Hackers Gain "Full Control" of Critical SCADA Systems 195
mask.of.sanity writes "Researchers have found holes in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. They also identified more than 150 zero day vulnerabilities of varying degrees of severity affecting the control systems and some 60,000 industrial control system devices exposed to the public internet."
Note the mention of insufficient entropy (Score:2)
I suspect the Siemens and Sietec people are now on a wide-ranging entropy hunt, probably along with the German Federal Security Service (:-))
Comment removed (Score:5, Interesting)
Re: (Score:2, Interesting)
The best thousand+ ton machinery I've seen, were running haskell code on the latest linux kernel. So cool and up to date.
Re: (Score:3)
In that case I wouldn't call it a zero day vulnerability, I would call it vulnerability due to incompetence.
Hack the systems and make them go down permanently by a hard disk low level format or corresponding. That would raise the security awareness more than a slashdot article.
Only case to have an unpatched server is when you are running it standalone with no possibility to install anything new on it without opening a padlock.
Re:These systems are a product liability nightmare (Score:5, Interesting)
1. The people who run the plant are trying to squeeze the maximum amount of yield from their plant. Shutting down a SCADA system so that it can be patched and tested may literally cost them millions of dollars per hour. Furthermore, the cost of upgrading is not looked upon kindly unless it's going to help you create more of product X at a lower price. You may argue that the greater good is more important than money but these guys aren't listening to that.
2. These industries are rife with rules and regulations that further inflate the cost of patching systems. In the pharmaceutical industry the cost of applying a single patch may run well into the millions of dollars because every change has to be meticulously audited.
3. IT is often outsourced to third parties in order to control costs. The downside of ceding control of your own infrastructure is that even something mundane like changing a firewall rule has a process which costs money and resources.
4. There is an old-school engineering mentality that is pervasive based on the old adage "if it ain't broke don't fix it". No person involved in the industry wants to find problems. They want the plant to produce and they expect the hardware and software they buy to produce - untouched - for 20-30 years.
I have seen crazy things at plant floors. Control systems still running on Windows NT, operators sharing credentials, copying files from one system to another using thumb drives because the network does not allow files-haring.
Re:These systems are a product liability nightmare (Score:5, Insightful)
There is an old-school engineering mentality that is pervasive based on the old adage "if it ain't broke don't fix it".
The problem with that is, by putting it on the internet, they've broken it (even if the breakage hasn't hit home yet). Nobody wants to admit that they've done that, but it's their own damn fault. A good start to fixing things would be to airgap the SCADA network from the internet, and if connecting is necessary at all, to use a good double firewall with hardened DMZ machine in between. The DMZ can be locked down hard and updated carefully, and it doesn't need to ever hold systems that need careful certifying as it should never be in the control loop; just out of band monitoring.
Re:These systems are a product liability nightmare (Score:5, Insightful)
Normally the SCADA systems **ARE** air-gapped from the corporate backbone, but until we start breeding better managers some idiot will occasionally pull a cable across that gap in order to produce a report or something.
Re: (Score:2)
Normally the SCADA systems **ARE** air-gapped from the corporate backbone, but until we start breeding better managers some idiot will occasionally pull a cable across that gap in order to produce a report or something.
This suggests a product idea -- triangular (or otherwise oddly shaped) Ethernet jacks, for use in computers that are not supposed to ever connect to the Internet. All your SCADA machines would have these, and it would be very difficult for the idiot to connect a cable to them that also connects to a non-SCADA machine.
(Until the inevitable RJ45-to-triangle adapter cable becomes widely available, anyway)
Re: (Score:3)
No. Very few SCADA systems for plants that do anything other minor local control are "air-gapped".
Most normal SCADA systems are part of a virtual network. And that's kind of the point. Small pumping stations, local control systems that none the less need to act as part of a larger system (think power grid) require some kind of network connection.
Just because it's not the corporate backbone doesn't mean it's not the internet.
Re:These systems are a product liability nightmare (Score:5, Informative)
The SCADA systems that I have worked with were for electrical generation and distribution and water/sewer systems, and they absolutely were air gapped. Crossing that bridge with a cable was an automatic firing offense, and yes, they canned a manager who thought that no one would notice. That utility covered an entire very large and highly-populated county and tied into the larger national electrical grid. I'll guarantee that most of the SCADA systems nationwide are air gapped, as it's required by FERC and can generate hefty fines if they're not.
Re: (Score:3)
Not all SCADA systems can sit and hum away without any external influence control or set-points. Not all SCADA systems can be set up in a way that a technician can easily travel out and download logs or trends.
The SCADA systems I have worked with are absolutely connected to the "internet". I use inverted commas since it's not connected in a way that you can just fire up it's IP address and be all happy. VPNs, firewalls, and a connection to a specific machine in a specific network only. Why? It's a pumping s
Re: (Score:2)
The problem with that is, by putting it on the internet, they've broken it (even if the breakage hasn't hit home yet). Nobody wants to admit that they've done that, but it's their own damn fault. A good start to fixing things would be to airgap the SCADA network from the internet, and if connecting is necessary at all, to use a good double firewall with hardened DMZ machine in between.
You know, I've never understood this predisposition towards firewalls. Secure the system such that it only listens on a specific port for specific secured encrypted messages. No need for a fire wall. A firewall just adds more complexity and points of failure. It's much more efficient to secure the system's communications than to try to secure the various access points.
Re:These systems are a product liability nightmare (Score:4, Insightful)
The people who run the plant are trying to squeeze the maximum amount of yield from their plant.
Very laudable. That's their job.
Shutting down a SCADA system so that it can be patched and tested may literally cost them millions of dollars per hour.
That cost should have been factored into the financials from Day 1. It's usually omitted by managers and accountants because with it, their projections wouldn't look as good.
Furthermore, the cost of upgrading is not looked upon kindly unless it's going to help you create more of product X at a lower price.
Bear in mind that the cost of not upgrading may be the end of the company.
In Economics 1.0, business students get taught that the primary objective of the corporation is to make a profit. Most managers believe this. Wrong. The primary objective of the corporation is to assure continuance, even if that means a couple of years of losses from time to time.
Failing to recognise this is usually among the early symptoms of eventual failure.
Re: (Score:2)
Most of the endpoint devices that I've seen use either Linux (old, unpatched versions) or something akin to Tron or DOS. Management clients are often Windows, and they're unpatched and unmanaged because they're not on the normal Corp network so IT doesn't have access to them. The actual SCADA management system is normally hosted on some flavor of Unix, at least in the power and water industries.
Re:These systems are a product liability nightmare (Score:5, Insightful)
Updating breaks now with near certainty. Not updating breaks later with a lower probability. Easy choice,
Sad, but true.
i hope people with SCADA systems learned. (Score:5, Informative)
do NOT connect SCADA systems to the internet.
Re: i hope people with SCADA systems learned. (Score:5, Funny)
The air gap is not the solution. Proper isolation, firewalling and virus/malware is.
Re: i hope people with SCADA systems learned. (Score:5, Interesting)
Proper isolation? If by proper isolation you mean an air gap, then OK, I agree.
"Proper firewalling" is a pipe dream. If you have a firewall, then you have external access and a vulnerability right there.
Whatever port you have open is an access point, and thus a vulnerability.
Keep in mind that many of these systems have hidden backdoors or default admin accounts for maintenance.
And the reply "it's OK if it's properly configured" would be true if every system had network admin that was 100% competent. Do you wish to make that claim?
"virus/malware"? I suppose you mean anti-virus/malware. There is no such thing a 100% effective anti-virus/malware software. They are not even close.
Keep in mind that the anti-virus software in itself is a vulnerability.
Re: (Score:2)
An air gap just limits the remote attack capability, and is fairly easy to defeat with local access. At every level you need to limit the attack surface.
Re: (Score:2, Insightful)
What use is an air-gapped machine? How do you communicate, how do you control it? Build your own physical network infrastructure (preferrably with blackjack and hookers)?
Re: (Score:2)
What use is an air-gapped machine? How do you communicate, how do you control it?
As hard as it may be to remember these days, it is possible to communicate without the Internet (especially when that communication need only be local).
Re: (Score:2)
As hard as it may be to remember these days, it is possible to communicate without the Internet
We're talking about systems here, not intersocial communication.
If you air-gap a machine, then you need to hire people to maintain the machine locally. This just does not scale.
especially when that communication need only be local
For instance?
Re: (Score:2)
If you're the only company in the industry and exploits are very common your thinking would work.
Reality disagrees.
Your competitor will have vastly lower cost and higher efficiency up until the point that he is exploited. If it's 5 years between exploits, then it's likely you've already been put out of business.
Re: i hope people with SCADA systems learned. (Score:4, Insightful)
What use is an air-gapped machine? How do you communicate, how do you control it?
So we ran these machines with no control or communication before the interwebz?
If you want to run these things on the internet, they will be hacked.
Re: (Score:2)
Re: (Score:2)
Right, just like we ran computers before the internet existed. Why don't you just unplug yours and I'll mail you DVDs?
Re: i hope people with SCADA systems learned. (Score:5, Informative)
"Proper firewalling" is a pipe dream. ...Keep in mind that many of these systems have hidden backdoors or default admin accounts for maintenance. And the reply "it's OK if it's properly configured" would be true if every system had network admin that was 100% competent. Do you wish to make that claim?
I think some people used to "conventional" IT don't appreciate how unrealistic it is "properly configure" (in terms of security) every box on a SCADA network. A typical network consists of a plethora of different types of boxes, with different OS's (often just RTOS's, which are usually not that security conscious), and all sorts of configuration, testing and latency requirements that go beyond what's needed in normal IT. Think in terms of making sure that robot arm doesn't smash into anything after your latest security update. Also, these boxes aren't, and realistically can't be, monitored all the time by checking log files and so forth.
A similar situation occurs in aircraft, including military aircraft. I assure people there aren't firewalls or other security provisions between various avionics boxes. The big concern is reliable, error free and low latency communications between boxes. It's bad news if an actuator/sensor for a flight control surface has trouble, or takes too long, to talk to the main fly-by-wire system. Security is about "don't let it through unless you're sure", which obviously conflicts with the more important goals.
Want security? Don't connect to the Internet.
Re: (Score:2)
Security is about "don't let it through unless you're sure", which obviously conflicts with the more important goals.
No security is about, availability, integrity, and authorization. If the system needs low latency communications that is an availability concern; its absolutely part of the security practitioners job to make sure those availability and integrity goals are met. They are not competing goals they are complementary goals.
Security experts who don't understand that are not in fact experts. People who think security just gets in the way also need to shut up and listen.
Re: (Score:2)
The air gap is not the solution. Proper isolation, firewalling and virus/malware is.
No. Firewalling, virus protection, malware detection... all these techniques can be flawed, either by design, because of oversight...
It is acceptable for most system (because these issues get fixed after a while), but for a SCADA system you don't want a zero-day to be exploitable *at all*. Your system can have a ton of backdoor/vulnerabilities/exploits, if it can't be reached by any other mean than physical access they are not an issue.
Re: (Score:2)
Tell that to the people running centrifuges in Iran. Their machines were air-gapped, but they still fell victim to Stuxnet.
Re: (Score:3)
Proper isolation, firewalling and virus/malware is.
No it isn't. That is a recipe for failure. Simplify and secure the system. Reduce the points of failure to the minimum and make sure the few that are required are secured. Adding more complexity and more points of failure just increase the probability of failure.
Re: i hope people with SCADA systems learned. (Score:5, Funny)
To prevent piracy and sales of used Scada these require internet access to stay activated. We wouldn't want to deprive income now would we
Re: i hope people with SCADA systems learned. (Score:5, Interesting)
The problem with making some of these systems inaccessible means they have almost no real functionality at that point. Using the tritium JACEs as an example, the whole point of them is the network, and to exchange information in higher level protocols.
In the old days we separated systems and interfaces between systems with relays and analog i/o. While it worked then, now we have 100x points (many diagnostic rather than control) and it just isn't practical. Today's practical solution would be the SCADA as primary, with a lot of hard-wired safety interlocks. The problem is there really is a shortage of people that can troubleshoot those things, so it is likely to be disabled within 5-10 years, or once needs change.
Proper security is hard, and when 80% of it is in a black box provided by a (adversarial) third party, this is what you get.
Re: (Score:2)
You can make it accessible without putting it on the public Internet.
A lot of the companies who run SCADA devices will already have some form of MPLS WAN, most providers can give you DSL links onto that network rather than Internet. Lets you reach the device but doesn't let the rest of the world.
Or if that's not an option then stick a cheap VPN endpoint infront of it and run the comms over IPSec.
Re: (Score:2)
Don't forget that you now and then see ads that are infected.
Makes me wonder how many ad servers that serves ads with a hidden bomb that we haven't seen yet because it waits for the right conditions.
Re: (Score:3)
It seems you have little knowledge of the SCADA world. The air gap is an illusory security. Iran's nuclear plants had SCADA computers air gapped from the IT network. It did nothing: a USB, a CD, a virus infecting an update to your very SCADA software, etc will bring you back to reality.
Re: (Score:2)
Why does a SCADA system need access to the interwebs?
So they can update their Facebook pages?
Re: (Score:2)
So they can be monitored and administered from a central office 2000 miles away by a few employees at a location which houses all the accountants, sales reps, and so forth that the companies rely on in order to maintain production levels. This allows them to drastically reduce costs of administering them as a t1 connection is about 1/10 or less of the cost of one of several IT staffers that would be required to maintain them at local only access. And much more cheaper then travel and housing expenses of tra
Re: (Score:2)
Then use a VPN. This allows remote access without internet access.
Re: (Score:2)
As long as the other end you are needing to contact will use one too, this is viable. However, that isn't always the case or possible. VPNs can also be exploited and defeated. If one machine that is allowed in the VPN becomes compromised, the entire security model of a VPN is defeated. It really is a lot more complicated then doing one thing.
Re: (Score:2)
This allows them to drastically reduce costs of administering them as a t1 connection is about 1/10 or less of the cost of one of several IT staffers that would be required to maintain them at local only access.
Until someone cracks their way in. Then the falsity of this economic model is exposed.
Another reason is that some SCADA systems aren't actually purchased. They are sort of rented and need to contact a server in order to validate their installs and operate periodically.
This can be done over something other than the Internet, as several people have explained.
Re: (Score:2)
Sure, but when it was developed, this entire threat was pretty much non existent in reality. That has changed but the model hasn't exactly caught up yet. That is why exposure and working on it needs to happen.
Sometimes it can be and some times it cannot be done. The problem is actually having both sides participate in doing so which i
Re: (Score:2)
And do not allow USB-sticks or other media to be inserted into these systems.
Re: (Score:2)
And do not allow USB-sticks or other media to be inserted into these systems.
That's going to make installing bug-fixes interesting... perhaps they send a new computer from the factory and swap out the existing one?
Re: (Score:3)
do NOT connect SCADA systems to the internet.
Not bloody likely. We're expanding, with lot's of home surveillance systems, ans coming soon, the "internetted" automobile.
The great thing is that nothing can go wrong with this sort of stuff.....
Re: (Score:2)
Can't they put a computer before them, that requires SSL/TSL connections, and authenticates any socket before forwarding it to the SCADA computer? A proxy, so to speak.
Re: (Score:3)
do NOT connect SCADA systems to the internet.
Do have employees running around in trucks to check things, or actively monitoring larger systems that need constant attention. Do charge customers more money to support those extra employees. Do make decisions based on daily dumps from mag tapes somebody drove over to the central office. Note, I'm not saying that's a bad idea. I'm just pointing out the trade. I bet a lot of things were done like that up into the 1980s. I have personally driven mag tapes
Re: (Score:3)
I get your point, but none of that requires the SCADA system to be connected to the Internet. It does require a dedicated network for SCADA completely separate from your LAN/WAN but you can do all of that with technology and not touch the Internet.
These issues have been flagged for 10 years (Score:3, Insightful)
These issues have been flagged for roughly a decade. I have ZERO SYMPATHY for anyone who gets taken over.
Re:These issues have been flagged for 10 years (Score:5, Informative)
It's not about sympathy, it's about the effective destruction of our entire infrastructure without dropping a single bomb. The first sign that China or Russia is at war with us will be all our utilities and factories going dark. This is everyone's concern.
Re: (Score:3)
If you use jelly as the basement of your house is your fault that the house is unstable. Putting and approving to put critical infrastructure directly accesible on the open internet, that can have present or future vulnerabilities is bordering criminal behaviour. That people should be the first on the line to be jailed, and now, not when something bad happens.
And remember, the ones that started with big scale "war" has been the US. Don't start a war of breaking glasses if your entire house is made of (spec
Re: (Score:2)
Lets stop being overly dramatic and think about reality. When a lot of these systems were placed in the open, the entire thought of exploiting them was pretty much non existent. It's like the early Microsoft security models that completely missed the communications implications of the internet and the reason why after windows 98, they s
Re: (Score:2)
Since the 90's ive seen constantly scanned every internet connection for open ports, vulnerabilities, and common software with flaws. And when something had a known (may not by you, but by the exploiter) vulnerability, and was interesting enough (profit, fun, proof of concept, following political agenda or whatever) it was exploited. It is not the 90's anymore, the whole internet can be scanned in 45 minutes [zmap.io] (and exists scans ready to use [scans.io] if you don't want to spend any time), if something can be used, it wi
Re: (Score:2)
Interesting you mention a kid causing chaos. Ever hear of a molly guard and how it got it's name?
Negligence is not criminal though. That was the point of my comment. Negligence that happened in the past without advanced knowledge of the future cannot be criminal. It can be short sighted, stupid, clumsy and a number of other things, but not criminal. Many of these exposed systems were developed before the 90's and switched to using the internet during the 90's to save costs. Many of these systems were put in
Re: (Score:3)
When a lot of these systems were placed in the open, the entire thought of exploiting them was pretty much non existent.
Only "non-existent" to people who weren't thinking and weren't paying attention to the literature. There had been a LOT of academic warnings back to the 1970s about the potential security problems of interconnected networks. Heck, the entire genre of cyberpunk science fiction in the 1980s - Neuromancer was 1984 - didn't come out of thin are but was based around the then-current academic discussions of the security problems of the early Internet. The first IBM PC virus [wikipedia.org] was 1986, the Morris Worm [wikipedia.org] was 1988, pre
Re: (Score:2)
repairs to the confidence in the financial system after some banker has diddled the risk models to ignore the sub prime lending risks.......
That confidence was destroyed by the financial system itself several years ago. Considering what the financial scam artists got away with, I don't see how hackers could make it any worse. By contrast, water and power actually work.
Re:These issues have been flagged for 10 years (Score:5, Interesting)
I ran a part of the process plant by hand during the commisioning phase for the last automation project I was on. Working together with an operator I could barely keep up with one fifth of full capacity for four hours and we were both completely drained afterwards.
The complexity of modern process plants is mind-bogling to people who haven't seen them - and even when they've seen them they don't understand that all the valves, pumps, heat exchangers, etc., around them are doing a finely choregraphied balet behind the scenes. The manpower needed for running a process plant by hand is in the neighborhood of 10-20 times that of running an automated plant, and even then the throughput will be less and the quality of the resulting product lower.
Re: (Score:3)
Judging by your "ThreeKelvin" name, it must have been a liquid helium plant.
Re:These issues have been flagged for 10 years (Score:5, Insightful)
These issues have been flagged for roughly a decade. I have ZERO SYMPATHY for anyone who gets taken over.
MSOBKOW this is your boss.
What do you mean it is a security risk to put this on the internet? Everyone else has no problem doing this and I never heard of anyone being hacked. Like a billion dollar company would ever design such a thing when an internet connection is required to stay activated. Are you telling me that firewall you said we needed doesn't make is impenetrable?! Why can't you secure it? Do I need to hire someone who will?
Re: (Score:2)
Why can't you secure it? Do I need to hire someone who will?
Yes. Yes you do. And when they fail, you should know that my contract rate for you, with the negative discount, is $500/hour, in hour increments.
Some of them expose to the internet via VNC... (Score:5, Informative)
At 30C3 someone ran a portscan on the VNC port of the entire IPv4 internet, with 'interesting' results, highlights of which included a swimming pool chemical dosing control system, various power generation and control systems, building environmental control systems, air handlers, all sorts of wild and whacky things, some of them lacking in even the rudiments of passwords never mind proper crypto....
The best one looked to me like a medium voltage distribution cabinet where the setpoints on the overload trips looked like they could be reconfigured from the internet!
Ahh the things you can do in reasonable time with a 100Gb/s of bandwidth, the rsulting slides at the closing event (which is where I ran across it) were very, very scary.
SCADA on the internet is a really, really bad thing.
73 M0HCN. :wq
Re: (Score:2)
Re: (Score:2)
What's interesting is, why are news of anyone actually exploiting those vulnerabilities so rare? It seems even though the vulnerabilities are there, nobody is exploiting them.
Re: (Score:2)
I've found hackers trying ports 5802 and when I tracert them I get a weird 2900ms delay leaving the last US hop at San Diego headed to the Orient.
Just wait for what comes next (Score:3)
I remember, far back in the late 1960s, when a popular DJ on a local radio station joked for everyone on a particular Interstate leading into the city to "CHANGE LANES". I was on that road and an amazing number of people did. With TIOE the cars can just do the lane change without having to tell the drivers to do it! Of course most of the drivers did make sure that the lane they were moving to had room for them. I doubt that will be the case next time.
Re: (Score:3, Interesting)
Indeed, thinking of the smart grid, you could probably get the grid down by issuing a command to sufficiently many household appliances to switch on at the very same time. Those will be even less protected than the power stations, because "who would want to attack my dishwasher?"
Re: (Score:2)
Another Tao of math: For Electrical Engineers imaginary numbers are real.
Re: (Score:2)
Indeed, thinking of the smart grid, you could probably get the grid down by issuing a command to sufficiently many household appliances to switch on at the very same time. Those will be even less protected than the power stations, because "who would want to attack my dishwasher?"
New Jersey's Governor will be able to more tightly focus his retribution efforts. Instead of old school shutting down lanes of traffic, he'll be able to turn off the electricity to every registered Democrat.
Why the hell (Score:2)
Plain stupidity or folks managing those don't know what this Internet stuff is?
Re: (Score:3, Insightful)
Because actually it is really very operationally useful, and USEFUL in normal use trumps security EVERY SINGLE TIME.
Consider someting simple like a public building heating control system, this is probably a modest PLC from the usual suspects, now if I am the poor sap in charge of the building systems (Nightmare, been there, done that), and the thing alarms at say 2100 on my day off, I have a choice:
I can go in and clear the (often but not always) unimportant problem, takes me an hour to get there and I was
Re: (Score:2)
Point taken, but I think the appropriate security/convenience tradeoff needs to be assessed for different situations. Messing up a building's HVAC is going to wreak a lot less havoc that messing up water, power or sewage systems.
I also have a question. How is connection between PLC's to the Internet handled for such things? Is the PLC directly connected (probably a very bad idea) or is it through a computer that can be used as a firewall?
Re: (Score:2)
Security/convinience tradeoff? You try explaining that to a building contractor sometime!
As to the interfacing, it depends, sometimes it is a direct link to the plc, sometimes the plc talks CAN or RS485 or such to a windows xp box which runs a web gateway... I personally think the first option is likely more secure, especially when the machine in the corner of the plant room is found by the local security guard to be a good place to browse porn sites and download videos on the night shift (It happened, and
Re: (Score:3)
Point taken, but I think the appropriate security/convenience tradeoff needs to be assessed for different situations. Messing up a building's HVAC is going to wreak a lot less havoc that messing up water, power or sewage systems
True. ALthough there might be some business reasons to do so. Imagine making your competitor's HVAC systems go down during important meetings, or in the dead of winter before a big deadline. ANd considering that we live in a country where American on American attacks are political gold: http://www.latimes.com/nation/la-na-christie-bully-20140111,0,3128420.story#axzz2qD3vqu1x [latimes.com]
No, I think this is an untapped market of Screwing With Your Competition.
unlocked doors (Score:3)
These systems are the moral equivalent of leaving your door not just unlocked but ajar. It doesn't change the morality of anyone trespassing to steal or destroy, but it does make the owner much more culpable. We do not face a threat to our cyber-infrastructure, but rather have irresponsibly left the infrastructure unprotected, and should not be surprised that people of varying motives might take advantage.
We do not need a cyber-infrastructure police force, unless they're actually tiger teams who publicly shame the idiots who leave their systems unprotected...
The Internet of Things (Score:3)
could someone a lot wiser than me please explain why we need to connect everything and anything to the internet?
I expect the hackers are rubbing their hands with glee at the prospect of being able to hack all sorts of things. Imagine all the havoc they could cause by making all the freezers in a country suddenly defrost?
Frankly, I think this drive to connect everything is totally misguided.
Re: (Score:3)
Cost.
Why pay a person to stay on site or make periodic visits to maintain equipment or change settings when a few people can do it remotely? It does sound convenient but it opens a whole can of worms as any one anywhere on earth can potentially wreak havoc on your low cost maintenance systems.
Re: (Score:2)
That's not the whole answer. First, there were remotely monitored and controlled systems before the Internet (though I'm not sure how the various links were implemented). Second, I suspect that the convenience, or perceived convenience, may be as important as cost. Lastly, anything you can't connect to the Internet seems outdated (whether or not the connection is a good idea).
Re: (Score:2)
Not Cost.
Profit.
Please do not confuse the two as Profit has a higher driving force than Cost does.
Re: (Score:2)
Have you never heard of Firewalls and VPN's?
As part of my job I login to sites all over the world via VPN (actually two VPN's). None of the systems I connect to are visible on the internet. Good job too.
Putting all sorts of devices directly on the Internet as all those IPV6 advocates are so fond of reminding us that there is plenty of address space to do it is just stupid and will eventually cost a lot of lives. Perhaps it will take a major catastrophy to wake people up to the dangers of doing this.
Having b
Re: (Score:2)
Tell me, do you split tunnel? if not do you always check the routing table before and after you connect to those VPNs? Because despite what you think those machine might very well be visible on the internet. Just takes the right malware running on your laptop.
Fundamentally you are mixing a high security domain ( the SCADA network ) with you machine which has been in a low security domain and is in a questionable security state. Even if we want to believe the VPN isolation it self is always perfect and no
Re: (Score:2)
Thats typically because fully air-gapped machines are terribly useful, unless they inherently do not need to communicate for the task they are doing. for example .... uh.
Re: (Score:2)
eh and that should ofc read 'terribly useless'
Re: (Score:2)
unless they inherently do not need to communicate for the task
Unless they inherently do not need to communicate beyond the local network.
for example .... uh
Most SCADA systems. There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy.
Re:The Internet of Things (Score:4, Insightful)
It is trivial to make a "one way, unhackable" ethernet connection to export data to a unsafe network device.
you have a machine on the SCADA network with TWO network cards. One connects to another PC on the insecure network via an ethernet cable with ONLY the TX wires connected. no RX lines. set both to a static IP and then UDP broadcast your information from the secure PC to the insecure one.
There is no hacker or security expert on this planet that can hack that connection and gain access to the SCADA system. Unless they found a way around physics or can teleport things with their mind.
http://www.stearns.org/doc/one-way-ethernet-cable.html [stearns.org]
The problem is most places refuse to hire educated IT staff with experience in security. They want low cost MCSE holders that can barely do their job at the lowest cost possible.
If updates to SCADA software are needed, "most are not in reality" you use write once media such as a DVD or BluRay created on a machine that has nothing to do with the SCADA system and based on an OS that is drastically different to further reduce the chances of homogenous OS infection vectors. If it's important, then the files are inspected byte by byte on a security computer designed to look for infections and injection. then after full and careful inspection you apply the updates.
THIS is how you run a critical system SCADA network. and 99% of them out there are not ran this way as the people in charge of it have zero education in security let alone networking and IT.
Re: (Score:2)
Administration of said machine is a staff-intensive mess then.
Re: (Score:2)
Administration of said machine is a staff-intensive mess then.
I bet Iran wishes they'd taken that approach with their enrichment centrifuges :)
I'm old enough to remember when nobody used the Internet for remote administration. While less convenient, and slightly more expensive, it's not that big of a deal for SCADA. You have to remember that most of the boxes in a SCADA system are not like say, web servers, which are computers talking to other computers and doing only computerish stuff. SCADA controls actual physical equipment, that can't be be remotely monitored or m
No thanks (Score:2)
I'm already creeped out by how much a Nest Thermostat [engadget.com] looks like HAL 9000.
The scary part (Score:2)
Re: (Score:2)
It's because they hire management that are dumb as boxes of rocks or a small salad bar. Educated managers are not wanted, only ones that can schmooze.
DUH. (Score:5, Insightful)
Almost ALL of us that have had to deal with SCADA knew this was possible. Most of the time because incredibly stupid managers DEMAND the systems be accessible from the internet.
SCADA systems need to be airgapped completely from any network other than their own. Boo Hoo to the company that needs to buy a second set of computers for the employees to get email on. the SCADA computers are to be used ONLY for SCADA systems.
100% of the security failures lie at the feet of the managers of these facilities. Until we start beating them with sacks of doorknobs nothing will change. and yes, the SCADA infection via usb drives are the fault of management. allowing the use of USB or any other device that has not been secured and low level formatted before use on a known clean machine is the fault of management.
All USB ports should be disconnected or physically inaccessible via lock and key to users.
Re: (Score:2)
Most of the time because incredibly stupid managers DEMAND the systems be accessible from the internet.
How does this not drive their insurance premiums through the roof? It should, and it's not, so something is broken in the process.
Do they have government protection from liability?
Re: (Score:3)
Do you think there is anyone in the entire insurance industry that has a clue? Having done physical security for a number of insurance company clients, as fare as I can tell the insurance industry is where IT talents go to die.
Re: (Score:2)
Why can't they do it the way that satellites do - all control operations are sent encrypted.
Re: (Score:2)
Why can't they do it the way that satellites do - all control operations are sent encrypted.
Because the SCADA vendor probably had encryption as an option that you had to pay extra for, and management wanted to chisel another few bucks off the setup costs.
Re: (Score:2)
Why can't they do it the way that satellites do - all control operations are sent encrypted.
Or put in a data diode -- insecure machines (including the entire Internet if that's what you want) can monitor the system, but only a secure/air-gapped machine can send data to the SCADA system.
Network communication is too high function (Score:2)
Maybe these systems dont actually need all the bells and whistles of networking to communicate their state. Maybe an output-only serial communications solution would be perfect for some of these systems. They can alert when they have a problem without exposing a bi-directional communications channel through tcpip. In fact, you could even cut the pins on the serial and guarantee that nothing comes in. Its the ultimate one-way firewall.
Im not saying that all of the systems can run this way, but I be
Lets over react (Score:2)
why are these things connected to the internet? (Score:2)
Re: (Score:3)
Most SCADA stuff is in the private sector.
Re: (Score:3)