Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Communications Government Network Networking Technology

Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk (securityledger.com) 169

chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."
This discussion has been archived. No new comments can be posted.

Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk

Comments Filter:
  • by ZorinLynx ( 31751 ) on Tuesday May 30, 2017 @10:39PM (#54515469) Homepage

    That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?

    • by Anonymous Coward

      Suppose you want to have two communication infrastructures, one in use and the other for backup. We are moving towards an all-cell infrastructure. They are saying the best choice for the other infrastructure is the copper phone network -- it exists and is pervasive (unlike cable or fiber). The other choice is to build something new. If you want to have two infrastructures, why would you dismantle the one you aren't using and build a new one you aren't going to use?

    • "That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?"

      And the problem isn't the Internet but the defective hardware plugged in at either end. The main problem being Microsoft Windows running on Intel hardware. 'The Mitre Corporation' are these the people that recommended Homeland security run on Windows :)
    • by goombah99 ( 560566 ) on Tuesday May 30, 2017 @11:13PM (#54515607)

      Winter or Cylons are coming. One of those.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      People can use analog systems without relying on computers. That is what is meant by a reserve control system. Full stop.

    • by Anonymous Coward

      There's a huge difference between a DMS-100 switch, like I used to manage, and VoIP. The former is safe, but the latter is vulnerable. No real phone switch, while providing Internet access, can be controlled from the Internet.

      • by Woldscum ( 1267136 ) on Wednesday May 31, 2017 @01:27AM (#54515947)

        Communications Assistance for Law Enforcement Act (CALEA)

        https://en.wikipedia.org/wiki/... [wikipedia.org]

        The government PAID AT&T, Sprint and Verizon to upgrade the switches to IP. The FBI added Colo cabinets at the main switch sites. The FBI can wiretap directly WITHOUT interacting with the Companies. OC-12s direct in the switch matrix. No more echo cancellers or M13s. OC12 in and out of the switch to a DSC/DXC.

        "In 2006 Nortel introduced the Communication Server 1500 (CS 1500) Softswitch based on VOIP to modernize the DMS based telephone switches. A CS 1500 softswitch system can replace all the DMS component modules except for the LCMs, reducing the footprint of a DMS-100 to one 19" rack and allowing operators to reduce cooling and power requirements significantly"

        • by RLaager ( 200280 )

          > allowing operators to reduce cooling and power requirements significantly

          This is no joke. We replaced our DMS-10 switches with C15s. In some locations, we had to add heat to buildings that never before needed it.

    • by drolli ( 522659 )

      That was also my thought. The time that there was some electronic switch instead of an virtual packet switch are long gone, and the times that relays actually switched connections instead of computers/digital electronics which operated analog switches even longer.

      And DoS attacks on such Networks are much easier than DoS on the internet.

    • Doesn't really make their point wrong; does make them a bit too late in a lot of cases where the legacy infrastructure looks like it still exists.
      Some of the old stuff should be easier to just dust off(point-to-point microwave links, say, were crushed by fiber on bandwidth; but refurbishing a limited number of transceiver stations is going to cost a lot less and be a lot faster than repairing or rebuilding the old school copper network.
      The bigger issue seems like one of "and what are we going to plug int
    • by havana9 ( 101033 )

      That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?

      Because in case of power failure the phone system, even ISDN is designed to continue to work on racks of 48V batteries at CO even if poer is lost ti the subscriber site. ISDN TA and PABX are designed to switch in low power/reduced mode if mains goes out. At the CO there are a couple of generator and a tank of petrol designed to power the system for two days. For this very reason mountain refuges have an UHF phone patch link with a battery backup even if there is 2G/#g or even LTE coverages in most cases. Ce

  • Cyberpunk to counter Cyber attacks!
  • While controlled normally over the Internet, this are still pumps and other powerful motors.

    As long as the power is on (either from the net or from a local backup), they can be operated manually and locally, or at least they should have that option. This way, in case of a cyber attack that somehow cripple the remote control rooms, of course we should go back to basics: send someone over who can pull the network cable, and manually press the "On" switch. The same you'd have to do if you keep old machines aro

  • by najajomo ( 4890785 ) on Tuesday May 30, 2017 @10:59PM (#54515561)
    'The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack'

    Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks. I presume converged is a code-word for 'cloud'. And if the NSA hadn't acted to dilute security on the Internet, these networked devices wouldn't be so easy to attack.
    • by speedplane ( 552872 ) on Tuesday May 30, 2017 @11:22PM (#54515633) Homepage

      Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks.

      The problem is that almost everything today is "critical infrastructure". It's one thing to build a separate network for dams and nuclear power plants if you deem those as critical infrastructure. It's another if you deem our entire telecommunications system as critical infrastructure. Moving that to IP based systems is pretty unavoidable today.

  • by crankyspice ( 63953 ) on Tuesday May 30, 2017 @11:08PM (#54515585)

    âoeYou'll see things here that look odd, even antiquated to modern eyes, like phones with cords, awkward manual valves, computers that, well, barely deserve the name. It was all designed to operate against an enemy who could infiltrate and disrupt even the most basic computer systems. Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection.â

  • The base of any system security is not to rely on a monoculture. If all your systems run on Windows using the same hardware, software and firmware version which the creators have long abandoned.

    Require that critical systems are modifiable by the end user and can be carried from platform to platform, it's the government after all, they can set the laws and reject any contract from entities that are either too large or don't want to adhere to basic rules of security and risk management.

    • by thegarbz ( 1787294 ) on Wednesday May 31, 2017 @03:14AM (#54516201)

      The monoculture is unavoidable in industry unless you want to spend an exorbitant amount on service contracts and staff training. Latest trends tend towards reducing the different number of systems and the different platforms not only because of costs but also due to reliability reasons as a variety of different systems work in different ways and experts which are too thinly spread across platforms tend to make more mistakes.

      • The monoculture is unavoidable in industry unless you want to spend an exorbitant amount on service contracts and staff training. Latest trends tend towards reducing the different number of systems and the different platforms not only because of costs but also due to reliability reasons as a variety of different systems work in different ways and experts which are too thinly spread across platforms tend to make more mistakes.

        Pay me now, or pay me later. As usual, the cost of the 'later' option is likely to be much higher - perhaps as much as your life is worth.

        • You forgot the maybe. There's a incredible number of systems out there and a petty few which have actually fallen victim to attack. Why not asteroid insurance while they are at it?

          Speaking of insurance, that's the bit you missed. Insurance companies pay for externally induced losses. They don't pay for expensive service contracts. Your comment just doesn't make financial sense for any company.

      • by guruevi ( 827432 )

        I am not talking about differing standards. If anything, we need to converge on standards while diverging on implementations. It brings both job and systems security, what is the cost of mixing too much chemicals in the water supply? Even if it's not toxic, how many millions would it cost if a particular combination accelerates corrosion?

        • I didn't say standards. If anything most vendors follow common set of standards just with different systems. But the end result is the same with diversity comes cost.

          what is the cost of mixing too much chemicals in the water supply?

          Something that should not be fixed by making one system robust. This is the basis for any industrial safety - independent system. If the cost is high then there will be an independent safety system to shut things down to prevent an unsafe situation. Unfortunately "shutting down" is exactly what this article is talking about and trying to avoid.

  • by LeftCoastThinker ( 4697521 ) on Tuesday May 30, 2017 @11:14PM (#54515617)

    Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking, and hunt down criminal hackers around the world. Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

    Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.

    • Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.

      At this point it should be obvious that more & more critical infrastructure will be hooked up to networks, including the internet. Even if experts consider that dumb.

      Conclusion: good advice won't help, what's needed is casualties. When a cyberattack takes out large parts of the power grid, or causes a chemical plant to blow up, and people actually DIE as a result, THEN maybe air-gapping will be looked at in a different light. Until then, prepare for cyberattacks to have worse & worse real life ef

    • by Gavagai80 ( 1275204 ) on Wednesday May 31, 2017 @01:27AM (#54515949) Homepage

      Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

      Unlike a bomb, it can be very difficult to definitively establish state-sponsored hacking as responsible for an attack. You can't (or shouldn't) start a devastating war over a gut feeling.

    • by Anonymous Coward

      > Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking,

      Good so far...

      > and hunt down criminal hackers around the world.

      We already do that...

      > Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

      DANGER WILL ROBINSON

      Here's your problem: you assume you can attribute cyber attacks. You generally cannot in the event of a competent actor (ex: a state actor). This last year sh

    • Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking

      That solution is something that you can only come up with if you have a simplistic view of exactly how these systems are built. Air gaps in many cases are not only impractical but in some cases impossible in the way modern infrastructure is run and in many cases this is the result of the general population's expectation of the infrastructure. In fact you'll probably find federal law requires the opposite of air gapping as data logging for incident investigation is often mandated in realtime and offsite.

      And

      • > In fact you'll probably find federal law requires the opposite of air gapping as data logging for incident investigation is often mandated in realtime and offsite.

        You can get pretty frigging close to a one-way airgap. For example - if you want to prevent intrusion but log off site in real time, then airgap your facility and send your logs to an in-facility logging system which then send the data though the gap via a one-way communication channel to a second system which is connected to the internet.

        Ob

        • You can, that solves *one* of the very *many* problems with cutting off systems from each other.

          Your solution works well for a small chemical plant. Beyond that there are technical reasons that airgapping from public infrastructure would be cost prohibitive, and sometimes cost impossible.

      • You can use a one way opto-isolator to 100% air gap your system while still transmitting data for logging and tracking purposes.

        Our most important secrets and most secure computer systems are air gapped inside Faraday cages. Physical access is controlled by armed guards. That is about as secure as humanly possible at this time...

        • Like the other reply you've only solved one small problem out of the very large reasons that these systems are interconnected. We can't expect a modern utility to function in the modern ways we expect when the utility is geographically disperse if it is isolated.

    • Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking, and hunt down criminal hackers around the world. Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

      Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.

      You can compromise but it comes with a cost. I recently read a case study about a power outage in the Ukraine due to Russian hackers compromising the computers controlling the grid infrastructure. The Ukrainians responded to this by simply disconnecting the computers and going back to manual control, something they were able to do because their infrastructure is pretty old. It allowed them, according to the authors of that piece at least, to bring their system up much faster than what is possible with moder

      • In the US if a power company loses computer control of their portion of the grid they still get the joy of rolling trucks out to substations and other locations to maintain control. An interesting thing about the Russian hack of the Ukrainian grid is that the Russians also DoSed the call center to prevent the outages from being reported sooner. Like with any number of cyber attacks there were multiple ways that this should have been stopped but wasn't. One can read all about findings either here [sans.org] or here [nerc.com] fo
      • And if they try to do that to the US under Trump, $5 says they get a cruise missile up the ass (we have specific missiles that home in on Russian made jamming equipment, demonstrated during the second Iraq war). Russia prospered under the feckless Obama administration (remember the "reset button" with Hildabeast?) The Trump/Russia collusion BS is just a smokescreen for the Democrats to try and hobble the Trump administration. Trump and Putin both know they aren't allies, and Putin knows Trump is not afra

    • ... Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

      And then devastating force is met with devastating force, and so on, until a victor emerges. But by that time the victor may only have hours to live on a planet no longer fit for life. And the victor may not even be the horse you backed...

      • Maybe in your fantasy land. In the real world, humans do not have the capability to make the entire planet uninhabitable. Stop confusing scifi with reality...

    • by tlhIngan ( 30335 )

      Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking, and hunt down criminal hackers around the world. Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.

      Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.

      Air-gapped networks have been hacked. You might have heard of Stuxnet, which was a V

      • While you are technically correct, you are citing the one in a billion moonshot (Stuxnet), which is the exception instead of the rule. As a business, if you airgap your critical infrastructure and ALSO follow best practices (that was assumed on my part, since you have infrastructure that needs to be airgapped in the first place) unless you are being targeted specifically by the NSA, CIA or other state level attackers who also have human assets in play, you are pretty safe...

  • Going back to the days of stepper relays and carbon-granule microphones would be very expensive, even as a backup-only system. Better to design hardened infrastructure and phase it in, along with duplication and surplus capacity.
  • by Gravis Zero ( 934156 ) on Tuesday May 30, 2017 @11:36PM (#54515693)

    If you want to prevent a wholesale shutdown of services by hackers then the best way to do that is to disconnect your most vital systems (water, electricity and transportation) from communications networks (the internet).

    * The last reason (price) for not using solar+battery almost everywhere is fading fast and we should encourage the proliferation of isolated power systems. With the exception of exotic locations, only businesses should need to have access to the power grid.
    * Depending on and funding combative nations to fuel our transportation has been foolish since day one, we need to switch to electric vehicles posthaste.
    * Finally, we need to start changing our water systems into closed loop systems to conserve the water we can access to minimize external dependency because the climate is changing.

    We have two choices: adapt or die.

  • Legacy systems will quickly become obsolete, as their stagnating performance will make them useless for future computing and communication tasks. Sure you can have a working 300 baud modem, but what would you do with it on today's internet and industrial control systems? Servers will probably time out trying to deliver a web page through it. In the world where Moore's law reigns, retiring older technologies only makes sense.

    • "Servers will probably time out trying to deliver a web page through it."

      There's your problem right there. "Web pages" are inherently full of fluff. You don't need pictures to run control systems; you could do it all in plain text, or even XML, and 300 baud would be "fast enough" for most purposes.

      • or even XML, and 300 baud would be "fast enough" for most purposes.

        Not even close. For a relevant example, in the XML-based OpenADR standard (demand-response, i.e. control of electrical loads such as heating) the "oadrDistributeEvent" message (essentially the command "you water heater, turn off now") is a few kilobytes, or over a minute at 300 bps. The response oadrCreatedEvent (ie.e ack) is over a kilobyte.

      • Now, what was my Compuserve ID again?
  • by bill_mcgonigle ( 4333 ) * on Wednesday May 31, 2017 @12:01AM (#54515757) Homepage Journal

    Our society cannot function on steampunk technology - if it did it would be a different society, no matter how alluring the aesthetic.

    • Our society cannot function on steampunk technology - if it did it would be a different society, no matter how alluring the aesthetic.

      One thing's for sure - there'd be a lot more supervillians around.

  • I remember watching Hackers for the first time back in the mid '90s, and my suspension of disbelief couldn't get past all the things depicted as being hooked up to the internet. Apparently, some other fuckers were watching it, and thinking it was a great idea.

    Mark my words, Hollywood probably got killer robots right too - they're just wrong on the date.

  • Seriously. I didn't know telecommunications networks use pneumatic pumps used to pump water. What function could they possibly have in a telecommunication network? Oh... Pneumatic pumps pump water as a hedge against global disruption resulting from a cyber attack on critical infrastructure. Pumps. What can't they do?

  • One good EMP will take down the copper connections quite nicely. But, then, the power to make the controls driven by the copper connections work will be as gone as that for the FIOS or other connections.

    {^_^}

  • by kenwd0elq ( 985465 ) <kenwd0elq@engineer.com> on Wednesday May 31, 2017 @01:04AM (#54515899)

    Telcos have been actively pushing residential customers off of copper wire and onto VOIP, and making ENORMOUS savings on their costs - but continuing to charge the rates that used to pay for copper landlines. The only savings to the customer is free long-distance, which costs practically nothing for the telcos to provide.

    And yet, when the power goes out, so does my VOIP phone line, provided by the local telephone company. I've got a UPS to power the phone router, but apparently there isn't one at the telco switch. So when power goes out, so do the "landline" phones, AND the cell system (which is ALSO powered by the electric utility).

    I really ought to buy a new HAM radio, since I used to be an ARES operator. Because in a widespread power outage. that might be the only communications link.

    • but apparently there isn't one at the telco switch

      A problem which has nothing to do with copper vs VoIP, and everything to do with a stupid telco provider.

    • by ledow ( 319597 )

      Let's be honest.

      In any extended power outage (let's say a week or more), pretty much communication is going to be the least of your worries in most places.

      No power = dangerous roads (lighting) + no fuel (pumps) + no shops (payments, refrigeration, etc.) + no medical (hospital power, etc.) + no mass media (emergency broadcasts, etc.)

      Although you certainly would appreciate a way to talk to others, there's not going to be an awful lot that anyone could do unless they were power-independent too, and they're unl

      • And though you might put things on a UPS (which is NOT a solution past a handful of hours of outage), your ham kit will suffer the same problem too. Sure, you can battery power it for a while. Maybe longer than a phone line. But eventually it will still fail too.

        Yeah, but you can run your HAM radio off a pedal-powered generator, or a rinky dink harbor freight solar panel.

    • by Shatrat ( 855151 )

      There is definitely a battery backup at the telco CO. If your service goes down when you have power issues in your area, it is more likely you are being served by a small cabinet or pole-mounted DSLAM which does not have a backup battery string or generator.

  • In this case, "critical" means "urban."

    Densely populated cities rely quite a bit on automation, facilitated by modern communication networks. Urban areas have a high population density. They are designated critical because they have more people per square mile than Billings, Montana.

    If you live in NYC or LA, please explain why Billings, MT should care if you drown in your own sewage because your WiFi is down.

    • Because Billings, MT receives a lot of money from NYC and LA.

      In the US, urban areas subsidize rural areas.

      • by rho ( 6063 )
        That is hilariously untrue, unless you think you can eat money.
        • That is hilariously untrue, unless you think you can eat money.

          Are you under the impression that rural areas buy all the food grown in rural areas?

          Again, rural areas get money from urban areas. Both via government spending and the customers for what those rural areas produce.

  • If we're going to add in the additional cost of preserving and maintaining the old systems that the new systems replaced, isn't it better to just use the old systems and save money by totally ditching the new ones?

  • Years ago, in my first job, I worked in a steel factory on control systems. They had a "gas plant" heated coal to extract coal gas for use elsewhere in the factory, which was a potentially hazardous environment, to put it politely. Despite the fire risk from the gas, they had to have electronic CO sensors for safety and to measure the gas quality, but those were designed to be safe in that environment. Beyond that, there were no electronics in the plant, nothing that could cause a spark. The control systems

  • There's a thing, called a data diode... you have wild open internet on one side, and a safe network on the other.... data can only EXIT to the internet, and never enter... protected by the laws of physics themselves. You can monitor all you want, but never control, from the internet. These are the types of things we need to allow remote monitoring of stuff.

    Yes, truly redundant systems should be kept in place... the FAA is phasing out a ton of VOR stations... but at least they've had the sense to keep a mi

  • I thought the DoD insisted that we keep the copper infrastructure in place as a fallback. Is that imperilled? Is that why they wanted MITRE (who work for them) to publish this?
  • I expect we will see more and more of the approach taken by some medical devices, where the software (vulnerable) controls are limited by analog failsafes in the machinery. Due in part to the Therac-25 [wikipedia.org] incident. "Just airgap it" is an inadequate solution in many cases, or even more expensive than maintaining analog backups.
  • I'd just have to relearn how to set IRQ's, comm ports, AT commands...but I'd get the joy of hearing that modem sound again.
  • Kevin Costner and Jeanne Tripplehorn, on the double!
  • ... because the current one is trashed out.

    Once business got their fucking tentacles snaking across the infrastructure, shit went downhill.

    Tor is a failed attempt, but it's a good try.

  • the worst crime is converting nuke power plants from electro mechanical protective relays to easily hackable microprocessor based electronic relays like the GE Multilins. I installed Multilins in a missile defense power plant and had to call the FBI with a warning "do not connect Multilins to the internet". The stupid military didn't care.. Caveat emptor.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...