I want you to picture your morning routine for just a second. You walk into the kitchen, right, maybe you're a little groggy. You turn the tap, and clean water just flows out instantly.
Right.
You plug in the toaster, push the lever down, the coils get hot, you flip a switch, the lights come on. We live our entire lives basically expecting these things to just happen. Yeah. Absolutely, But we never really stopped to think about the invisible machine that actually makes all of that possible.
It is entirely the background noise of modern civilization. I mean, we really only notice it when it stops working, usually because the power is out and we can't charge our phones.
That is exactly it. But today we are going to peel back the layers of that invisible machine. We are talking about the nervous system of our entire infrastructure, something called SCATA. Yes, And to help us navigate this, we are doing a deep dive into a really fascinating source. It's called Cybersecurity for SCATA Systems by William T. Shaw. We're specifically looking at the second edition here, which.
Is important because it updates this whole landscape for the post twenty twenty world exactly.
And I have to say Shaw's approach is great, It really is.
Shaw is essentially the definitive guide here. And what I love about his approach is that he doesn't just you know, throw dry technical manuals at you.
No, not all.
He tells the story of how industrial automation actually evolved, and frankly, it's a bit of a horror story when you look at it through the lens of modern cybersecurity.
It really is a horror story. I mean, the central tension that Shaw identifies right at the very beginning, it was the big aha moment of the whole source for me. Yeah, it's this idea that the systems controlling our water, our electricity are oil pipelines. They just weren't built for the world we live in today.
Not even close. I mean, you have to remember these systems were designed in the nineteen sixties and seventies. They were built for a world of absolute trust and physical isolation. The engineers who built a power grid back then, they were worried about a relay failing, or maybe a squirrel chewing through a wire. A squirrel exactly. They were definitely not worried about a teenager in a basement in another country trying to intentionally turn off the city's lights.
So we basically have these really trusting, innocent systems from like the classic rock era, and we've taken them and plugged them straight into the modern Internet, which.
Is basically a dark alley full of pickpockets.
It's wild.
It is a massive clash of eras. You're taking a system designed for total isolation and you're exposing it to literally the most hostile environment imaginable, and that disconnect that's what creates the massive vulnerability we are living with right now.
It's just mind blowing to think that critical infrastructure runs on a philosophy that entirely predates the concept of a cyber attack.
It does.
Let's dig into that history a bit, because Shaw talks a lot about this pre nine to eleven mindset. Yeah, it feels like a completely different universe from how it works today.
It really was. To understand the giant holes we have today, you kind of have to get inside the head of a design engineer in say nineteen seventy five.
Okay, let's go to nineteen seventy five.
Back then, security didn't mean firewalls, it didn't mean complex passwords, it just meant.
Safety, safety from accidents.
You mean, precisely, it meant making sure a tired operator on a night shift didn't accidentally open the wrong valve and blow a pipe.
Right. It's the don't spill coffee on the control panel level of security exactly.
The only way to actually mess with a system back then was to physically be standing in the room. Shaw uses this term security by obscurity, which I have.
To admit always sounds like a bit of a cop out to me. I mean, is it security by obscurity just crossing your fingers and hoping nobody finds the instruction manual.
Well, in a modern context, yes, it's a terrible strategy, but in nineteen seventy it was actually highly effective. Think about it. These were proprietary, custom built mainframes.
They were massive, so they were basically one of a kind.
Exactly. You wanted to hack a dam in nineteen eighty, you needed to know a programming language that maybe only fifty people in the entire world even knew, and you still needed to break into the physical server room to type it in.
So the lock was just that the key was incredibly rare and impossibly heavy.
That is a great way to put it. But then, obviously, September eleven happened, right and Shaw points out that this was the major pivot point for the industry. The Department of Homeland Security was formed, and they started doing these deep audits of our industrial infrastructure.
They looked at SCATA and these distributed control.
Systems, and they realized these things were completely naked. They had literally zero intrinsic protective mechanisms because they had never needed them before.
Because suddenly the threat model was an accidental failure anymore. It was intentional destruction exactly.
We moved from worrying about mechanical breakdown to worrying about nation states and true believers who actively wanted to cause physical destruction through digital means.
And this all happened right after as the technology itself was going through a massive shift.
Yes, the timing couldn't have been worse in a way.
Because we didn't keep those big, secure, mysterious mainframes. We actually swapped them out for well, basically the same kind of computer I have sitting on my desk right now.
Right what they called it takeover. In the eighties and nineties, the industrial sector realized that building custom mainframes was incredibly expensive.
Sure, but you know what was getting really cheap PCs exactly PCs Windows Operating systems, Intel Chips, standard Ethernet cables.
So the whole logic behind this massive shift was just financial almost entirely.
It's technological convergence. Why would a company spend millions to build a custom networking cable when you can just buy an Ethernet cable for pennies on the dollar.
That makes sense from a business standpoint.
And staffing too. Why train your staff on a weird, isolated proprietary language when you can just hire any IT guy who knows how to run Windows.
Okay, but that sounds like a deal with the devil. I mean, sure, it's cheaper and it's way easier to staff, but doesn't that inherently mean the bad guys now have all the tools they need.
That is the double edged sword right there.
Yeah.
By moving to standard IT technology, we completely lost that obscurity protection we were just talking about.
Because the rare key isn't rare anymore.
Exactly, if you know how to hack a bank's website or just a corporate email server, you now basically possess the exact toolkit needed to attack a power grid because underneath the hood, they are speaking the exact same language.
Now, wow, we lowered the barrier to entry for attackers significantly massively. That makes this invisible machine feel a lot more fragile. Yeah, okay, so we've established the big picture of vulnerability. But I want to get my hands dirty for a second. We keep seeing SCATA, but what is actually out there in the real world doing the physical work. Shaw spends a lot of time talking about the hands in the field.
Right, So if the SCATA host computer is the brain, usually sitting in a nice, secure, air conditioned control room, the hands are what we call the RTUs remote terminal units.
So these are the rugged little boxes you see sitting out in the desert or maybe on top of a mountain or inside an electrical substation.
Exactly. They are the frontline workers of the grid. They physically connect to the real world machinery. They're the things that actually open the valves, read the line voltages, measure the flow rates in a pipe, and shop breaks down their evolution from dumb to smart, and honestly, the dumb ones were fascinating just in their raw simplicity.
I mean, I wouldn't want to be called a dumb RTU, but I get the point. There was essentially just relays, right.
Cure hardwired logic, no brain, no software whatsoever. Just if wire A has power, then turn on swich B. They were entirely reactive, right. But then along came the microprocessor, specifically things like the old Intel eighty eighty chips, and suddenly the RTU became smart.
It got a tiny brain exactly.
It could suddenly think, it could store data locally, and it could handle complex tasks on its own without having to constantly ask the main control room for help.
Okay, so there was one specific detail in this hardware section that I really need you to explain to me, because I think I completely missed the brilliance of it at first glance. Which part the four to twenty million signal?
Oh? Yeah, this is a classic piece of industrial engineering. It's the industry standard for measuring analog things things like pressure or temperature or the level of water in a tank. You send a continuous electrical current down the wire.
Right, But why that's specific range? I mean, why start at four million amps? Why not just go zero to twenty? In my head zero should mean empty or off, and that.
Right, there is the logical trap of it thinking, Oh, in a purely digital software world, zero means off. That works fine, But these systems live in the physical world, and in the physical world, wire's break.
Oh, I see where this is going, right.
Imagine you set zero amps to mean empty tank, and then some guy with a backo accidentally cuts the wire connecting the sensor to the art to.
You, the signal on that wire drops to zero amps exactly, and the control room looks at the screen and thinks the tank is empty, but really the sensor.
Is just dead precisely, So the operator starts pumping water into a tank that's already full because they think it's empty, and suddenly you have a massive disaster of flood and explosion whatever.
But with a four to twenty system with four.
To twenty four million ams is what means empty.
So if the back hoe cuts the wire, the.
Signal drops to absolute zero, and the computer instantly knows wait, the signal is below four. This isn't an empty tank. This is a broken wire.
That is so incredibly smart it's called a live zero.
It allows the system to diagnose its own physical health instantly.
It's a failsafe built entirely into the math itself. You don't even need extra software for.
It exactly, and it's why that specific standard has survived for literally decades, even as all the other computers got millions of times faster.
Now, speaking of things surviving from the old days, there was another protocol that sounded straight out of a Cold war submarine movie, the select check operates sequence.
Ah.
Yes, this was specifically for controlling things right, not just measuring them right.
This comes directly from the era where communication lines were incredibly noisy, just bad copper phone lines. Static on the line a lot of static, and static on a digital line can easily.
Flip a zero to a one, which is a big deal.
A massive deal. If you send a simple direct command like open valve, a tiny burst of static might corrupt that packet and change it to closed valve or open gate.
Which if you're running a nuclear power plant or a gas pipeline, could be absolutely catastrophic.
Right, So the engineers built a handshake. It's a literal conversation. The host computer doesn't just bark orders at the r TOU. It says I would like to select valve number.
One, and the RTU actually talks back.
The RTU replies okay, valve number one is selected. Then the host says prepare to open, The RTU replies ready to open. And only after all of that confirmation does the host send the fine actual command execute.
Wow. It's like a triple check. It's literally are you sure? Are you really sure?
Okay, do it exactly, And if any single part of that conversation gets garbled by static, the whole sequence just aborts safely. It prevented countless industrial accidents.
That makes perfect sense. Now, there was one term in the hardware section that stopped me cold de bouncing de bouncing. Yeah, I assume we aren't talking about basketballs here.
Huh.
Why does a computer need to debounce a switch?
This is one of my favorite concepts because it's where pristine software smashes into messy physics.
Okay, paint me a picture.
You think of a physical switch as binary. It's either on or it's off, right, like a light switch. Like a light switch, But when you physically slam a heavy metal industrial breaker shut, the metal contacts don't just connect perfectly instantly.
They bounce, wait, microscopic bounces like physically bouncing.
Yes, physically bouncing off each other, connect, disconnect, connect, disconnect just for a few milliseconds.
Oh wow.
Now to a human eye it looks completely instant. But a modern computer is so incredibly fast it reads every single one of those bounces, so it sees on off, on off, on off in the span of a millisecond.
So the computer thinks the breaker is just totally freaking out.
It thinks the human operator is flipping the switch one hundred times a second. So debouncing is a filter. It can be hardware or software, but it basically tells the computer, hey, ignore the total chaos for the first ten milliseconds, just wait until the heavy metal physically settles down.
It's a great reminder that SCATA isn't just you know, abstract code floating in the cloud. It's code interacting with heavy, dirty, physical reality.
Constantly, and that reality changes drastically depending on what exact industry you're looking at. Shaw makes a really big distinction between how an electric utility uses these systems versus say, an oil pipeline.
Company, different strokes for different folks.
Exactly, electric utilities live and die by sheer speed.
Because electrons move at the speed of light.
Exactly, if a massive breaker trips at a substation. They need to know exactly when it happened to understand what went wrong on the grid. They track things in literal milliseconds. They call it sequence of events or SOE.
But pipelines are different. Oil and water don't move at the speed of light.
No, they move relatively slowly, But pipelines have a completely different headache accounting. Accounting, yes, and this leads to one of the most critical concepts Shaw talks about in the book, the accumulator freeze.
Okay, yes, when I read a cumulator freeze, it honestly sounded like a sci fi weapon to me. But you're saying it's actually about money.
It's entirely about money and safety. Of course. Imagine a natural gas pipeline that's five hundred miles long. You have a smart sensor at the start of the pipe measuring exactly how much gas goes in, and you have another sensor five hundred miles away measuring how much comes out.
You need those two numbers to match exactly, or.
You have a leak, or someone is actively siphoning it off and stealing it. Right, but the gas is common instantly moving. If you ask the first sensor for its tally, and then ten seconds later you ask the last sensor for its tally. The gas has moved during those ten seconds, your math will be wrong.
Oh, I see, You'll think you lost gas, but really you just counted at two different times exactly.
You're basically chasing a ghost in the math, and I'm guessing.
In the oil and gas industry, chasing a ghost is expensive.
Incredibly expensive. It means shutting down a major pipeline because you think there's a leak sending out cruise, losing millions of dollars a day. So they invented the accumulator freeze. It's a broadcast command. The central computer essentially shouts over the network to every single RTU at the exact same time freeze.
And they all just take a snapshot at.
The exact same millisecond. They keep counting the actual gas in the background, of course, but they save that specific moment's number in a frozen memory register.
Oh that's smart.
Then the central computer can just casually collect those snapshots one by one over the next few minutes. It ensures that the accounting balance is perfectly across five hundred miles of moving product. It's literally like pausing time for the entire pipeline just to check the books.
That is incredibly clever. It really highlights how these systems have to solve massive physical problems that standard it people never even have to dream of. I mean, my WiFi router doesn't care about the laws of physics or the flow rate of natural gas.
No, it doesn't. And your WiFi router also isn't sitting on top of a freezing mountain running exclusively on a solar panel.
That's another thing, the power constraints.
Shaw talks about this at length. Some of these remote RTUs run on thermoelectric generators, which means they literally burn a tiny, tiny bit of the natural gas from the very pipeline they are measuring just to generate enough raw electricity to stay alive.
Wow, it's like a lonely little robot out in the tundra keeping itself warm.
It really is. And because power out there is so precious, they sleep ninety nine percent of the time. They wake up, burst a quick packet of data back to base, and go immediately back to.
Sleep, which has to be a nightmare for cybersecurity. Right, how do you patch or monitor a device that is technically turned off? Most of the day.
It is a massive headache. But eventually those sleeping devices have to wake up and talk to the brain. And that brings us to the tower of Babel.
The networking protocols, the language of the grid.
Yes, and this is where the history gets really, really messy. In the early days, every single manufacturer just made up their own language. Shaw calls these bit oriented protocols.
Is there an easy way for us to visualize that?
Think of it a lot like Morse code. It's just a raw stream of dots and dashes, ones and zeros. It's incredibly efficient for the machine, but you need a highly trained specialist to understand it. You can't just read it off a screen. It requires custom hardware just to decode it.
But then, just like with the hardware moving to standard Windows PCs, the protocols eventually moved to what he calls character oriented.
Right, think of character oriented protocols like sending a standard email. You are sending recognizable human characters, ABC numbers text standard off the shelf. Computers can read it easily. It's much more user friendly for the operators.
But here is the massive trap that Shaw warns us about. Just because it's user friendly, doesn't mean it's safe. In fact, it seems like making it readable just made it easier for the bad guys to listen in.
You've hit on the clear text problem. Most of these industrial protocols, things like mod bus or DANP three, they were designed for that innocent, trusting era we talked about at the beginning. So they send their commands in clear text.
Wait, so if I'm a hacker and I managed to tap into.
That wire, you can read exactly what it says.
Anyone can just read it, not just.
Read it, write it.
Oh wow. Yeah.
There is no encryption, There is no password authentication. It is exactly like standing across a crowded room and shouting your atm PI and code at the top of your lungs. If anyone is listening, they have it and they can use it immediately and now.
And this is the part of the deep dive that genuinely scares me. We are taking these insecure, clear text protocols and we are putting them on the cloud.
Yes. Shaw talks about this huge trend SCATA as a service.
Explain that because it sounds like a terrible idea.
Well, financially, it makes sense. If you are a small water utility in a rural town. You just can't afford to build a million dollar secure server farm. You don't have the budget. So outside vendors come in and say, hey, we'll host your entire SCATA system in the crowd for a flat monthly fee.
So the actual control room for my town's drinking water supply is essentially just a website.
Functionally, yes, the critical data travels over the public Internet, and I sure they use firewalls and VPNs, but you are effectively putting critical physical control functions on the exact same network infrastructure that carries Netflix streams and spam emails.
And if that's small utilities, one it guy clicks on a phishing.
Email, then the attackers might have a direct tunnel right into the physical valves at the water plant. The air gap, that physical separation between the wild internet and the industrial plan, it's just completely gone.
There was one final twist in the book that I thought was the ultimate, absolute peak example of convenience killing security.
SCATA without a SCATUS system m the brilliant RTU talk about this. So these field devices have gotten so cheap and so powerful that manufacturers started building actual web servers directly into the little boxes out in the field.
Wait, the remote box itself hosts a website.
Yes, the whole idea is convenience. An operator can drive their truck up to a remote electrical substation. They don't even have to get out of the truck in the rain. They just connect via Wi Fi with the laptop, open a web browser, and see the whole plant status on a web page hosted by the box on the pole.
I mean that sounds amazing for a lazy operator.
It's incredibly convenient. But just think about the security implications. You have a critical infrastructure device hosting a web server broadcasting a Wi Fi signal, often sitting in an unmanned, totally remote location.
It's literally a drive through for.
Hackers pretty much. If your guy can drive up and connect from his truck, who else can drive up in the middle of the night and connect. You are putting a glowing digital target on a physical asset sitting in the middle of nowhere.
It really brings us all the way back to that central theme from the beginning. We've walked through the history, the hardware, the physics of it, the networking languages, and what I'm seeing here is basically a Frankenstein Monster.
That is a very fair assessment. We have an infrastructure where the foundational philosophy was nineteen sixties isolation and total trust. Then we upgraded the mechanics with cheap nineteen nineties PC technology, and now in the twenty twenties, we're connecting all of it to the global Internet and.
The cloud, and then we act surprised when a pipeline gets hacked and shut down.
Right, But the expert view here isn't that the technology is inherently broken. It's actually doing exactly what it was designed to do. Move water, move power, keep the lights on.
It works perfectly fine in a vacuum exactly.
The problem is that we are using it in a highly hostile environment it was never designed for. We're desperately trying to bolt heavy armor onto a system that was just never meant to wear it.
Shawn leaves us with a pretty heavy provocation at the end regarding the future of all this, because we hear all this buzz right now about the Industrial Internet of Things or IIoT, making literally everything smart.
Right, and the big selling point for IoT is always efficiency, big data analytics.
But Shaw points out a massive risk there. He says modern artus are now powerful enough to be fully autonomous. If hackers managed to cut off the central brain, the hands in the field can just keep working on their own. Now, on the surface, that sounds safer.
Right, It sounds incredibly resilient. The plant runs itself even if the network goes down. But here's the question he leaves us with. As we rush to add billions of new smart sensors to the power grid to make everything Internet of Things compatible, are we actually making our infrastructure safer or are we just creating billions of new time tiny back doors straight into the grid.
Because every single smart toaster or smart valve or temperature sensor is a potential entry point for an attacker.
Exactly, we are increasing the attack surface exponentially, all in the name of efficiency.
That is a very sobering thought to end on. I'll tell you what, the next time I turn on the tap in the morning, we'll have a lot more respect for the invisible, slightly anxious, nervous system that actually makes that water flow.
Honestly, it's a miracle it works as well as it does every single day.
A miracle and a whole lot of really hard engineering. Well, I want to thank you for joining us on this deep dive into the hidden world of SCATA cybersecurity. It's been eye opening.
It was a pleasure to be here. Thanks for having me