Whitehat Takeover of DCS Consoles

Event Year: 2002 Reliability: Invalid
Country: Canada
Industry Type: Petroleum

A simulated attack on a DCS during a security audit results in complete administrative takeover of the DCS operator consoles. A whitehat hacker with network access to the control LAN was to connect to selected DCS operator stations and obtain full administration privileges. This was accomplished through the vulnerabilties in the Windows platform and a number of Netbios fileshares that lacked proper password protection.



Action Description: Changes to policy for configurations of all computers used in process control networks