The Supervisory Control and Data Acquisition (SCADA) system of a natural gas utility was compromised resulting in a reduction of operation. The breach was discovered when operator interfaces became unresponsive and the system was no longer acquiring data. As a result, the system was disconnected from the network and a combination of manual operation overrides and limited fail-over to a backup server went into effect until the environment could be restored. Technicians troubleshooting the incident identified the deletion of several core application files on the primary control server as the source of the problem.

The link for this article located at CERT is no longer available.