You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Blimey, makes the Sony hack look rather lame in terms of possible outcomes. And far more worrying for most people.
What next, power stations, water pumps, medical equipment?
[i]The attackers gained access to an unnamed plant’s office network through a targeted malicious email and were ultimately able to cross over into the production network. The plant’s control systems were breached which “resulted in an incident where a furnace could not be shut down in the regular way and the furnace was in an undefined condition which resulted in massive damage to the whole system,” according to the report, called the IT Security Situation in Germany in 2014.[/i]
[url= http://blogs.wsj.com/digits/2014/12/18/cyberattack-on-german-iron-plant-causes-widespread-damage-report/?mod=ST1 ]http://blogs.wsj.com/digits/2014/12/18/cyberattack-on-german-iron-plant-causes-widespread-damage-report/?mod=ST1[/url]
It's like that episode of 24 when Bierkov (sp?) tries to overload that chemical plant.
This has been expected by electronic security experts for some time and businesses have been warned. Having nice standards like SCADA are a very good thing indeed. Putting the controls for such things in non-private places is a very bad thing indeed.
who knew die hard 4 was the future.....
its a fire sale !
What next, power stations, water pumps, medical equipment?
Possibly, weren't the Israelies suspected of releasing malicious code that shut down Iranian centrifuges used in the production plutonium?
"stuxnet" was the isreali one I think?
but I'm not sure government led hacks count do they 😉
Yes, [url= http://en.wikipedia.org/wiki/Stuxnet ]Stuxnet[/url]. Israel and/or US suspected of being behind it.weren't the Israelies suspected of releasing malicious code that shut down Iranian centrifuges
Internet of Things; next it'll be Tesco's remotely turning up your fridge temp as they're delivering your shopping in an hour 🙂
http://en.wikipedia.org/wiki/Internet_of_Things
Re Stuxnet - this is a great article if you've got some spare pre-Christmas time.
[url= http://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/all/ ]http://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/all/[/url]
That's the tip of the iceberg that one really. Electricity distribution, smart substations, power generation, pipelines, transport, motorway gantry , rail control - I could go on....I've been working in SCADA security for 10 years. Its scary.
I would suggest important facilities like this should be air gapped, but it didn't stop stuxnet as there is always one donut who will make it redundant by plugging in a usb drive they found in the car park.
Probably complications due to melting terminators in a big vat
Most operational sites can't really be airgapped any more and historically a lot of the protection was due to serial comms and non-IP networking. About 2003 it all started to go IP via serial-IP converters and then ultimately into pure IP environments. Then you add in the human factors of convenience and it's a mess. PLCs particularly are not designed to be probed.
How scary do you want to get?
Cyber researcher Jay Radcliffe used to be among the hundreds of thousands of diabetics relying on computerized insulin pumps. He said he stopped using his Medtronic pump after he found that he could hack into its wireless communications system and potentially dump fatal doses of insulin into his body.
Which is why you keep critical systems closed with physical location access as a key - either retina or thumbprint. Then at least the hackers have to be on-site; the assumption now is that if a system is accessible by the internet it will be breached.
So having a physical access layer to your security mitigates some of the risk.
Which is why you keep critical systems closed with physical location access as a key - either retina or thumbprint. Then at least the hackers have to be on-site; the assumption now is that if a system is accessible by the internet it will be breached.
So having a physical access layer to your security mitigates some of the risk.
Doesn't have to be internet connected to be breached. Assume that all major organisations have their core system breached and continual access available to various groups, nation state, organised groups etc.
You will find that OT systems share common IT elements such has management networks, shared comms services and shared backplanes, In many cases there has been complete physical segregation but that is very unusual for cost perspectives.
Skynet is coming...
...it might even be owned by Murdoch!
I think the Germans might want to speak to Sony. They've got their shit locked down....
Locking it off from t'Internet doesn't do much good - one possible attack vector used by Stuxnet was USB sticks. Load a bunch of sticks with the naughty payload, drop them in places employees tend to go (for example, the car park of the local supermarket / mosque / restaurant) and sooner or later one will be picked up and put to use by an employee, who'll plug it into a PC connected to the internal network.
One of the problems is that the benefits of linking Operational Technology to Information Technology (Basically, plugging SCADA and PLCs into an IP network) often outweighs the downsides. Well, until someone gets hacked.
Have a look at stuff like Cleaver, as well as the Stuxnet variants....
You will find that OT systems share common IT elements such has management networks, shared comms services and shared backplanes, In many cases there has been complete physical segregation but that is very unusual for cost perspectives.
😆 as an ex-mainframe programmer this is where a completely different, e.g. mainframe, architecture for critical systems has its benefits as I'm guessing many hackers don't know EBCDIC
I think someone has hacked my 5 axis milling machine. Either that or my programming has gone horribly wrong 😥
DaRC_L - they don't have to hack the mainframe only one of the network switches that the traffic between it and the blast furnace travels through.
but if the furnace system is not running on standard ASCII (i.e.a structure the hackers don't understand) then they will only be able to disrupt the traffic as opposed to messing with the packet
as an ex-mainframe programmer this is where a completely different, e.g. mainframe, architecture for critical systems has its benefits as I'm guessing many hackers don't know EBCDIC
There are probably a few governments that are more than willing to pay to teach people to understand it - or recruit them - if the critical national infrastructure of a bunch of people they don't like happens to run on it.
Everything is networked on the shop floor nowadays. Most of my newer machines sit on a Windows subframe which allows programmes and tool data to be uploaded. We can access the print server etc so its quite obvious that an expert could getva malicious code via several entry points onto our machine tools. Scary stuff
Just as well our SCADA systems are not even on our company network as I trust our IT even less than a room full of Chinese hackers.
I trust our IT even less than a room full of Chinese hackers.
It's alright the smart ones in your IT dep't have already outsourced their work to the Chinese hackers 😆
the MOD boffins were presenting a while ago evidence that you could hack through the power networks, and even by the electronic raido waves over them - so airgap or not, there will eventually always be a way in electronically..
a structure the hackers don't understand
Security through Obscurity. Proven to be a useless defence.I'm guessing many hackers don't know EBCDIC