backtop


Print 12 comment(s) - last by JediJeb.. on Jan 18 at 6:28 PM

Origin of the attacks was not revealed

Illustrating why it might be a good idea to ban external mediaparticularly in high-security environments, the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) -- a sub-agency of the U.S. Department of Homeland Security (DHS) -- released a newsletter this week revealing that two power plants in the U.S. suffered malware infections last year thanks to infected thumb drives.

ICS-CERT officials write:

[In the first incident] the malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation.  The employee routinely used this USB drive for backing up control systems configurations within the control environment.
....
[During the second incident] a third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades.  Unknown to the technician, the USB-drive was infected with crimeware.  
The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks.

Most power providers in the U.S. are privately owned, thus the government does not have the ability to order them what to do security wise.  But in its newsletter it firmly suggests adopting stricter restrictions on external media, commenting, "Such practices will mitigate many issues that could lead to extended system downtime."

Coal power station
A pair of breaches at U.S. power plants in 2012 via USB sticks, highlight the growing danger to the U.S. power grid. [Image Source: Reuters]

The U.S. federal government knows a think or two about the dangers of external media and writeable media.  In 2008, the Pentagon suffered a major cyberattack that originated from a single USB stick plugged into a secured system.  The malware, believed to have originated in Russia, quickly spread, compromising systems.  

And in perhaps the most severe data loss incident in U.S. history, U.S. SPC Bradley Manning, a low-ranking U.S. Army Officer downloaded hundreds of thousands of classified documents and burned them to a CD-RW.  He then allegedly passed the documents to Wikileaks, a site that has fixated on publishing supposedly "incriminating" material on the U.S. government.

The recent report on the power plant hacks did not mention where the malware appeared to originate from or the extent of the compromise.  The specific malware used in each intrusion was also not revealed.  

Chinese university researchers have published information suggesting an attack scheme in which malware is planted on power plant systems, only to be activated at a later date causing catastrophic failures of the power grid, crippling the nation a war scenario.  In 2011 there was an alleged security breach at a wind power facility in the U.S., but that was believed to be the work of a disgruntled employee.

Source: US ICS-CERT



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

You cannot have it both ways
By maxxcool on 1/17/2013 5:01:01 PM , Rating: 3
You cannot have it both ways. Either you use External media, or you network it...

Of the two, fire the idiot with the infected media and NEVER network Scada hardware.




RE: You cannot have it both ways
By JediJeb on 1/17/2013 7:56:54 PM , Rating: 2
It would be safest to have them unnetworked, but if they must be networked to run the plant then the control systems should be physically disconnected from any other network in the facility which has contact with the internet. Maybe it is a little inconvenient but sometimes convenience can be a bad thing.


RE: You cannot have it both ways
By TSS on 1/17/2013 11:47:50 PM , Rating: 2
It's very simple.

No powerplant needs to be connected to the internet. There's no point. If needbe make a law that power providers must manage powerplants on-site so they don't get any remote-control ideas.

Local networks don't need external acces at all. No wifi, CD players, USB ports or whatever. Get a PS2 connected mouse and keyboard. You can ghost-image them over that network.

Then connect 1-4 PC's that *can* accept external media, put them in a highly secured room (passcode to get in, guard outside the room that comes inside and observes the work getting done if somebody needs to exchange data). On the more vital locations 2 guards with a laptop that checks every mobile acces device they bring in before and after, and shows modified data and virus scanners/what not to make sure you know what data comes in and goes out.

If you need internet, make a second network on the internet but without any possible secured information or connection to vital components.

That should be more then enough to prevent 99,9% of all possibility of sabotage. And it is a real issue, maybe hearing about terrorists has kind of desentizised us but it's more then likely the next terrorist attack (and eventually there will be one) will use code on powerplants, rather then airplanes on buildings, especially considering how dependant the US economy is on a grid that's running at or near capacity already.


RE: You cannot have it both ways
By Samus on 1/18/2013 1:59:06 AM , Rating: 2
Battlestar Galactica policy: no computers are networked.

1) Many individual computers must be used to carry out a particular job.
2) Humans have full control at all times.
3) The inherant checks and balances would require all humans to be involved in a complete failure of the system the individual computers control.

Result: Virtually impossible for computer infections or malfunctions to bring down the system they control.

Considering the state of our foreign affairs, I don't think it is wise at this point in time to add information technology our power plants. Update them, yes. Make them more efficient and modern, yes. Put them on a network or God forbid, the Internet, HELL NO.

Why do any computers in a power plant that control any critical systems have active USB ports anyway!?


RE: You cannot have it both ways
By RufusM on 1/18/2013 12:34:31 PM , Rating: 2
The solution is to not allow external media into the internal machines and enable only outbound communication to the outside.

For outbound communications they need to setup a physical one-way optical connection from the internal systems to the external systems. The outbound optical connection is send only, enforced in hardware with an optical sender and no receiver, so it's not possible to receive anything on it.

This way the internal systems can report their status for external monitoring but they cannot receive any external data through the network.

Many nuclear power plants have this setup with network protocols designed for the one-way communication.


NCO not Officer.
By danjw1 on 1/17/2013 5:49:31 PM , Rating: 2
As a Specialist he is considered an Non-commissioned Officer not what most people consider an Officer, like an Ensign or Lieutenant.




RE: NCO not Officer.
By foolsgambit11 on 1/17/2013 6:21:49 PM , Rating: 2
Not even a Non-Commissioned Officer. He'd have to be a Corporal for that (same pay grade, but in a leadership position).


RE: NCO not Officer.
By mdbrotha on 1/17/2013 9:54:28 PM , Rating: 2
He isn't an NCO. He is just an overpaid private. The rank of Corporal although the same pay grade is an NCO.


Easy solution
By Argon18 on 1/18/2013 12:45:36 PM , Rating: 3
The easiest solution is to ban all Microsoft operating systems from sensitive data processing use. Since Microsoft OS's are the only ones susceptible to viruses, that would solve the problem instantly.

The only type of malware that can infect non-Microsoft OS's are trojans, which are more of a social engineering problem than a technical one. Educate users on not running or installing things from untrusted sources, and then you have a truly impervious environment.




RE: Easy solution
By JediJeb on 1/18/2013 6:28:14 PM , Rating: 2
quote:
Since Microsoft OS's are the only ones susceptible to viruses, that would solve the problem instantly.


Not quite true, there are UNIX/Linux/BSD viruses out there. They are not common but they do exist. Staog and Bliss were the first two discovered that affected Linux, though the vulnerabilities they exploited have been fixed. The good thing about Linux is that being open source once a virus appears then the whole community of users can begin working on a fix to the problem.


power plants
By Argon18 on 1/18/2013 12:49:15 PM , Rating: 3
This article isn't that helpful since it doesn't describe the systems in any detail. But I can tell you as a fact that 100% of nuclear power generation in the US is managed by Tandem NonStop servers running the NSK operating system. Any Windows machines are in minor ancillary role, and the management of the reactor is handled purely by the secure and reliable NSK servers. Same is true for the stock exchanges, and other critical infrastructure. They are safe from viruses because they don't use a Microsoft OS.




Power plant regulation by government
By ainarm on 1/18/2013 9:09:00 AM , Rating: 2
Actually only partially right. Power plants are regulated by the NERC CIP requirements if they are listed as critical plants. http://www.nerc.com/page.php?cid=6|69. We have to be able to certify all kinds of security for these plants, and are subject to very large fines for violations. One of the requirements pretty much eliminates usb devices. But not every plant is listed as critical. Also almost every plants internal control network is not connected even to main business network, let alone the internet.




"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki