For a smart and determined hacker or terrorist, it would not be terribly difficult to disable any or all of the local civil infrastructure, including the power, water, sewage, communications and health care systems, a local professor says. That’s because all these systems are controlled by little SCADA (Supervisory Control and Data Acquisition) boxes, about the size of a deck of cards that are part of our nation’s Industrial Control System (ICS).
These small boxes are all over the place, not under very secure lock and key, and they need to be near the equipment they control and available to legitimate systems users. So it’s a conundrum, one that information technology (IT) specialists and the federal Department of Homeland Security are trying to figure out.
That’s the thrust of computer science teacher Dr. Lynn Ackler’s upcoming presentation during this week’s eighth annual Southern Oregon Arts & Research (SOAR) series of events, a big showcase of the latest research done by students and teachers of Southern Oregon University. It starts today and runs through Friday with a number of free presentations on the SOU campus on a diverse array of topics, ranging from sentence diagramming to a documentary about last season's SOU football team's national championship campaign to food insecurity to voter engagement to the differing effects of climate change on more and less developed countries.
"Vulnerability of the Nation's Critical Infrastructure" is the title of a presentation prepared by Ackler, a 15-year veteran of SOU, and seven computer science students. Ackler says he leaves his keys in the lock of his office door as a message that, a) there is little or no real security and, b) you have to have super-trustworthy people around you.
Up on the wall of his basement laboratory is the slogan, “They got what it takes to take what you got.”
What can you do? For starters, you take all five of his computer security, computer forensics and networking classes, which most of this region’s corporations and municipalities have done. Then you get it through your head that there is no such thing as “deleting.” If it was in the computer, tablet, phone or system, it’s still there. You have to burn, drown, explode or shoot the device to make it go away, he says.
In drills with his students and police or military forces, says Ackler, he’s done all the above and they work. Dropping your hard drive off at recycling doesn't work. His SOAR project is a demonstration of what happens when a hacker hacks but, he says, he’s not going to tell anyone how to do it.
You have to create “strong access control,” which means strong passwords, each one long, complex and different from the others, but there’s always a drawback — in this case, if you make scads of complicated passwords, it’s easy to lose data.
“Everything is both good and bad, no matter what you do,” said Ackler, noting that one key administrator in San Francisco recently quit his job in a huff and left with all the passwords, which he would not divulge. How to force him? They’re still working on it.
“In security, there are ways to crack passwords,” he says. “It’s called the rubber hose attack. That means ‘sex, money or pain will get you anything.’ So, be careful when you hire people. It all comes down to trust.”
Ackley’s display has photos of the Ashland Water Treatment Plant, with SCADA devices sitting out in the open. Unfortunately, he notes, it’s necessary, because “if they’re not in the open, near what they control, they’re not of use. If you put them in a secure, cinder block building, hackers can penetrate that with radio waves.”
The cutting edge of computer science now is security and his best students are landing great jobs in the industry, he says.
“The big push is to secure everything. Terrorists are not dumb. They are very smart and there are lots of them,” he says. In big countries like India, there are millions of high school students who are smarter than ours, unemployed and “they’ve got time and they’ve got computers.”
His presentation, supported by seven other presenters, is set for noon to 2 p.m. Thursday in the Stevenson Union foyer.
Other presentations and events on display in Hannon Library during SOAR week and throughout the month of May include:
• “10 Years, 9 Months, 3 Weeks, and 5 Days,” a multi-media display and introduction to the topic of modern-day atrocities. Creators participate in the Artists Reception on the third floor of Hannon Library from 3:30 to 5 p.m. today, Monday, May 11;
• “BECOMING,” a documentary film chronicling the SOU football national championship season; and
• “Jim Rock Historic Can Collection,” a series of images of historic cans assembled by Jim Rock over his career as an archaeologist with the U.S. Forest Service.
Academic presentations, which run Tuesday through Thursday at Stevenson Union, include these events on Wednesday, May 13:
• Barriers and opportunities for voter engagement, from 8:30 to 8:50 a.m.;
• Analysis of the battle at Captain Jack’s Stronghold during the Modoc War near Klamath Falls, from 9:30 to 9:50 a.m. in Room 319;
• Food insecurity, from 10 to 10:20 a.m. in Room 306;
• Impacts of agriculture on water quality, from 10:30 to 10:50 a.m. in Room 306; and
• A panel discussion by Skeptic House students on "Controversial Issues in Society: Opposing Positions," including the proposed Medford casino, forced sterilization of prison inmates, doctor-assisted suicide and treating juvenile offenders as adults, from 3:30 to 5:30 p.m. in Room 319.
“This is one of my favorite events of the year,” said event organizer Jeffrey Gayton, director of SOU’s Learning Commons and university librarian. “There is a wide variety of multi-disciplinary work that will be presented during SOAR week. This event really serves as a bridge between the classroom and the community and provides an opportunity for students to share some of their creative and academic accomplishments with a wide audience.”
The week officially kicks off with opening ceremonies at noon and an ice cream and "SOARbet" social from noon to 2:30 p.m. Monday, May 11, in the Rogue River Room at Stevenson Union.
The full schedule of events is available at www.sou.edu/soar/soar-2014-calendar.html.
John Darling is an Ashland freelance writer. Reach him at firstname.lastname@example.org.