The instrumentation, systems, and automation industry uses digital DCSs and supervisory control and data acquisition (SCADA) systems as tools of the trade to lower costs, get up on the competition, and operate more safely.
The U.S. federal government, in the form of the Commerce Department's Critical Infrastructure Assurance Office, is looking at DCSs and SCADAs as weak links in the fight to preserve security against those whose aims are to inflict catastrophic harm on the industrialized world.
Working together, the FBI, Lawrence Livermore National Laboratory, and the Defense Department compiled a forensic summary tracing telecommunications routed through Saudi Arabia, Indonesia, and Pakistan that cased emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants, and gas facilities.
The Washington Post reported that some of the probes suggested planning for a conventional attack. But others homed in on a class of digital devices that allows remote control of services such as fire dispatch and of equipment such as pipelines. More information about those devices and how to program them turned up on al Qaeda computers seized this year.
Most significantly, perhaps, U.S. investigators found evidence in the logs that mark a browser's path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport, and communications grids.
In some interrogations, al Qaeda prisoners described intentions, in general terms, to use those tools.
Millions of these specialized digital devices operate and direct the brains of American critical infrastructure. Federal directive defines this term to mean industrial sectors that are essential to the minimum operations of the economy and government.
The digital devices are DCSs and SCADA systems. The simplest ones collect measurements, throw railway switches, close circuit breakers, or adjust valves in the pipes that carry water, oil, and gas.
More complicated versions sift incoming data, govern multiple devices, and cover a broader area.
What is new and dangerous is that most of these devices are now connecting to the Internet, some of them in ways their owners do not suspect.
Industry designed these digital controls without public access in mind. They typically lack even rudimentary security, having fewer safeguards than the online purchase of flowers.
Much of the required technical information to penetrate these systems is widely discussed in the public forums of the affected industries, and specialists say potential attackers are well aware of these systems' security flaws.