South Korean Power Plants To Conduct Cyber-Attack Drills Following Hack

An anonymous reader writes South Korea's nuclear operator has been targeted in a cyber-attack, with hackers threatening people to 'stay away' from three of the country's nuclear reactors should they not cease operations by Christmas. The stolen data is thought to be non-critical information, and both the company and state officials have assured that the reactors are safe. However, KHNP has said that it will be conducting a series of security drills over the next two days at four power plants to ensure they can all withstand a cyber-attack. The hacks come amid accusations by the U.S. that North Korea may be responsible for the punishing hack on Sony Pictures. Concerns have mounted that Pyongyang may initiate cyber strikes against industrial and social targets in the U.S. and South Korea.

airgap

[mrflash818]

Now would be a good time to institude a national airgap policy for critical infrastructure, if not already in place.

Re:airgap

[oodaloop]

That didn't stop stuxnet. If you mandate an airgap, then employees will airgap their files, and music, and cat videos, and everything else they were using the internet for, and USB drives become the vector. Ban USB drives, and there is no airgap and no work. Data needs to go in and out of the network, one way or another. Airgap is no replacement for proper security measures and training.

Re:

[ELCouz]

About disabling physically any USB port? Use PS/2 for keyboards and mices ... and you are golden!

Re:

[Anonymous Coward]

You can administratively disable USB mass storage while preserving access to keyboard and mice without much issue. In Windows its easily done with group policies and/or registry changes. If your users have local administrator rights they could attempt to override that setting. In which case you eliminate any reason for them to have local administrative rights, even if that means turning some of your fickle applications into remote apps on a server with no USB access.

Those principals are applicable on other

Re:

[Anonymous Coward]

Nah they'd rather use basement bargain Gateway 2000 computers running Windows NT.

Re:

[Anonymous Coward]

We have air gapped computers at work. The USB ports have been hot-glued shut.

Re:

[currently_awake]

Then disable autorun on all USB ports. And remove all software on critical computers that you don't actually need (and don't let users install anything). And epoxy all USB connectors on critical computers that don't actually need USB. Airgapping is the start of protection, not the whole cake.

Huh?

[NetNed]

"May be responsible"???? What happened to the FBI and their concrete "sources can't be reveled" proof?

Re:

[Aeros]

Yes..yes you are the only one to have thought about this. We will consult your expertise next time.

I would imagine....

[mitcheli]

that a lot of companies will be re-evaluating their security.

Re:

[mitcheli]

Sadly, you're probably right.

Huh?

[ELCouz]

The fuck a nuclear reactor need to be connected to the Internet??? Air gap anyone?!?!

Re:

[oodaloop]

Cyber != internet. Stuxnet hit Iran's nuclear enrichment facilities through USB drives. Being airgapped is not sufficient.

Re:

[zlives]

airgap is a good start.

Re:

[bouldin]

Are you suggesting that the power plant should not be air-gapped, or that it should be air-gapped with additional controls?

Re:

[confused one]

It's pretty common for there to be a data link from the control system to the outside world. This is to provide feedback and monitoring capability -- for load balancing, security, and so the managers have access to information about the state of the machine(s). If they're smart, this data stream is one way only, with an intermediary firewall / server controlling access. If they're really smart, the cable only has the Tx pair connected.

Re:

[Graymalkin]

The plant's control systems may indeed be air gapped. However there are still access vectors. For instance some internet connected switch that sits on a dedicated SCADA network might be exploited and then use the private SCADA network (which isn't necessarily TCP/IP) to access the otherwise air gaped systems. Even exploiting non-critical or seemingly non-critical machines might affect the operation of secure isolated systems.

Then there's always the USB infection route. An unwitting user inserts a USB stick

Re:

[cbiltcliffe]

If there is an Internet connected switch on the dedicated SCADA network, then it's not air gapped, by definition. Air gapped means there's no wire running from the Internet side to the protected network. Hence, there is an "air gap" in between the two networks.

WCPGW

[cellocgw]

That's my first reaction: it's one thing to set up a virtual environment and pen-test it; rather another to test systems which are currently making sure nuclear plants are running properly and fully failsafed.
Maybe I'm just paranoid 'cause I'm reading "Wolves eat Dogs," but I sure hope they don't test on an operational plant.

Repeat the lie until its believed...

[s.petry]

Come on guys, nobody is buying it. It can't be that after Iraq and the WMDs, or Benghazi, that people know we are flat out liars. MORE PROPAGANDA!

Re:

[Aeros]

WMD's found http://www.usnews.com/opinion/... [usnews.com]

The threat of North Korea!

[MagickalMyst]

Watchout!

Kim Jong now has the 1337 haxor skillz to set a Sony alarm clock to go off at any time he chooses!

We're doomed!

In regard to

[Squatting_Dog]

I'm not advocating that the bombs should be falling, however, if North Korea has been confirmed as being responsible for the attack on Sony and now appears to be making terroristic threats against American allies then why has there been no response from the U.S.? Sanctions or something!

A foreign nation has attacked a U.S. company on U.S. soil and has caused financial loss to that company and is threatening the lives of those associated with that company. Now, North Korea is making direct threats against th

Re:

[currently_awake]

I don't recall the sanctions against the USA over the stuxnet worm. Did you have some links?

Re:

[bouldin]

We don't attack NK because they have enough bunkers on the North side of the DMZ to destroy Seoul. The bunkers are deep, and they could pound on Seoul with artillery for days before we could destroy all of them.

Oh yeah, and China would threaten us with war.

Protecting US power stations

[myid]

A Quartz article [qz.com] says the DHS accidentally released more than 800 pages "demonstrating how easy it was to hack elements in power and water systems."

The article says the DoD bought devices that would protect power plants from attack:

“DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERC-CIP audits.”

Assuming this article is accurate (I don't know how power stations work), I hope the new Congress will care enough about security to force utilities to secure themselves. I'm not holding my breath, though.

Nukes should already be hardened

[ChumpusRex2003]

Most national regulators require that any safety-critical computer systems in nuclear facilities are formally proven correct. Due to the difficulty in producing absolutely bug-free code, and proving that you have done so, a lot of systems continue to rely on pure analog control.

For example, nuclear-grade UPS systems typically offer a feature such as the following: "Digital logic free. 100% analog control with fully verified behavior. No need for expensive and time consuming software verification"

Similar