Slashdot Mirror
Microsoft Worms Crash Ohio Nuke Plant, MD Trains
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
...should be fired. Why was the safety monitoring system on a nuclear power plant exposed, even indirectly, to the internet?
I can't say that I don't give a fuck. I've just run out of fuck to give.
I just submitted the same story, it will probably get rejected, so here's some more links:
The Washington Post is reporting that the Slammer worm crashed the computerized display panel which monitors the most crucial safety indicators (coolant systems, core temperature sensors, and external radiation sensors) at Ohio's Davis-Besse nuclear power plant in January. No serious problems occured, primarily because the plant has been offline for more than 1-1/2 years.
Davis-Besse is run by FirstEnergy, which many people feel may bear much of the responsibility for last weeks power blackout.
>Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe), and keep the thing patched.
How is this any different from;
Use a Windows 2000 machine, make sure it has only the access level needed from the outside (maybe sshd or something similar running, maybe), and keep the thing patched.
If there was a Linux/Unix worm running around, couldn't the exact same situation happen?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
in an environment like a nuclear power plant, why aren't there firewalls on all clients? i mean, network security in such an installation is about as important as it gets.
it's possible the vulnerability arose through someone accessing internet e-mail. but wall street firms regularly blacklist internet e-mail sites. they do that b/c they're regulated to ensure that proprieties are kept and people aren't defrauded. a nuke though--we're talking more than just dollars and cents here.
it may not be fully the fault of the admins.
ed
That is a silly conclusion to come to. Presumably they're also implying the same about the power grid.
I have first-hand experience with Ontario Hydro's IT nework (now Hydro One's IT network ;) and I gotta say - they have firewalls up the wazoo. And this is the problem. They rely on border security. However, on networks as large as the ones being discussed, border security doesn't cut it. There are too many entry vectors. People reading email, people browsing the web, and oh my god people with laptops - the pain the pain.
So before you go thinking "they aren't even taking precautions that would have saved them! Fire them!" understand that it's *exactly* that attitude which caused the networks to go down in the first place - the common misconception the a firewall is a magic wand that will solve all their ills.
Border security does NOT cut it when you run insecure software on the inside, boys and girls. And you can take that to the bank.
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Perhaps the silliest quote from the article:
CSXT has confronted increasingly sophisticated computer viruses, like ones that have penetrated some of the most secure sites in the country in recent days.
Sorry, but they're obviously not "some of the most secure sites in the country". If they were, they wouldn't have been penetrated like this. How can I say this? Because my company didn't get penetrated.
I'm afraid of sounding like a broken record here, because if anyone looks at my past posting history they'll see I've said exactly the same thing. However, the fact is we have mission-critical 24/7/365 servers running Windows (as well as Linux) that simply can not be vulnerable. So we secure them, and we protect them, and put in safeguards, and work together as a team if there is a particularly nasty threat out there...and we keep running. Funny, that.
Sod it; plenty of other posters will argue the point about patching, firewalling, etc., and a myriad of rabid MS-bashers will refute and insult. Let my small voice add merely this to the fray -- it doesn't have to be this way, even if you use Windows. All that is required is people who know what they're doing.
You're not just connecting to your business partners, you're connecting to everyone they've ever connected to.
The Register article says "It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread".
I'd never let a client do that. From a business risk management point of view, you *might* allow a direct connection by a vendor, *if* you had a good contract requiring them to keep good security and be responsible for breaches, and *if* you had secured everything sensitive in your internal network. From a theoretical or technical point of view, you should never trust something you don't control.
Monitoring systems are just as safety-critical as control systems. After all, the feedback loop is part of a control system. Imagine an intruder changing the readings to show that reactivity was decreasing, core temperature was dropping, and coolant pressure was so high that relief valves should be opened. You'd have a Three Mile Island rerun. That system should never, NEVER have been exposed even indirectly to the Internet.
But then, Davis-Besse is the plant where someone thought the way to check for an air leak was to poke around with a lit candle near flammable insulation wrapping critical control cables (1975).
This will probably get me flamed to no end but think about it..
One life and death critical systems they should use proprietary hardware, OS and software.
Not any version of Windows, not any version of Linux, not Intel, not AMD, but something totally alien. Something that is designed from the ground up to be DIFFERENT and CLOSED that can not communicate with the outside world and the system that the outside world run on.
I'm talking about Air Traffic Control systems, Nuke plant controls, railroad traffic systems, hospitial systems, military systems, power systems, public utilities.
I mean NEW CPU's and a NEW OS and NEW software that is so different and so tightly closed that nothing can communicate with it but other systems of the same design.
With every other little dickweed with a Wally World emachine typing "1337" into google and downloading DIY virus labs, and these same little punks having access to the same networks that all the above mission critical systems communicate on, well, it's a disaster waiting to happen.
And when some script kiddie crashes a 747 full of people from his Wally World emachine on his mommies AOL account, what then? Or the same kiddie opens the floodgates on a dam and kills 200,000 people. Or a million people. Or makes a nuke plant go Chernobyl?
When burglars keep breaking into your safe every week and robbing you blind you would assume that it's time to get a better safe..
Before the world went insane and computerized every friggin thing from toasters to pay toilets to the power grid, this sort of thing was IMPOSSIBLE. Time to fix it folks..
Flame away..