Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet United States Technology

New York City Pushes Plan To Prevent Cyberattacks On Elevators, Boilers 171

coondoggie writes "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems and decided to disrupt them, imperiling the lives of hundreds of thousands of residents relying on them. Think it could never happen? Think again. 'You could increase the speed of how elevators go up or down,' says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority, which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems for the boilers, they could raise the heat levels for municipal boilers, causing them to explode." Maybe Bruce Schneier could run a new movie-scenario contest about ways this could play out.
This discussion has been archived. No new comments can be posted.

New York City Pushes Plan To Prevent Cyberattacks On Elevators, Boilers

Comments Filter:
  • DUMB (Score:5, Insightful)

    by Anonymous Coward on Thursday May 10, 2012 @03:54PM (#39959261)

    These systems shouldn't be network accessible anyway.
    !!!

    • Re:DUMB (Score:5, Insightful)

      by spazdor ( 902907 ) on Thursday May 10, 2012 @04:16PM (#39959507)

      And even if they are, why on earth would they have software-configurable speeds or pressures that can range outside of safe parameters? The safety limits should be hard-coded.

      • Re:DUMB (Score:5, Informative)

        by crashumbc ( 1221174 ) on Thursday May 10, 2012 @04:28PM (#39959603)

        They aren't the writer is a idiot. Boiler's have MULTIPLE safeties that will just them down locally.

        Not to mention mechanically pressure release devices, at worst they would vent boiler water onto the boiler room floor...

        • Re:DUMB (Score:5, Interesting)

          by tqk ( 413719 ) <s.keeling@mail.com> on Thursday May 10, 2012 @04:42PM (#39959705)

          They aren't the writer is a idiot. Boiler's have MULTIPLE safeties that will just [shut] them down locally.

          Not to mention [mechanical] pressure release devices; at worst they would vent boiler water onto the boiler room floor...

          We hope. Far too many geeks just assume what's drop dead obvious to them is drop dead obvious to users/regular mortals. You guys should know by now that's not true.

          Then, add in moronic management. !@#$ generally wants to happen if it can. See Murphy's Law.

          • Re:DUMB (Score:4, Insightful)

            by Darinbob ( 1142669 ) on Thursday May 10, 2012 @05:15PM (#39960093)

            I hope users/regular mortals are not installing boilers instead of professionals.

            • I hope users/regular mortals are not installing boilers instead of professionals.

              Remember how hard it was last time to find talented, compenent help? Double or treble that difficulty.

          • by spazdor ( 902907 )

            We hope. Far too many geeks just assume what's drop dead obvious to them is drop dead obvious to users/regular mortals^H^H^H^H^H^H^H^H^H^H^H^Hjourneyman boilermakers and elevator engineers.

            FTFY. The general public may be assumed to be idiots, but the aforementioned specialists should not.

            • by tqk ( 413719 )

              FTFY. The general public may be assumed to be idiots, but the aforementioned specialists should not.

              I hope you're right (about the latter). I've met far too many people in IT who barely made the grade as far as I was concerned. Hopefully, those trades do better on that score.

              • FTFY. The general public may be assumed to be idiots, but the aforementioned specialists should not.

                I hope you're right (about the latter). I've met far too many people in IT who barely made the grade as far as I was concerned. Hopefully, those trades do better on that score.

                Don't worry too much. There are always outliers in any field, but things like elevator experts, journeymen boiler makers, master electricians, pipe-fitters, etc are tightly regulated and enjoy a very high degree of general professionalism and competence, particularly regarding safety.

                I've been employed in a couple of these trades as w

                • by tqk ( 413719 )

                  So, many MBA/management types are tempted into thinking that even though putting all that infrastructure/mechanical control on the 'net might not be the safest idea, it sure saves money in skilled labor costs, though!

                  You've got to wonder, why isn't that facet taught to those MBA types? Liability can be a hell of a lot more expensive than mere labour. Are the MBAs to blame, or don't insurance companies know what they're doing?

                  I'm thinking of that building in Hong Kong (?) where some bright boy decided to move some honking big machinery from where it was to the roof, leading to the collapse of the building. That kind of comedy of errors just astounds me. First, why attempt it in the first place; is there no alternativ

        • they could raise the heat levels for municipal boilers, causing them to explode.

          Yes, and splash toxic oxygen dihydride [wikipedia.org] all around.

      • Hard-coded isn't enough. Critical safety operations should NEVER be given to software. Remember what happened with the Therac-25 machines?
        • Users find ways to get around safety features too. Such as a machine requiring two users to push two buttons that are far apart in order to turn on the machine, but then it turns out someone figures out that they can just put a weight on one of the buttons and operate it with only one person.

          Software can also be used to add safety. Same machine as above may be asking several times during operation "ask the patient's name" and so forth, all so that info can be cross referenced and operation shut down if th

          • Re:DUMB (Score:4, Funny)

            by GPierce ( 123599 ) on Thursday May 10, 2012 @07:48PM (#39961685)

            I remember the description of the ideal factory security system. It consisted of a computer console, a dog and one human being.

            The reason for computer console was to run the factory.
            The reason for the human being was to feed the dog.
            The reason for the dog was to keep the human being away from the computer console.

          • Sure it can be used as a first line of defence. But it should never be the only. And it should never have complete control. But hardware safety features should ALWAYS be implemented cause the software can (and will) fail at some point. Additionally it's important to design the hardware so that a failure of the safety system itself also disables the machine.
      • by devitto ( 230479 )

        I think the point is that the hard-coded software can be swapped with the software from the building with a basement, or more floors aka 'the Wonka Factory effect' :-)

      • And even if they are, why on earth would they have software-configurable speeds or pressures that can range outside of safe parameters? The safety limits should be hard-coded.

        In the case of boilers, they're not coded at all. There's a physical pressure relief valve. Jesus Christ! Programmers think hardware designers rely on CODE to make things safe???

    • Yeah! Go the Battlestar Galactica route and un-network all of this stuff!

      • Yeah! Go the Battlestar Galactica route and un-network all of this stuff!

        Can't you just cross the tachyon beams?

  • Offline? (Score:4, Insightful)

    by Nkwe ( 604125 ) on Thursday May 10, 2012 @03:55PM (#39959277)
    Maybe these systems should be on isolated networks.
    • Re:Offline? (Score:4, Insightful)

      by cpu6502 ( 1960974 ) on Thursday May 10, 2012 @04:02PM (#39959349)

      They probably are. This guy is just trying to sell fear for personal gain (money or power). Ben Franklin was right when he said the greatest danger are those in power who are filled with avarice or ambition.

      • by c0lo ( 1497653 )

        They probably are. This guy is just trying to sell fear for personal gain (money or power). Ben Franklin was right when he said the greatest danger are those in power who are filled with avarice or ambition.

        (pro)active stupidity in power is even worse.

        • Democrat Congressman to Pentagon general: "I am concerned that if we put too many tanks on the island might..... tip over." - Yep. Stupidity in a leader is dangerous.

          • by c0lo ( 1497653 )

            Democrat Congressman to Pentagon general: "I am concerned that if we put too many tanks on the island might..... tip over." - Yep. Stupidity in a leader is dangerous.

            (anecdotes aside... active stupidity is dangerous because makes the actions unpredictable. Avarice and ambitions show at least a pattern).

  • by h4rr4r ( 612664 ) on Thursday May 10, 2012 @03:56PM (#39959293)

    Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

    • You beat me to the punch. Likewise, many of these other systems will have hardwired safety systems that limit the danger they present.

      I still think this equipment should be on isolated networks, but it's harder for me to get overly excited about ICS vulnerabilities.

    • Elevators also have speed controls, and cannot go faster than a certain designed-in speed because of mechanical reasons, not CPU controlled ones.

      Besides, most elevators (and most boilers) in NYC predate the internet. On the elevators that are more modern, the average New Yorker would greatly appreciate it if you could speed them up somehow.....

      • Exactly. The speed of the elevator will be limited to the motor power. Now you could do something dangerous like waiting until 5 seconds after the door opens and then drop the elevator 10 feet. I don't know about the particular designs to know if there is a mechanical interrupt when the doors are open.

        • Exactly. The speed of the elevator will be limited to the motor power. Now you could do something dangerous like waiting until 5 seconds after the door opens and then drop the elevator 10 feet. I don't know about the particular designs to know if there is a mechanical interrupt when the doors are open.

          There is. Doesn't help when somebody bypasses [nytimes.com] it, but at least that has to be done on site.

        • And the motor power will be enough to do the job it's designed to do, perhaps with a little bit to spare.

          Some years back I blocked the elevator doors with my foot to hold it for a colleague I'd seen arriving. I didn't go for the button because I'd almost certainly hit the wrong one.

          Someone asked if I was worried that I might get my foot crushed. I said that even if the sensor failed, the motor wouldn't be powerful enough. And why would it be? It's unnecessary cost putting a 1200 hp motor to close a god

      • by cyberchondriac ( 456626 ) on Thursday May 10, 2012 @04:22PM (#39959559) Journal

        Elevators also have speed controls, and cannot go faster than a certain designed-in speed because of mechanical reasons, not CPU controlled ones.

        Aw crap, there goes my idea for a poor man's space elevator.

        • by mattr ( 78516 )

          What about systems with more than one elevator per shaft.. I know a couple high rises like that and they are probably software controlled through and through. Or I wonder is there a hardware mechanism that could handle idiotproofing it?

    • by cptdondo ( 59460 )

      I'm a bit baffled by this also. If all of the City's boilers and elevators are on the same network, and someone could successfully hack into it, they could possibly do some minor amount of damage. But really.... Elevators only hold a few people. And how many buildings actually have boilers? Don't most modern buildings use heat pumps? I don't know of any building that still uses steam, and those that do would be unlikely to have sophisticated networked controls.

      You'd get much more bang for the buck by bombin

      • . And how many buildings actually have boilers? Don't most modern buildings use heat pumps? I don't know of any building that still uses steam, and those that do would be unlikely to have sophisticated networked controls.

        NO buildings of any size uses heat pumps, they are very inefficient...

        Pretty much every large building has a boiler or more likely several.

        as far as steam I'm not sure how many systems new systems are being installed but any older building that's been keep up has had its control systems modernized. Example the Empire State Building's system is completely computer controlled (its steam)

      • by tqk ( 413719 )

        Seems like someone has been watching too many 80s B movies.

        Nah. Al Quaida's just lost so many of their leaders via drone strikes, they're outsourcing strategy and planning to the net. Smiple. [sic] Funny they'd come here. :-?

    • Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

      Exactly what I was thinking.

      Same thing with the elevators. Other than the dynamic braking that goes on, elevators pretty much operate at full-tilt anyway, and I am quite sure that there is a hard software/hardware limiter that sets an upper limit on the ascent/descent speed, as well as the maximum accel/decel rate.

      Any elevator engineers/techs care to weigh in on this?

    • Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

      Also, elevators have safety systems that deploy brakes automatically when an accelerometer detects a sudden acceleration well oustide of normal operating parameters.

      • This "Accelerometer" is mechanical. If the elevator completely lost power and the hoist motor brakes for some reason failed to engage (rare as they're supposed to fail closed), the emergency brakes on the car itself would trigger.
      • accelerometer? haha, that's the funniest thing I've heard Elisha Otis' invention called. it's a centrifugal brake, it has spinning weights on springs, and there is one at each corner on the rails. hint: they don't have ethernet jacks
    • by ehud42 ( 314607 )

      In New York where temperatures can go below freezing, a more devastating attack might be bust them enough to shut them down due to damage. Damage enough and the repair guys won't have enough parts or time to repair them all before the water starts freezing and causing even more problems. If the goal of terrorism is to upset the people, shutting the heat off on a bunch of lower income folks during a cold snap might trigger the desired instability.

  • hmmm (Score:3, Insightful)

    by Anonymous Coward on Thursday May 10, 2012 @03:56PM (#39959305)

    "business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority (NYCHA)"

    So a housing authority needs a full office for Information systems and in that office it needs a business analyst (because that is part of information systems)?

    Sound like a bureaucrat that needs to justify the job his dad got him.

  • by decipher_saint ( 72686 ) on Thursday May 10, 2012 @04:03PM (#39959375)

    In a World where up isn't always the direction you're headed and going down will kill you, A hero will rise...

    TERRORVATOR

    *break*

    Ted Buttson wasn't exactly the best elevator repairman "Y'know normally the buttons don't do this" (empty elevator drops from sight, crashes). In fact you could say he was the worst elevator repairman "Why do they build these things with all these extra bolts?" (elevator doors fall in), but sometimes it doesn't matter who you are if you're on the right floor at the right time "H-hey! I think these guys wanna do something BAD to this elevator!". Coming this summer from the same studio that brought you predictable comedy before comes "TED: Going Down" (close up shot of actor making faces with sexy music playing)

    [NOT YET RATED]

  • Derp, meet Herp (Score:5, Insightful)

    by girlintraining ( 1395911 ) on Thursday May 10, 2012 @04:03PM (#39959377)

    "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems."

    Some people would have to take the stairs and others would take cold showers. A truly terrifying prospect. Elevators and hot water are conveniences; People don't die from the lack of them.

    • Sounds like attempts to whip up a fear storm and get more funds allocated towards anti-terrorism. I get sick of the fear storms!
    • And the best part is that all the elevators and boilers will be reconfigured back to normal the next day and the world keeps on spinning like nothing happened.

    • by AK Marc ( 707885 )
      It sounds like you don't know what a boiler is. Think of downing the boilers in the middle of a bad winter, timed to coincide with a snow storm to hamper emergency response. It's not just hot water, but also heat. If 100 buildings with 10+ floors were suddenly without heat or elevators in the middle of a cold winter storm, don't you think that is a little more inconvenient than just cold showers?
      • by PPH ( 736903 )

        Think of downing the boilers in the middle of a bad winter, timed to coincide with a snow storm to hamper emergency response.

        OK, I'm thinking of it. I'm thinking of it for a week long outage.

        Welcome to PSE [pse.com] service territory.

      • If 100 buildings with 10+ floors were suddenly without heat or elevators in the middle of a cold winter storm, don't you think that is a little more inconvenient than just cold showers?

        I know what a boiler is, and I live in Minnesota. The lowest temperature recorded in New York during the winter is about -20. That's about the temperature where it starts to get cold enough that I'd think about keeping my pants on under the covers. Also, it takes days for a building to cool to freezing after a heating system fails; Just like a refrigerator doesn't immediately warm up to room temperature when you pull the plug. I've been in an apartment building when the boiler failed and was used as the pri

        • by AK Marc ( 707885 )
          You've obviously not lived in New York. They hadn't used much insulation when building the older buildings. The apartment will cool down much much faster than you think. More like a fridge with the door open than closed.
          • You've obviously not lived in New York

            I won't deny that... but our roads are well-maintained, solid industrial development, people are generally polite, it doesn't cost you your first born to park downtown, not much politics, and nobody here is stupid enough to build or live in a poorly-insulated building despite at the same latitude. New Yorkers must be a special kind of stupid.

    • by devitto ( 230479 )

      Elevators and hot water are conveniences; People don't die from the lack of them.

      Blatently, you have never tried to breathe near a collegue with an underperforming hygiene regime and/or instant movement-induced persperation. Lucky you.

  • by Dr_Barnowl ( 709838 ) on Thursday May 10, 2012 @04:24PM (#39959571)

    Cyberwarfare means money. As most of the preceding posters have identified, most of the perceived threat is total horseshit. But because computers are full of magic smoke and fairies, muggles presume that a computer hooked up to a machine is a terrible threat. Haven't you seen the famous historical documentary, "Terminator" ???

    It's just like the TSA - because there hasn't been a compumatronically induced apocalypse, we're doing a good job, right? Hell yeah, line up another raft of Cyberwarfare Funding Bills, and we need some more staff to hotswap the drives in our pr0n^W evidence storage RAID array.

  • because they didn't let certified idiots connect industrial controls to the Wacky Wacky Webbiepoo.

    this is real simple. turn off the interconnects, and toss those boxes in the trash.

    we knew enough when modems ran at 100 baud to not connect critical systems to an outside influence.

  • Most boiler and elevator design predates electronic/computerized controls so they have mechanical safeties.

    Thumbs up to everyone who said networking them to the Internet is a DUMB idea.

  • by quarkscat ( 697644 ) on Thursday May 10, 2012 @05:07PM (#39960011)

    Fear-mongering for fun & profit seems to be the new & improved USA business model, especially for governments at every level. Afraid of terrorists? Obviously, they are everywhere, and can strike at any time. Be afraid. Surrender all your rights & liberties, and (especially) your money to the government. The "war on terror" will save you, even from yourself. The DHS has spent over $1 Trillion fighting "terrorism" since its' founding. Is life without any risks whatsoever really living? And can one even prove that the benefit outweighs the cost, when success is only proven with a negative result? And the only positive results, aka real terrorism, for the past 25 years have been government promulgated?

    The "war on terror" is a black hole the USA throws money into, without actually making anyone safer. In fact, just the opposite is the case. Vastly increased sovereign debt threatens those very government programs & infrastructure that do help to keep us safe, healthy, and happy. Our infrastructure, like bridges, public health system, national power grid, water purification plants all suffer from competition with the "war on terror". OMG, man-made carbon dioxide is threatening us with global warming -- quick, let's ship all our industries overseas. OMG, there are religious fundamentalists half a world away that hate us for our freedoms -- quick, let's spend $4.5 Trillion in 10 years on perpetual warfare against these people. Surely they will not hate us any more if we drop money-bombs on them along with bloody expensive military ordinance, including their wedding parties and funerals. OMG, someone smuggled the equivalent of an M-80 firecracker in their pants onto a USA-bound plane -- quick, let's spend $250 Billion on terahertz-wave body scanners and place them everywhere, not just airports. Before we surrender more of our individual rights & liberties or more blood & treasure, let's get the answer to "Who benefits, and why?"

    The truth is, if you feel personally at risk of bodily harm due to acts of terrorism, go out and buy even 1 lottery ticket because the odds against you winning are only 1 in 175 Million, while an act of terrorism (a real act of terrorism not fabricated by government) is closer to 1 in 1,000 Million. Feeling "lucky" -- buy that lottery ticket. Ignore things like auto accidents with uninsured drunken drivers, or getting struck by lightening four weekends in a row when you go play golf.

    Industrial Control Systems have no business with internet access to operational processes, rather than merely an alarm or data monitoring channel, in any case.

    • by Arker ( 91948 )

      Robert Anton Wilson said it many years ago, and ever since I read it, I have been watching it become more and more obvious and uncontrovertible every year since.

      "The number one cause of national insecurity is national security."

  • We definitely need to train an elite corps of cyberwarfare personnel to deal with this sort of threat. I propose dividing the corps up into three tactical teams:

    Alpha Team will carry out recon and patrol duties, identifying computer systems responsible for controlling potentially dangerous hardware systems.
    Bravo Team is responsible for extraction and isolation. Their mission is to walk up to these machines and unplug them from the Internet.
    Charlie Team is the counterinsertion team. They will be equipped

  • based on recent headlines like http://www.nytimes.com/2011/12/16/nyregion/elevator-that-killed-yr-executive-was-undergoing-maintenance-city-says.html [nytimes.com], I'd be more afraid of negligent elevator repair staff than of terrorists.
  • to subdue children [wikipedia.org].

    It's 2012 - aren't we past this sort of "Only my Department can save you from the eBogeyman - with proper funding" yet?

  • You mean that, through clever hacking, I can actually activate the boiler?? Like, when it gets cold?? No more listening to bullshit excuses from the landlord??

    Now I can quit banging on the pipes.

  • All it takes is one terrorist with a chin-up bar [xkcd.com] and we are all doomed!

  • What kind of idiot would design a boiler without a pressure relief valve? I think that would be only the kind that aren't allowed to design boilers.

  • It wonders me to see a forum like slashdot not recognizing FUD tactics.

    This time, FUD targets everyone's stability and inspires fear from everything.

    "You are warned, don't tell you are not, once your elevator leaves for moon. With you inside."

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (7) Well, it's an excellent idea, but it would make the compilers too hard to write.

Working...