Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Government

A Ransomware Attack Shut a US Natural Gas Plant and Its Pipelines (infosecurity-magazine.com) 24

Long-time Slashdot reader Garabito writes: The Department of Homeland Security has revealed that an unnamed U.S. natural gas compression facility was forced to shut down operations for two days after becoming infected with ransomware.

The plant was targeted with a phishing e-mail, that allowed the attacker to access its IT network and then pivot to its Operational Technology (OT) control network, where it compromised Windows PCs used as human machine interface, data historians and polling servers, which led the plant operator to shut it down along with other assets that depended on it, including pipelines.

According to the DHS CISA report, the victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks.

This discussion has been archived. No new comments can be posted.

A Ransomware Attack Shut a US Natural Gas Plant and Its Pipelines

Comments Filter:
  • by kackle ( 910159 ) on Saturday February 22, 2020 @02:45PM (#59754842)
    I work at a company that provides for a similarly important field. Although I'm not involved in the particular department, the formerly local master computers that gather data from the field are being moved to the cloud. The remote PLCs continue to operate locally and autonomously, communicating with the cloud master securely when need be.

    As I said, this is not my area of expertise, does anyone with experience see anything wrong with such a move?
    • Command and control shouldn't be on the same network as e-mail... so it makes sense to move your command servers to a datacenter a network hop away from the plant. The datacenter can restrict your control server with a firewall to make sure commands come from the right place. Then again, why would your execs be so close to the plant anyway... basically the less people and around the plant, the less that can go wrong.

      • by Anonymous Coward

        "Network Hops" are irrelevant (unless you are making Beer). Connectivity is connectivity, no matter if the distance is inches or light centuries, through one "copper hop" or a billion wormholes.

    • by hey! ( 33014 )

      I wonder if the very motivations we have for connecting stuff to the Internet isn't our downfall.

      We operated infrastructure like this before the Internet even existed; we connect these things to the Internet to make our lives cheaper, simpler and easier. Except that if you want the same level of security as a non-connected system, that's not so cheap, simple or easy.

      I don't doubt that it's *technically possible* to do something like this with an acceptable level of security, the question is whether it's *e

      • I agree; I have put in unencrypted systems, some using only plain, analog radio communication, and I feel they are among the most secure; because any bad actor would have to actually "show up" to cause trouble, and hence, would even be vulnerable to capture.

        Using the Internet for convenience means it's also convenient for a perpetrator anywhere in the world to hack at the system, constantly, with no fear of punishment.
    • by drolli ( 522659 )

      No. Knowing the security standards of PLC systems from the 90's any modernization will help.

  • Comment removed based on user account deletion
  • Snark
    Phishing should have nothing to do with operational control, shouldn't be a factor. First you start with educated people that must pass a weekly test on whether or not your company will EVER ask you for the operational password in an email, or emailed link - every week they should pass.
    Endsnark

  • Hey, how can an article about a purported cyber-attack on US infrastructure miss to point out Russia, China, Iran, North-Korea or the likes as the culprits? That's like saying "US citizens vote their president", while everyone has been told the next president is of course only determined by whether Russia or China succeeds in the next election hacking contest.
    • Do those nations need the kind of ransom a gas plant could pay? Answer is no, would be waste of time. If they attacked, it would be a one time debilitating attack.

  • Windows again (Score:4, Insightful)

    by Tough Love ( 215404 ) on Saturday February 22, 2020 @05:12PM (#59755126)

    Windows again, big surprise. Microsoft Windows is a clear and present threat to the security of the nation. Time to start firing people.

    • No.

      Idiots doing idiotic things are a clear and present threat to the security of the nation. TIme to start taking the idiots out behind the barn and beating them to death with baseball bats.

      • Using Windows in any critical application is, using your word, idiotic.

        • by gweihir ( 88907 )

          Indeed. Use of Windows in anything critical is just a symptom. It is a symptom of extreme incompetence and a complete lack of accountability were IT-related engineering is concerned. If an architect screws up this badly, building fall down and the architect goes to prison. In IT, nothing happens.

          • Windows has nothing whatsoever to do with it. The root of the problem is the utter incompetence to provide a secure environment. It is not more difficult to "secure" Windows (the OS) that it is to "secure" anything else. You simply have to know what you are doing.

            And therein lies the problem. The world is chock full of people who have no clue what they are doing and should be at McDonalds flipping burgers or asking "Would you like fries with that?" rather than having anything to do with anything other t

            • It is not more difficult to "secure" Windows (the OS) that it is to "secure" anything else.

              Rubbish. Windows is a black box with innumerable security holes [cvedetails.com], known and unknown.

              • by gweihir ( 88907 )

                It is not more difficult to "secure" Windows (the OS) that it is to "secure" anything else.

                Rubbish. Windows is a black box with innumerable security holes [cvedetails.com], known and unknown.

                Indeed. Sure, those that only follow ritual without understanding when securing a system will find Windows and Linux pretty similar. But the minority with a clue will find them vastly different. Personally, I have done some deep-dives into parts of Linux to answer specific questions or secure specific angles. Takes time and knowledge, but no obscure information sources or reverse engineering or "trust".

    • Don't be dense. It's fairly obvious the problem is lazy or incompetent (or in some cases, hand-tied) sysadmins not following best practices. Linux isn't a magic bullet, a poorly secured Linux environment is still piss-easy to compromise. If the people running these environments actually did their jobs (or were allowed to do their jobs), it wouldn't matter if they're using Windows or Linux because both can be properly hardened.

Uncompensated overtime? Just Say No.

Working...