea this year, part of Codegate 2009, an international event.
Korea has already installed Scada systems in most facilities across the country. These facilities control everything from reserving train tickets to supplying electricity and air-conditioning. They even control the floodgates of multipurpose dams and the quality of tap water in Seoul.
And we have seen what can happen when things go wrong. On Nov. 27, the electric power in the Korea Railroad Corporation building in Bongnae-dong, central Seoul, went off at 5:21 p.m. Within a minute, Korail had supplied emergency electri
c power but all systems for issuing train tickets nationwide were halted for nearly two hours because the computer server managing train ticket reservations and issuance that was installed in the Korail building malfunctioned.
The situation was not life threatening but it caused a major inconvenience for passengers trying to buy tickets.
Korea’s largest Scada system in scale is Korea Electric Power Corporation’s “smart grid,” which will be test run from 2011. The system will have sensors and cameras installed in existing power plants and power grids. Those sensors and cameras are going to allow Scada to control the volume of regional power supply and demand. In that way, the proper amount of electricity is expected to be provided to each region at that right time.
Experts say this measure could save energy but electric power supply operation across the country could be paralyzed if the Scada is compromised. “It is almost impossible to hack into the smart grid system because it is operated by a remote Internet network and it has advanced security facilities attached,” said an official at Kepco who asked not to be identified.
However, experts in the security industry said the system could be breached. Security experts say safeguard measures have to be included in a law related to the establishment of the smart grid. They cite the example of an employee from a company in charge of disposing garbage penetrated the Scada and released a large amount of waste in a river in Queens-land, Australia. Apparently he had a grudge against the local council.
“Terrible damage, such as a large-scale power blackout, is highly likely if the system is attacked by hackers,” said Lim Jong-in, a professor at Korea University’s Graduate School of Information Management and Security. “The planned bill has to be revised in order to arrange for a high security budget and secure human resources.”
By Lim Mi-jin, Kim Jeen-kyung [firstname.lastname@example.org]