New York City Pushes Plan To Prevent Cyberattacks On Elevators, Boilers 171
coondoggie writes "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems and decided to disrupt them, imperiling the lives of hundreds of thousands of residents relying on them. Think it could never happen? Think again. 'You could increase the speed of how elevators go up or down,' says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority, which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems for the boilers, they could raise the heat levels for municipal boilers, causing them to explode." Maybe Bruce Schneier could run a new movie-scenario contest about ways this could play out.
DUMB (Score:5, Insightful)
These systems shouldn't be network accessible anyway.
!!!
Offline? (Score:4, Insightful)
Does this guy even know anything about this? (Score:5, Insightful)
Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems
hmmm (Score:3, Insightful)
"business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority (NYCHA)"
So a housing authority needs a full office for Information systems and in that office it needs a business analyst (because that is part of information systems)?
Sound like a bureaucrat that needs to justify the job his dad got him.
Re:Offline? (Score:4, Insightful)
They probably are. This guy is just trying to sell fear for personal gain (money or power). Ben Franklin was right when he said the greatest danger are those in power who are filled with avarice or ambition.
Derp, meet Herp (Score:5, Insightful)
"Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems."
Some people would have to take the stairs and others would take cold showers. A truly terrifying prospect. Elevators and hot water are conveniences; People don't die from the lack of them.
Re:So much hype over hackers (Score:5, Insightful)
Just try to get into any big bilding without a security guard on your ass.
Get a boilerman's uniform. Wave your visitors pass. If the guard insists on accompanying you, look busy until he goes to pinch a loaf.
Half the reason Kevin Mitnick was notorious was not because he was a stone cold hacker - he was a good social engineer.
Re:DUMB (Score:5, Insightful)
And even if they are, why on earth would they have software-configurable speeds or pressures that can range outside of safe parameters? The safety limits should be hard-coded.
Re:DUMB (Score:4, Insightful)
I hope users/regular mortals are not installing boilers instead of professionals.
Re:Read only settings (Score:5, Insightful)
Perhaps compliance with new regulations? A service company could theoretically roll an update out accross a country or state without having to visit each elevator.
No you do that ON-SITE. This is not web services or video games. You have someone there locally to confirm it is working in real life when making parameter changes like this.