backtop


Print 31 comment(s) - last by macthemechanic.. on Aug 7 at 1:40 AM

Data is no longer the only target of cybercriminals

As the most popular operating system in use around the globe, Microsoft Windows is also the most targeted OS for cyber criminals looking to steal data and exploit systems. In the past when hackers attacked a system, they were often looking to steal or change data to suit their needs.

However, cyber attacks and malicious code are now being designed that look to actually take over systems that perform functions in major companies including critical systems in the financial and power industries. Many of these attacks are executed taking advantage of security holes in the Windows operating system.

The U.S. government has created a team of security experts to help industrial firms prepare for a new onslaught of hackers that are bent on taking over the physical systems of power plants and other industry hardware. The reason that the U.S. government is creating a team to help private companies is because as much as 85% of the critical infrastructure for power and other utilities are owned by private firms.

The Canadian Press reports that many attacks have occurred overseas where hackers were trying to take over physical systems rather than steal data. Hackers are targeting power plants increasingly and recent attacks have officials in America concerned.

"People are recognizing that the ability to impact industrial control systems has increased," said Sean McGurk, director of control systems security for DHS. "This type of malicious code and others we've seen recently are actually attacking the physical components, the devices that open doors, close doors, build cars and open gates. They're not just going after the ones and zeros (of a computer code); they're going after the devices that actually produce or conduct physical processes."

One of the latest computer worms that could take over physical systems is the Stuxnet worm. The worm is able to potentially infect computer systems because networks and operating systems in many power plants are very old and haven't been patched with new security fixes. The networks are also often not firewalled from access by high traffic networks and at times are not separated from the internet.

The DHS has been deploying its teams of security experts around the country to assess weaknesses in systems. These teams are also called in to help companies identify and fix networks and computers after cyber attacks. So far the security teams have been dispatched to provide assistance 13 times, in nine of the instances the attacks were deliberate, and four were an unintended result of an operator's action.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: So much for security
By Iaiken on 8/4/2010 10:53:36 AM , Rating: 2
The problem with that is that it costs money.

Do you really think that if they are already unwilling to shell out to keep the transmission systems up to date that they would really be willing to spend tens of millions to implement a private physical network?

Somebody has to pay for it and in places that have a system operator, the SO points the finger that the utilities and the utilities point the finger at the line owners and the line owners point at the SO ad infinitum. Taxpayer sentiment is that they shouldn't be paying for it so who pays?


RE: So much for security
By amanojaku on 8/4/2010 11:14:53 AM , Rating: 2
For you and Wiggy;

It's not expensive at all. The connection from the plant to the ISP is a single fiber. When you get access you receive a MUX that's installed in the building. The MUX is usually used to convert your router's link from whatever you purchased (DS-3, OC-3, etc...) to the provider's uplink, which is usually an OC-12 or faster. The provider already paid for the fiber, and the provider has at least one huge MUX in its location, so there's no change in cost for the provider.

A MUX is a wonderful device in that it can take several lower-speed links and group them onto a faster link. These days that's usually accomplished by giving each low-speed link a unique wavelength of light, and each link can support 40 wavelengths at 40Gbits/sec. So the Internet access would be on one router path that maps to one wavelength, and the private network would be on another router path mapped to another wavelength.

Once the wavelengths hit the provider's MUX they would be split to hit different provider infrastructures: the Internet routers on one side, and the VPN routers on another. All providers support this, but you pay extra money because you don't know this is available. As a former ISP engineer and client I always get this setup, and cheap, too. You just need to use the same provider throughout the country, which is possible if you use Verizon, Level3, etc...


RE: So much for security
By Iaiken on 8/4/2010 12:24:33 PM , Rating: 3
The problem is that you have thousands of separately owned utilities, systems operators and transmission controllers.

If you can figure out a good way to get them all on board for that, you go right on ahead. I'll applaud you loudly and proudly, but there is a reason that the phrase "moving at the speed of government" exists.


RE: So much for security
By Jaybus on 8/4/2010 1:36:33 PM , Rating: 2
Of course different stations have to communicate somehow, and the Internet is the least expensive (and probably most robust) way. But do they really have to run Windows, the (by far) most targeted OS???


RE: So much for security
By JediJeb on 8/4/2010 1:52:46 PM , Rating: 4
This is the point exactly. This type of communications could make use of some stripped down proprietary OS that could only communicate to computers running it and nothing else.

Imagine if you ran a network running an Atari or TI 8 bit operating system today and a hacker running Linux or Windows was trying to hack in. I imagine it would be a pain to do and get everything to talk. Better yet use the operating system I had on some equipment back in the early 90s that was 20 bit software. It was on an instrument made by Nicolet. Nothing else in the building could talk to it.

The problem is today we have mission critical(on the verge of being national security critical) systems out there that are not secured in any way shape or form. The possibilities exists to make it very very secure but operators and administrators are lazy and cheap and won't do it.


RE: So much for security
By Wiggy Mcshades on 8/4/2010 12:32:04 PM , Rating: 1
The ISP's lets you set up this service free of charge? This seems to be a great fix even if it's not 100% secure(I know it's not ;P) its at least better than the current set up, but still any cost increase isn't going to be accepted warmly by anyone.


RE: So much for security
By AntDX316 on 8/4/2010 11:24:29 PM , Rating: 2
It goes like this. A hacker gains access to a Nuclear reactors main frame. They then cause the nuclear reactor to melt down. A catastrophe occurs. US High Command then instantly orders and overseas the disconnect and update of every nuclear power plant in the US and the world.

It goes like this. No hacker chooses to melt down the reactor. Nuclear reactors get their computers updated. Nothing bad happens.


RE: So much for security
By EricMartello on 8/6/2010 6:21:56 AM , Rating: 2
Dude, these power companies...they don't need to lay cable if they want a private network they just need ETHERNET-OVER-POWER-LINE adapters and they're all set! :D


"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki