US Prepares for Eventual Cyberwar

The New York Times is reporting on preparations in the works by the US government to prep for a 'cyberwar'. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam's gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries. Regardless, the article suggests we've already seen our first low-level cyberwar in Estonia: "The cyberattacks in Estonia were apparently sparked by tensions over the country's plan to remove Soviet-era war memorials. Estonian officials initially blamed Russia for the attacks, suggesting that its state-run computer networks blocked online access to banks and government offices. The Kremlin denied the accusations. And Estonian officials ultimately accepted the idea that perhaps this attack was the work of tech-savvy activists, or 'hactivists,' who have been mounting similar attacks against just about everyone for several years."

Re:Isn't this blown out of proportion, again?

Looks like you were right; FTA:

"..through the industrial remote-control technologies known as Scada systems, for Supervisory Control and Data Acquisition. The technology allows remote monitoring and control of operations like manufacturing production lines and civil works projects like dams"

Words fail me.

Re:The Need for an Enemy

[Timesprout]

This whole terrorism thing just isn't working out

Well even the dummies are starting to put 2 and 2 together now over the whole 'terrorist global domination' charade and 'Cyber terrorists' are a ready made replacement in terms of fear mongering. Another vague, unknown threat that could be anywhere and somehow capable of causing immense destruction and loss of life at any given moment.

Slight factual error in summary

[ja]

The summary says that Estonia wanted to "remove Soviet monuments", which is an excaggeration. The monument in question was moved to a less prominent place, which is kind of understandable since the Soviet era of Estonia isn't regarded much higher than, say the Nazi occupation of places like Denmark or The Netherlands ...

The important thing to remember here is that the monument is still visible for those who wish to pay their respect to their ancestors. The monument is not, and never was, removed.

A word from the front lines

[AB3A]

I am a registered professional controls engineer. I design and manage a large SCADA system. I'm also a member of the SP-99 standards committee (the ISA standard for industrial control system security).

Industrial Control System Security is the subject of many books (with many more on the way), security committees, and even pending regulation. I could spend a long time trying to explain why things are the way they are. Here's an overview of the issue:

1) SCADA systems started out in isolation. Most were never designed for internet access and many were designed without any thought to security because there is a more important concern: Reliability and performance.

2) Office folks got wind of what information could be had from SCADA systems and the next thing that happened were a mass of people clamoring for the data. However, very few gave much thought to how that data could be extracted securely without affecting the reliability or performance of the system. As a result, there are many security compromises.

3) It's not easy to retrofit security in to an existing SCADA system. It would be like putting seat belts and air-bags on a Ford Model T. Such measures will help, but what is really needed is a re-engineering of the whole system.

4) Many of the protocols we use every day live in carefully validated embedded systems. You can't just "update" them without digging in to a morass of other embedded systems issues, in addition to the protocol itself, you have issues of performance and expected behavior. For this reason, updates of embedded firmware are rare.

5) SCADA systems live for a long time. Typical lifetimes are at least 10 years for the field devices and five years for the control room software and hardware. These configurations are carefully validated (a very tedious and expensive process), so companies are loath to upgrade them unless there is a very good reason to do so.

I can go on, but that's should give you a taste of what the situation is.

Now for the reality of interational red-teams. Yes, they exist. The US has them too. I don't design for a red team. First, that would require very frequent software upgrades, something which I've already explained is not feasible for most SCADA system operators. Second, we opt for defense in depth. We try to segment our systems so that they fail in to smaller peices which are semi-autonomous in themselves. They won't be as efficient, but they will continue to work. And finally, in case you hadn't noticed, we design our physical security to eliminate the casual vandal, not the determined para-military group. The cost of going fully secure is so high that nobody would be willing to pay for it.

At the utility where I work, we keep our SCADA system carefully shielded behind firewalls. Yet many other SCADA system managers do not understand the security issues because they're not IT savvy. Conversely, most IT staffers in utilities and manufacturing companies do not understand what a SCADA really is and does. This is not just another app. The notion of a real time or even a near real time system is alien to most. Furthermore, there is no such thing as "rebooting" in this business. In most IT applications, restarting the application or rebooting the machine is routine. Not so in SCADA. If we restart, we often lose track of many critical on-going processses. You see in most IT applications, they are the whole system. With SCADA, there is a physical world of things going on with or without them. If you're not up and running all the time, you're probably going to miss something critical.

Finally, opening dams by remote control isn't likely. We have dams where I work too. Even if we did open them by remote control (we open ours manually), the systems that we use are as far as possible from the internet, and even our office intranet. Yes, we can wash out parts of a town downstream if we're not careful. The operators of such dams are licensed and they must be very careful about how the