Industrial Control Software Easily Hackable 194
jfruh writes "CoDeSys, a piece of software running on industrial control systems from hundreds of vendors, has been revealed to be easily hackable by security researchers, giving rise to a scenario where computer hacking could cross the line into the physical world. Worse, many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea."
Enter Kaspersky (Score:1, Informative)
Kaspersky says they'll come up with a new OS specifically designed to protect industrial control systems from hacking and sabotage.
http://www.pcmag.com/article2/0,2817,2411052,00.asp
Re: (Score:1)
They also said they'd come up with an exploit-proof operating system so their credibility is more than just a little suspect.
http://it.slashdot.org/story/12/10/19/2254209/kasperskys-exploit-proof-os-leaves-security-experts-skeptical
Re: (Score:2)
??? they cant pick a live Linux CD?
Re: (Score:3)
Talk is cheap. My guess: They cannot do it, but enough people will believe them. Once the OS is in place, they cannot migrate away anymore.
Re: (Score:3)
Even if they could do it, very few ICS admins would switch to it. Most people there are responsible for stability as their most important attribute - and that means running a solution that has proven itself over and over and over again. Related to this concern is downtime: often times these plants are running 24x365 schedules, controlling furnaces that keep ovens full of molten iron from freezing solid, which could destroy the oven. Shutting down a production line takes time and planning to prevent damag
Re:Enter Kaspersky (Score:4, Insightful)
Even if they could do it, very few ICS admins would switch to it. Most people there are responsible for stability as their most important attribute - and that means running a solution that has proven itself over and over and over again. Related to this concern is downtime: often times these plants are running 24x365 schedules, controlling furnaces that keep ovens full of molten iron from freezing solid, which could destroy the oven. Shutting down a production line takes time and planning to prevent damage, and every minute that line is down, they are not making money.
Indeed. What they actually need to do is to really isolate these control systems in the hard sense. I.e. no ports network, data import only manually, data export via CD-R or the like, clear message to employees that connecting any USB media, Laptops, etc. will result in immediate termination, ...
It can be done, even if it may require some people to suffer first, as Iran found out. They did execute the people that imported Stuxnet via USB drive. My guess is they will not have that problem again anytime soon.
When there is a credible threat, they look at addressing the threat on an individual basis. Firewalls between the controller and the LAN. Epoxy in the USB ports. A locking cabinet around the CD-ROM drive. But replacing the core of the factory, on an unproven software package, just "in case" a hacker might target them? Not terribly likely.
This is not enough. Firewalls are insufficient. They need to implement real isolation, i.e. only an isolated net may be used and that has to be very heavily protected. It will take quite some time for them to find out how to do that, although competent IT security people could tell them today. The problem is that they are asking the wrong questions and are looking for IT experts that understand their business, instead of looking for competent IT security folks.
Re: (Score:2)
Well it's pretty difficult to insert a USB drive when you've had both hands cut off (in Allah's mercy)...
Re: (Score:2)
Re: (Score:3)
And the further simplistic (but still dumb and vulnerable) solution for you might be "two laptops". Only the red laptop connects to the equipment. The other laptop connects to the Internet and lets you read the manuals, docs, slashdot, etc. If you need to download a file, you format a flash drive in the red laptop, insert it into the black laptop and copy the file, then read it back in the red laptop. It's cheap enough, and adds another layer of difficulty. It might not have stopped Stuxnet, but it wou
Re:Enter Kaspersky (Score:4, Interesting)
Speaking as the system administrator for a large DCS system: the OS will be no good without a complete redesign of the application level software. The problem is not really the OS, but the fact that in order to make everything work together 'automagically', there are hardcoded service accounts, and much of the app executables (which are often executed with system permissions) are writable because the entire installation folder is writable. And of course, the controllers that do perform all control actions use a protocol whose only real claim to security is obscurity.
And from what I can tell, the system I manage is fundamentally no different in that regard from DCS or SCADA systems from other vendors. While it is true that a secure-by-design would be a good place to start, the main problem atm is that the application architecture is hopelessly insecure.
Comment removed (Score:5, Funny)
Re: (Score:2, Funny)
Way ahead of you.
-Colosus
Re: (Score:1)
Colossus - The Forbin Project [youtube.com]
Re: (Score:2)
Re: (Score:3)
No security expert will code their own software as long as OpenSSL, IPSEC, GPG and so on will do the job. Too expensive and too many mistakes to be make by bespoke software.
You sure about that? I mean, it's one thing to try to write a correct implementation of a very generic protocol (the ones you named), but who is to say that a tailored protocol sporting just the things you need for the app and nothing else can't be correctly implemented with a much lesser effort?
Re: (Score:2)
Re: (Score:2)
Instead, you should develop an artificially intelligent system to defeat would-be attackers and malicious software.
Yes, you should. [redlambda.com]
(Disclaimer: I work for Skynet.)
Yup (Score:5, Informative)
It's not necessary.
Re:Yup (Score:5, Interesting)
I like to compare the problem in this industry to Powerpoint presentations. If you ever attend a university lecture, you'll see the professor, who is an engineer, doctor, master's, Ph.D or whatever. He has 5 degrees, hundreds of certifications, and thousands of hours of experience in the field or in front of a class. Yet, he cannot be bothered to invest a few hours of his time in learning *GOOD* powerpoint skills. And don't even get me started on "getting your computer hooked up to the projector".
In the automation industry it's the same thing. A very clever engineer, real genius sometimes, comes up with mechanisms you wouldn't even dream of, and designs a machine as big as a building, that works perfectly. The problem is, it's the same guy who programs the PLC, and he likes to do it in Ladder diagram (which has its advantages. I do ladder and i admit it has the benefit that you can "see" the program, and not get losts in semicolons and braces). But, like a rookie programmer, he disables security, releases in debug mode, uses default passwords, and many other "bad practices" that could be easily solvable if he bothered to spend a few hours to learn to think as a software guy. Sure, disabling your firewall isn't harmful if you're testing for a few minutes. But "i can't find the problem so the only workaround i found was to disable the firewall" is pretty much what happens with these guys.
Re: (Score:1)
It's insanity to build 1000 identical machines with different passwords. Customers expect to get similar machines, and having different passwords only invites utter chaos.
Customers also expect electricians to be able to look at PLC logic, and know passwords on machines that they might look at once every two years. To expect different passwords is idiotic at best.
What needs improved are network level firewalls, which the IT department needs to do. Instead, IT people ask things like, "Can't you migrate tha
Re: (Score:3)
So why do they have passwords if the password is always 1234 and even the janitor knows it?
Re: (Score:2)
The same reason they put locks on the glass doors of convenience stores. To keep out inquisitive idiots.
Re: (Score:3)
All this password brouhaha is silly. If you have physical access, you can always do whatever the heck you want -- for all we know, you can unplug the control wiring from the PLC and run the machine from a pushbutton panel. That has always been the case. All one needs is a button on the PLC that you have to press, perhaps twice, to indicate that you're local and want to let a connection from your laptop access the PLC's administrative functions. Otherwise, if you're doing it from a cental office of some sort
Re: (Score:2)
Re: (Score:2)
Again, if you have physical access, all it takes is a little button to temporarily allow unlimited, password-less connection. I'm sure there's plenty of simple PLCs that are programmable with ladder logic only and any electrician will understand them, the stuff I deal with is used for motion control and you need to know your shit to do anything much with them. Like, for example, knowing a bit about a couple of different industrial communications protocols, knowing a bit about TCP/IP networking, knowing a bi
Re: (Score:2)
TFA was about SCADA hacks. SCADA systems are networks with (usually) remote screens. The point is that you can hack these systems easily with no physical access.
Re: (Score:1)
I work in this industry too, and I assure you I've never met another person in my field who knew anythimg about computer security, let alone thought it was important. When I point out obvious security precautions like putting a firewall between the industrial network and the corporate network, it's like I'm speaking Greek. Nobody knows or cares. I once worked with a contractor PLC programmer that brought a home wireless router and plugged it into the customer's industrial network with no password just for t
Re:Yup (Score:4, Insightful)
On the other hand when the SI password protects the PLC so another SI can't get in and fix the system(because the first SI is now out of business), now we can get in and do it without re-engineering the whole system. Sometimes low security has benefits.
90% of the security we implement is air gap. Once someone has physical access to the control panel, you've lost anyway, they could start swapping wires and pulling relays if they wanted. If the system must be on a network, we put it on physically separate network, with at most one SCADA PC on both(because the client demanded it). Still, you can set up a nice secure(ish) system, and two weeks later the client's IT department has screwed it up completely.
The major catastrophe you're waiting for is actually surprisingly unlikely. Sure a malicious person could cause a lot of damage, but from what I have seen people are more interested in stealing stuff than blowing it up. Why go to all the effort of destroying the mill on the goldmine when you could go to all the effort of smuggling gold out? They'd rather get on the internet to check their facebook, and once they realise the control PC is not on the internet they don't care anymore.
Re: (Score:2)
It can also prevent people named Terry Childs from taking your network hostage.
The most important security, is watching the watchers. Can the top boss still get into the system?
Re: (Score:2)
The top boss normally demands access to the SCADA in a monitoring mode. Or the SQL based reporting system at least, which should have a blame trail logged in it... Normally you don't want anyone but a qualified engineer messing around in a PLC.
Re: (Score:2)
Certainly the GP isn't talking about physical security, or even trying to use cybersecurity as a replacement for physical security. If there's a malicious guy standing beside your control panel, good luck. However, the fact is more and more industrial control systems, are connected directly to the corporate network. Even if they're not on the same network, you almost certainly need some kind of MES system with access to both networks, so you have a single point of failure there. Even without that you ha
Re: (Score:3)
Well, ultimately the customer is going to care more about downtime than about security. Even if security has a nebulous risk (that they have not run into yet) of causing downtime. Where I work, we also remote into systems, sometimes directly over a 3G modem. It is a massive security issue, but the convenience sometimes trumps it. Admittedly you'd have to hack a private APN to get into the system, and then bypass the passwords. It is doable, I am sure, but it would be a lot of effort to go to to get into, sa
Re: (Score:2)
So your machines run all night, banging out 100,000 promotional cake tins for True Love Waits.
And they all have penisbird embossed on them.
I bet it was that bastard in Accounts Receivable.
Re: (Score:2)
That's fine when you enemy is a crook who needs a financial incentive to get off. However, if your enemy is, I don't know...pick any of the global actors, someone or organization who gets off on causing mayhem, then the calculus changes.
Re: (Score:2)
Well, which is a better target? A nuclear power plant or a water recovery plant for a mine in the middle of nowhere. Set up your security accordingly - lock down the nuclear plant tightly. The water recovery plant can go down for weeks until someone bothers to go fix it and plug any minor issues. Seriously whats with all the paranoia on /. today?
Re: (Score:2)
Yeah, because you can't have a fucking button on the PLC itself to enable direct passwordless access when you already have physical access and can screw things as you please... For everything else, you don't need passwords, just loading up the set of public keys of entities that are allowed to make changes in the PLC. That's all there's to it. No passwords.
Re: (Score:2)
That is actually a very good idea. Sort of what OPC UA is trying to achieve. It is a great pity nobody has implemented it that I can see.
Re: (Score:2)
"Passwords will be forgotten". I don't recall saying that. Perhaps let me spell it out for you AC. The password may never have been given in the first place. A common despicable tactic by some less scrupulous vendors and SIs.
As for "Linux will fix it", we know about that, and sometimes use it. However, there are other very good reasons for having your control network physically separate apart from security. Network load and response times spring to mind. But then Slashdot's default "throw linux at it and yo
Re: (Score:3)
Ethernet is actually good enough for a number of things if and only if the network is unloaded. Reading values from a Modbus based protection relay for example. The values are not critical and even if the network fails the protection relay will still trip, but they are useful values to have and mean someone doesn't have to keep walking into the substation to look at them. I can think of a number of other such use cases where ethernet/ip is more than good enough. For remote IO, I would use something better,
Re: (Score:2)
Not in mathematics. Almost everyone uses Latex (often, the beamer package for slide
Re: (Score:3)
I recently went to a logic conference in Poland, only one presentation used ppt, the rest were Beamer and Latex. That's more or less the way it is done through theoretical computer science and among logicians. The reason has to do with typesetting mathematics. MS seems to have worked overtime to make that as painful as possible in ppt. Apple's Keynote makes it easy so it isn't impossible on something like ppt. Frankly, I won't touch ppt unless it is the last step in a process of producing slides and the sli
Re: (Score:2)
The industry works with what hardware they know.
No. The industry works with what hardware they TRUST. The problem is that trust is built up on a per company basis. After many years of experience with one vendor that vendor ends up on a list of preferred suppliers for any product they manufacture.
This is really good and really bad. By finding the good vendors you end up with a reliable and consistent equipment base which all your techs can be trained to work on and the next new project won't introduce uncertainty in the way of equipment requiring new tra
Re: (Score:2)
What happen? (Score:2)
Somebody load us up the bomb.
While Kaspersky's claiming... (Score:1)
...that they'll come up with something, the REAL solution has NOTHING to do with what they're talking to.
The OS isn't just the problem. It's the SCADA applications themselves as well. Something I've pointed out on several occasions to industry and even to people at NIST on the subject- in fact, quite a few researcher's have pointed this out over the last decade now. (And, all of a sudden, it's a "problem" now...sigh...)
Kaspersky's solution WON'T fix things like they're claiming- it's just more snake oil
Simple solution (Score:2)
Make the first episode of BSG Season 1 [amazon.com] required viewing for "intro to computers" class.
This is a mouse, this is a keyboard, this is why you don't jack your global defense grid into a wifi hotspot.
Re: (Score:2)
The last part will be censored. Of course, only for graphic display of violence and gruesome death.
Professionalization of software (Score:1)
At what point will software engineering be professionalized like the other branches of engineering?
Surely there are well established guidelines for securing software at this point.
1) Create a professional society for software engineers (the SPSE, let's say) with the power to grant and revoke certificates. Assemble a blue-ribbon committee and give them 6 months to come up with membership requirements
2) Have the SPSE adopt existing standards regarding security, stability, and whatever other categories are nee
Re: (Score:2, Interesting)
A nice idea in theory, but you're dealing with security. A field that reinvents itself every 3-6 months.
Judging from the average "standardized" guideline, the moment the final draft is getting its last changes it will be outdated by about 2 generations. So you now have the choice, either be accurate and give attention to detail and be about 3-4 years behind the attackers, or be vague and spotty and have everything pass because they can somehow fudge it.
We're not talking about approving technology where your
Re:Just an Iranian terrorist attack (Score:2)
Sadly no one will listen until something bad happens.
If you told someone pre-2009 about the need for financial regulations and the upcoming collapse people would call you a communist and a liberal! Peter Schiff did jsut that and was laughed at before he earned fame when the Great Financial Collapse hit.
Same is true with nuclear powerplants after fukashima, airport security after 9-11, and same after the space shuttle Challenger exploded, IE 6 security after code red. Money talks and shit walks. Only when de
Re:Just an Iranian terrorist attack (Score:4, Insightful)
Necessity is the mother of invention. That, or an article in the business newspaper your boss reads.
My solution to that problem was simply to subscribe to the same magazines my boss reads, peruse them for articles supporting my case and getting him to read it. Not only will he listen to them more than to you, he'll also think that you read "relevant" magazines and start listening to you, at least from time to time.
I know it's silly. hey, it's management!
Re: (Score:2)
Or start your own magazine.
I did consider bringing out "Management Fad Monthly" but I was worried that some silly bugger might try to implement an obvious spoof like TQM, stand-up meetings or employing Indian programmers, and then where would we be?
Re: (Score:2)
Hey, stop that! You're threatening my job, because coming up with harebrained ideas how to hack our security IS my job!
And damn, I love it!
Re: (Score:2)
I like your ideas. Who's going to pay for it, though? And please don't say the engineer. Looking around in my field, even my paycheck would hardly allow me to actually stay on top of the development in security.
may need unions as well so the coders can stand (Score:3)
may need unions as well so the coders can stand up to the PHB's and say that...
That time table is to tight
We need more staff and the 80 hour weeks are just makeing us make more errors.
We can't cut QA
You can't hire people who can't pass the certified test but have BA/BS while passing over people who have passed the test but don't have a BA/BS.
No I will not add this new stuff to the code this late in the roll out hell we still have some big bugs in the code base to work out.
No will not use that POS best buy s
Re: (Score:3)
I'm a P.Eng. I work in the control system industry. Most of the people who work in this industry are P.Eng.'s or certainly have an Engineering degree. Most of the ones I've met know *nothing* about computer security. These Engineers are the ones plugging PLCs directly into office networks because they're EE's. They have little to no training in computer networks (short of setting up their home routers). They have no idea what a VLAN is. They have heard the term firewall but don't really know what one
Re: the Challenger Disaster? (Score:4, Informative)
No, nor did they cause it, what did cause the disaster was political interference, such as the decision to manufacture the solid booster rockets in another state, necessitating them being made from segments bonded together with O-rings
Re: (Score:2)
What do you think will happen when managers learn how much software that gets signed off by a PE costs and how long it takes to develop?
Re: (Score:3, Informative)
"Did professional engineers prevent the Challenger Disaster?"
No, they did not. They tried like hell to prevent it, they were quite certain there was going to be an issue, because they knew the seals failed with lower temperatures, and seals had failed at temperatures not as extreme as on that day, so they were pretty certain there would be a problem and tried to stop the lunch. Sadly, it was not the engineers who were ultimately responsible for that launch, but folks more worried about bad PR.
So, what was y
Re: (Score:2)
Re: (Score:3)
I do like the sophistry in that CNN article - blaming the "English" units, rather than "Imperial" units. Nobody calls them "English" units, that's just an attempt to try to distract blame from shoddy American sloppiness.
Re: (Score:2)
The irony is that the part of the world that is most stubbornly attached to it[1] was the first to gain independence from the British Empire - after which the antiquated measurement system is named.
[1] or rather, a half-arsed bastardised dumbed-down version of it.
Re: (Score:2)
Re: (Score:2)
That engineering is like every other field where the chain of command prevails.
The guys at the top get all the goodies and glory and the guys at the bottom get stuck with the blame when shit goes wrong.
the PHB's over redid there issues. (Score:2)
the PHB's over redid there issues.
Industrial machinery is easily hackable if... (Score:2)
...you have physical access and hand tools. The ease of access in-place isn't a problem.
Controlling access itself is the problem.
tell that to the PHB who said we can save my remot (Score:2)
tell that to the PHB who said we can save by remoteing control to some offsite place.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If I have a PHB for a boss who pisses me off my mission is to fuck him over (being a PHB forfeits any moral obligations I'd otherwise have) so I'd document everything I'm directed to do and make slyly sure others know his every fuckup. I'd also befriend him so he didn't know what hit him.
Easily hackable? (Score:2)
Re: (Score:2)
Nobody will ever think of doing "telnet nuclearbomb.gov 1337". That would be too simple!
Industrial Manufacturing is changing (Score:1, Offtopic)
Re: (Score:1)
You'll just have to imagine them
Licensing. It's all about licensing. (Score:5, Interesting)
I was doing some electrical work at an oil refinery up north in Canada about 5 years ago. I wasn't specifically attached to their control systems or PLCs, though since the electrical was intertwined with a bunch of the automation I naturally knew all the guys who were taking care of that portion of the project since we were required to collaborate together.
On one particular day, I entered the facility as usual and was heading to an unfinished section to check out some conduit. On my way there I noticed a CAT5 cable stretched across a walkway, disappearing into a stairwell. This was so incredibly absurd and suspicious that I just had to see what the hell was going on, even though something in my head told me I didn't want to know. I traced the cable back to the management office where it was plugged into one of the network switches. Okay, weird- follow it back in the opposite direction, all away across the plant- after about 80 meters there was a hub/repeater dangling over a walkway rail plugged into the wall and another CAT5 cable stretching off into the oblivion. Following the second extension cable led me to a set of PLCs and a group of the control guys throwing vulgar insults at an Allen Bradley PLC unit.
Turns out the PLC was a "new" model. Instead of handling the licensing through a floppy disk (!) like all the old units did, this one used some sort of a proprietary activation scheme that had to run over the friggin' internet before the PLC would actually do anything. The CAT5 cable I'd traced about 180 meters across the plant going back into the office internet connection was setup to allow this process to complete, since they had apparently failed to do it earlier when the system was OOTB but not yet hooked up.
They eventually got it all working, but it took them about 5 hours of fiddling to get the damned thing working properly.
Shit like that is the reason why things are hooked up to the internet, sometimes improperly. I know there's certain requirements for remote monitoring and such, and that should all be done over an isolated, encrypted VPN- but then you've got licensing bullshit like this that expects to phone home to a random server on the internet with little or no fire walling in-between. There's no reason for it otherwise- apart from the PLC guys wanting to make sure you're licensed and all paid up, god forbid anyone should buy a second hand PLC and reprogram it to do something useful again.
-AC
why no dongles? (Score:2)
That seams like a good way and they can be hard to copy as well.
Re: (Score:1)
Because God forbid someone would sell them used and deny megacorp profits!
This way everyone is forced to buy new only as if you used a dongle then someone could sell them. Can you imagine how much the car companies would love to make buying used cars illegal?
Re: (Score:2, Insightful)
The only 1-time internet activation required on Allen Bradley equipment is the computer software (RSLogix 500/5000) to program the PLCs, AB PLCs don't need to be activated ever. (new or old).
As a PLC/PAC guy I am a HUGE fan of Ethernet/IP. It is the best fucking thing ever and people on this thread have no clue about the security of this technology. Try difficult (servos) programing with DeviceNET, Its a fucking joke and a waste of time, old technology. We have to have access to 100's of PLCs on our networ
Re: (Score:2)
I have found DeviceNET a pleasure to work with. Omron do it extremely well, and it is very easy to use. It is also sufficiently fast for most applications. My biggest hassle was connecting a Toshiba PLC to an Omron SliceIO system. Once it was working though, it worked exceptionally well. I'd much rather work with DeviceNET than ethercat or any of the other systems.
It's more about lack of knowledge (Score:5, Informative)
The CAT5 cable I'd traced about 180 meters across the plant going back into the office internet connection was setup to allow this process to complete, since they had apparently failed to do it earlier when the system was OOTB but not yet hooked up.
Assuming it was all Rockwell/Allen+Bradley gear then it was undoubtedly the FactoryTalk Activation system they were struggling with, and they were undoubtedly unqualified to be doing the work they were assigned to do (disclosure: I am a former Rockwell Automation employee so I have familiarity with the subject, but apart from that I do not speak on behalf of any employer past or present here).
First and foremost, Allen+Bradley(AB) PLCs don't need activations, so the licensing really isn't relevant to this story. AB makes a crap-pile of profit on that hardware the moment they've sold you the box--activation makes no sense. What DOES need to be activated (and is what creates profit for the Rockwell Software division) is the RSLogix programming software, without which the PLC is as useful as a doorstop. So unless they were completely clueless they'd have just taken their laptop into the office and activated their software then come back, rather than break all sorts of IT, security and safety rules stringing out 180m of CAT5 and a spare switch to get internet. The same goes for their drives--the drive units don't need activating but DriveTools software on the programming laptop may have.
That said, there may have been an industrial PC like a VersaView or third-party unit running the Rockwell HMI software and was bolted into the cabinet with un-activated software for some reason, but Rockwell/AB have thought of that...
The legacy licensing system used utility software called "EVMove" and relied on "master disks" (towards the end you could set up a USB flash drive) and in the field this was a royal pain in the ass--floppies and their drives are far too sensitive for such an environment, and USB memory sticks are terrible to manage and secure. Thus the development of the FactoryTalk Activation internet service-based scheme. Though it requires the internet the end system does not need to be connected to activate. The easy "wizard" way sends a "host ID" (the ethernet MAC address or some such number) from the end device to Rockwell via the internet. However, you can actually write down the mac address, or generate the hostID file on the target machine, then go to an internet-connected computer and type the hostID into a secure web form or upload the hostID file. The website then generates a license file that you can save to removable media or a laptop/portable machine to take over to the target machine physically, thus preserving the air gap (and making the method more similar to the old EVMove floppy method).
I do agree that licensing/DRM/activation is a big problem that costs end users millions of dollars globally (above and beyond the actual purchase cost of the products). It adds complication and downtime and confusion and contributes exactly zero value to its users. One might argue about its value to the vendor as well--FactoryTalk activation and many other similar schemes are just as trivial to circumvent as CoDeSys' ladder logic runtime for hackers, and adds the burden of extra support costs from the honest users it keeps honest. But the problem in industrial automation is bigger than that. The problem is that the world in general moves faster than industrial control systems can keep up, and the people who have "experience" honed their skills in the mid 1990s or earlier and haven't kept up. In the meantime, PHBs of the world in management and government demand of them far more than they are capable of delivering.
It used to be that refineries/factories/etc were content with paper chart recorders where operators and plant managers could peruse them if something came up to troubleshoot. Then came data recorders where you could plug in a serial cable or transfer via floppy to a computer for more deta
Re: (Score:3)
You are correct sir. We have never had to connect any PLC to the internet, and we deal with almost all manufacturers. Rockwell's horrible licensing scheme is why we don't use them so much. Other PLC manufacturers give SIs their software cheaply because that sells lots of hardware that way. Not Rockwell. I suppose it is better than Toshiba's "free" software (which I think was last updated in the 90s), but come on, don't Rockwell want to sell hardware? Even the evil Siemens practically fell over themselves tr
no need for internet connectivity (Score:2)
Re: (Score:3)
This is very common in the HVAC industry. Customers want to be able to check on their building on their smart phone at home over the weekend. Even without that requirement, the systems get put on the local intranet with everything else because the customer will not provide a separate network nor allow us to add our own. Very few of our customers put HVAC controls on separate VLANs with no access to the Internet.
Re: (Score:2)
Re: (Score:2)
They want to be able to change setpoints to make people happy...without going in to work. I agree, data diode is a great idea...when you don't need to interact with the system.
Re: (Score:2)
And sadly the PHB will have walked away with a big fat bonus long before his short sighted mandates have left a steaming mess for IT to get stuck with being blamed for.
Just part of being above the peons in the food chain, you get to eat the goodies and everyone below you has to take your shit.
Re:no need for internet connectivity (Score:4, Insightful)
My father works in an industry that uses a lot of PLCs and such. This is what he's told me:
Quite often, even though the PLCs run on their own locked-down OS, the console to manage it is just a standard Windows desktop. Kind of logical - it's just to display what's going on, maybe issue manual commands, but it doesn't "run" the system. And they're *designed* to be connected only to the LAN, not have any physical connection to the Internet. But quite often, he comes into an installation site and sees that they've plugged that desktop into the Internet, just because it had a port for it (or so the techs monitoring it 24/7 can relieve the boredom, against all procedure). So they end up connected to the internet just because the off-the-shelf desktop the blinking-lights-display runs on has an Ethernet port.
He's also told me pretty much everyone keeps the default password. Three fucking characters.
Would it terrify you to know that many of the sites he works at are power plants, both coal and nuclear? He doesn't touch the "functional" parts, but it still says bad things about their approach to security.
Re: (Score:3)
Ask him about the horror of OPC and DCOM. As a result of those two abominations most people just disable all security and add "Everyone" to all the lists in order to just get the damn thing working in a reasonable amount of time.
Re: (Score:2)
OPC UA promises to fix all of this, but nobody is implementing it...
Re: (Score:2)
DCOM is the spawn of satan.... ugh
Re: (Score:2)
He is unfortunately right, but it's skirting around the larger issue.
Humans are absolute geniuses when they act like fools. You can't regulate away boredom and idiocy. It's one thing to say, don't plug in USB sticks here it's against company rules, and it's quite another to leave a person alone unsupervised on nightshift with the piece of equipment. I kid you not we had one operator show us triumphantly how he managed to play a movie on the monitor screen of a gas chromatograph analyser, which happened to r
Car analogies are passe so here is a sex analogy. (Score:3)
Preaching that automation systems be kept off the internet is like preaching abstinance until marriage to teens. It sounds like the lgical solution to all the problems but it is unreasonalbe to ever expect it to happen, so the best course of action is to educate on how to do it safely and responsibly.
Ther are many valid reasons that automation systems are connected to the internet in some fashion (though they never need direct internet access). Some of those reasons relate to not braking the law.
In indust
Re: (Score:2)
Um... 2000 dollars in a perfect world of milk and honey.
Set up a test network
Do all internal testing and documentation of the system
Get all docs verified by the customer and signed off on
Hold a factory acceptance test, get everything verified and signed off
Travel to the oil rig.
Oh, your tech IS certified for offshore work right? No? Oh, send him on the full week 5000 dollar training course first then.
Install and get everything verified in real system
Oh, and this has to run on Windows 2003 R2 by the way, tha
Slight plug here, and I told you so. (Score:2)
We've been saying this for years, but then again - our company makes data diodes.
Re: (Score:2)
Try this on for size.....
3rd party logging vendor is given permission to run their logging servers on the secure network.
They require 5 open ports (7777, 25xxx) open both ways in the firewall.
They use ping to verify redundancy of hosts (derp...) so pinging through the firewall for all hosts has to be enabled/accepted.
Their logging software can be fully configured and modified from outside the firewall. They use simple tcp sockets with no encryption to send their management commands... like starting and stop
Does Engrish on the 3S Software site... (Score:2)
...concern anyone?
"We software Automation." is prominently put up on their website...a German company's TYPICALLY better at English than that.
They were just talking about a digital pearl harbo (Score:2)
Instead of spending the oodles of money for those worthless airport scanners, department of defense boondoggles, and useless shit, flame, etc...
we could have spent the money to develop an ultra secure replacement for hardware controllers, and manditory audits of mission critical systems, and unplugged needlessly internet connected components from the internet.
Instead we spent our money foolishly on shit we don't need.
I am calling fo
Re:Yea (Score:4, Funny)
Actually works better if you read it as 'clown' services.
Re: (Score:2)
Well then, the Gods Must Be Crazy.
(Actually is happened to me earlier this week. I think it's Obama's fault.)
Re: (Score:2)
I've seen air gaps cause problems, especially when they're between the user's ears.
Of course one solution is to install another air gap between the eyes, but this is generally frowned upon by both HR and the janitors.