June 12, 2005
June 12, 2005
June 15, 2005
10.642.1 - 10.642.13
Page 1 of 13
Free and Open Source Software: An Invitation to Cyberattack
Kathleen M. Kaplan, D.Sc.
“Forget about viruses; America's real cybersecurity concerns are the notoriously vulnerable systems that control our power and water supplies” .
Cyberattack is a concern for all technological societies, including the United States (US). The greatest concern with respect to cyberattacks is in our critical infrastructures; these include communications, oil and gas refineries, power plants, and water and waste control, which are all associated with engineering. The protection of these utilities is vital to the welfare of the US, yet they are becoming more difficult to protect given the “openness” prevalent in our society. Critical infrastructures are controlled by SCADA (Supervisory Control And Data Acquisition) software applications which are programs for process control. Some SCADA systems are being rewritten with FOSS (Free and Open Source Software) instead of proprietary software. The reasons for this change from proprietary to FOSS software are many and diverse, and include government and cost requirements. This may prove to be a major mistake as FOSS may be more vulnerable to cyberattack than non-FOSS.
The use of Free and Open-Source Software (FOSS) may make cyberattack easier than using non- FOSS. FOSS allows all users to study, change, and improve source code; unfortunately, this may give cyberterrorists first-hand knowledge of the intricate workings of FOSS or software built upon FOSS. While non-FOSS has also been vulnerable to attack, it does not allow the source code to be freely accessed, and thus software holes have to be found the hard way – by trial and error. As recent studies have shown, FOSS is used for many software applications, including critical infrastructure protection systems, and in all levels of government. This paper discusses different types of software "openness," FOSS and non-FOSS, pro and con arguments regarding FOSS, organizations using FOSS, and FOSS with respect to critical infrastructure protection. Also discussed with respect to FOSS are SCADA, critical infrastructure protection (CIP), hostile monitoring of SCADA systems, and breaches of SCADA systems. The information contained in this paper is important and relevant for all engineers involved with critical infrastructures.
“Proceedings of the 2005 American Society for Engineering Education Annual Conference & Exposition Copyright 2005, American Society for Engineering Education”
Kaplan, K. (2005, June), Free And Open Souce Software: An Invitation To Cyberattack Paper presented at 2005 Annual Conference, Portland, Oregon. 10.18260/1-2--15317
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2005 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015