Posted on 01/06/2016 5:56:34 AM PST by Travis McGee
Just two months ago I wrote about how the Internet of Things will fundamentally reshape the future of cyber warfare, evolving the cyber threat from simple website defacements, denial of service attacks, and data breaches, to affecting the physical world. Two weeks ago an hours-long power outage in Ukraine may have offered a preview of this new world as hackers were claimed to have disabled a portion of the nation's power grid.
On the evening of December 23rd, power was lost across multiple cities in Ivano-Frankivs'ka oblast in Western Ukraine, leaving nearly half the region in the dark for almost six hours. While it has not yet been proven that a cyber attack was responsible for the outage, key related malware was found on the computer systems of the affected power company. More troubling, the malware in question not only had the capability to create a remote backdoor that would have allowed power to be cut off, but also included tools designed to permanently delete files and disable the hard drives of the industrial control computer systems.
Just last year was the first confirmed case of physical damage to a non-military target being caused by a cyber attack, when a German steel mill was "massively" damaged. The US Government is among many racing to develop offensive "lethal" cyber weapons designed to "trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes."
(Excerpt) Read more at forbes.com ...
Count every day from now on with electricity and running water as a blessing.
Future War means grid down. Then what?
“Alas, Brave New Babylon” new fiction by Matt Bracken
http://www.freerepublic.com/focus/bloggers/3058882/posts
and then there is grocery supply
A friend and I were discussing the implications of the next big war for us, living comfortably in America. My point was that in WW2 we spent a lot of time, treasure and blood attacking German infrastructure. Bombing factories and electricity plants won’t be necessary the next time around. Hackers can do more damage than bombs. It’s a brave new world.
Then what? Millions die within weeks. But you knew that.
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.
- Albert Einstein
Perhaps I’m just too ignorant and so I question the logic of public utilities having their computers connected to the internet.
People say immigration is a good thing...but not if you let just any American hating idiot in.
Ping!
Thanks.
Not really something you would want to hook up to the Internet. The local controllers, one for each chamber, were the Rockwell Automation devices running their proprietary software; basically PCs running ladder logic. LL dominates in this realm because it is easy for someone who didn't write the code to understand and modify.
At a higher level we used WonderWare to communicate between controllers and run the line as a whole. This is graphical data flow software which turns the bits into pictures of stuff that change with conditions representing the state of the line. It was pretty cool.
Management wanted to be able to sit at home and monitor the line. To do this safely I installed a bit of software on a machine between the line and the Internet called a Historian. This is essentially a very rigid firewall which records activity from the line side and allows access to that historical data from the Internet side. You can't push commands through it under any circumstances.
The downside is that everything at its heart is PCs and Windows XP with all of the associated vulnerabilities. Anything broken that is known is fixed; but you know how that goes in the real world.
Freedom ≠ Free Stuff☭ | ||
I, for one, welcome our new Cybernetic Overlords /. | ||
|
Good question.
I’ll try answering and recommend reading about the challenges of protecting Industrial Control Systems - SCALA
It would be ideal if ICS SCADA systems could be fully isolated (air-gapped) from the public internet.
However, ICS servers and periperhal components need remote access by manufacturers and service vendors in order to monitor events, manage and update software and firmware.
An outside facing interface and service account is vulnerable to attack that exploits weak identity access management security. The same can be said for the weak security found on some wireless connected pump, valve and sensor components. Old legacy components that were designed years ago did not have robust IAM security and are specialized, and very costly to replace (downtime).
A multi-billion dollar power engineering firm I nearly went to work for LAST YEAR, confided that they had yet started to conduct IT Security audits on the dozens of international power plants they manage.
2015 ICS Cyber Security Conference
www.icscybersecurityconference.com Proxy Highlight
The ICS Cyber Security Conference is the event where ICS users, vendors, system ... including protection for SCADA systems, plant control systems, engineering ... Grid: Analyzing what Hackers do when they have access to the “ Power Grid ...
Cybersecurity Myths on Power Control Systems - Department of ...
www.cse.psu.edu/~sem284/cse598e-f11/papers/pietre-cam... Proxy Highlight
DavisâBesse nuclear power plant contaminated by the Slammer worm in 2003 [7 ] is a ... particularly aware of ICS cybersecurity risks. The first widely reported ...
Cybersecurity in the power sector - Power Engineering International
www.powerengineeringint.com/ articles/ p... Proxy Highlight
Oct 14, 2014 ... “Big power plants and big energy producers are under heavy and severe ... According to Symantec, many SCADA and ICS systems sit outside ...
SCADAhacker: Cyber Security for Critical Infrastructure Protection
https://www.scadahacker.com/ Proxy Highlight
An important aspect of cyber security for critical infrastructure protection ... food factories to gas pipelines, power plants, and chemical facilitiesâeven our cars. ... The OSVDB database currently tracks a total of 1069 ICS vulnerabilities, with 98 ...
power plant cyber security | Industrial Control Cyber Security Europe ...
https://industrialcontrolsecurityeurope.com/ tag/ ... Proxy Highlight
Jul 15, 2015 ... The Cyber Senate has arranged a strategic alliance with The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), ...
Cyber Security Design Methodology for Nuclear Power Control ...
www.automation.com/pdf_articles/Cyber_Security_Design... Proxy Highlight
A complete Nuclear Power ICS cyber security life cycle program is ... Essentially, the purpose of I&C systems at a Nuclear Power Plant (NPP) is to enable and.
Yes, indeed. And it’s far more likely to happen, because unlike missile tracks, a cyber attack’s origins can be disguised.
Yo’, Trav. Speaking for myself, the biggest problem I will have is dealing with all my neighbors who’ll be knocking on my front door, asking I provide them with the things they didn’t think ahead for.
I notice that all of a sudden the big buzz about smart meters has suddenly gone quiet. No doubt this is why.
Who says they’ll ask?
Seems to me a certain person assured us this was unpossible.
If they already know you prepared, get them started and in on it, especially security.
“An outside facing interface and service account is vulnerable to attack that exploits weak identity access management security. The same can be said for the weak security found on some wireless connected pump, valve and sensor components. Old legacy components that were designed years ago did not have robust IAM security and are specialized, and very costly to replace (downtime).”
Thank you MarchonDC#s. I’m still significantly ignorant to not believe their own secured cyberspace could exist outside of the internet you and I have access to. I’ll try to learn more, and thanks again for the very thorough reply.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.