A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Vulnerabilities of Control Systems in Drinking Water Utilities John McNabb Notacon 9 (Hacking Illustrated Series InfoSec Tutorial Videos)

Vulnerabilities of Control Systems in Drinking Water Utilities John McNabb
Notacon 9


The control systems of public drinking water systems are vulnerable to attack by malicious hackers. This has been shown through several penetration tests and the reported attack (which later was not corroborated by a DHS investigation) on an Illinois public drinking water system by foreign hackers in November, 2011, the most recent publicly known cyber attack on a drinking water utility. This talk will examine the many vectors of attack on the IT systems of a drinking water utility, their vulnerabilities, proposed defensive measures, and potential consequences of a malicious hacker attack. The control systems, including the programmable logic controllers (PLC’s) and the human machine interface (HMI), will be described. The talk will discuss the many institutional, cultural, and financial obstacles to ensuring that the national public drinking water infrastructure is adequately protected from attacks by malicious hackers. The current threat environment of the national drinking water infrastructure will be discussed, including the repeated threats by Al Qaeda to poison the US drinking water supply, along with existing programs to address those threats and finally a discussion of what more needs to be done.


John McNabb is Principal of InfraSec Labs, which researches security of critical infrastructures. He was an elected Water Commissioner for a small New England drinking water utility for 13 years. His current research focuses primarily on security of the drinking water infrastructure. He has presented papers on that subject at Defcon 18 (Cyberterrorism and the Security of the National Drinking Water Infrastructure), Defcon 19, Black Hat, and Shmoocon. John has published several papers on drinking water infrastructure issues and recently wrote a chapter on drinking water security for the book Weapons of Mass Destruction and Terrorism, 2nd Edition (McGraw-Hill, 2012).


Back to Notacon 9 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast