Slashdot Mirror

← Back to Stories (view on slashdot.org)

New York City Pushes Plan To Prevent Cyberattacks On Elevators, Boilers

Posted by timothy on from the what-about-egg-poachers-and-escalators? dept.

coondoggie writes "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems and decided to disrupt them, imperiling the lives of hundreds of thousands of residents relying on them. Think it could never happen? Think again. 'You could increase the speed of how elevators go up or down,' says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority, which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems for the boilers, they could raise the heat levels for municipal boilers, causing them to explode." Maybe Bruce Schneier could run a new movie-scenario contest about ways this could play out.

10 of 171 comments (clear)

  1. DUMB by Anonymous Coward · · Score: 5, Insightful

    These systems shouldn't be network accessible anyway.
    !!!

    1. Re:DUMB by spazdor · · Score: 5, Insightful

      And even if they are, why on earth would they have software-configurable speeds or pressures that can range outside of safe parameters? The safety limits should be hard-coded.

      --
      DRM: Terminator crops for your mind!
    2. Re:DUMB by crashumbc · · Score: 5, Informative

      They aren't the writer is a idiot. Boiler's have MULTIPLE safeties that will just them down locally.

      Not to mention mechanically pressure release devices, at worst they would vent boiler water onto the boiler room floor...

    3. Re:DUMB by tqk · · Score: 4, Interesting

      They aren't the writer is a idiot. Boiler's have MULTIPLE safeties that will just [shut] them down locally.

      Not to mention [mechanical] pressure release devices; at worst they would vent boiler water onto the boiler room floor...

      We hope. Far too many geeks just assume what's drop dead obvious to them is drop dead obvious to users/regular mortals. You guys should know by now that's not true.

      Then, add in moronic management. !@#$ generally wants to happen if it can. See Murphy's Law.

      --
      "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  2. Does this guy even know anything about this? by h4rr4r · · Score: 5, Insightful

    Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

    1. Re:Does this guy even know anything about this? by cyberchondriac · · Score: 4, Funny

      Elevators also have speed controls, and cannot go faster than a certain designed-in speed because of mechanical reasons, not CPU controlled ones.

      Aw crap, there goes my idea for a poor man's space elevator.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  3. Re:Read only settings by h4rr4r · · Score: 4, Funny

    How else would the turbo button work?

  4. Derp, meet Herp by girlintraining · · Score: 4, Insightful

    "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems."

    Some people would have to take the stairs and others would take cold showers. A truly terrifying prospect. Elevators and hot water are conveniences; People don't die from the lack of them.

    --
    #fuckbeta #iamslashdot #dicemustdie
  5. Re:So much hype over hackers by Dr_Barnowl · · Score: 4, Insightful

    Just try to get into any big bilding without a security guard on your ass.

    Get a boilerman's uniform. Wave your visitors pass. If the guard insists on accompanying you, look busy until he goes to pinch a loaf.

    Half the reason Kevin Mitnick was notorious was not because he was a stone cold hacker - he was a good social engineer.

  6. Re:Read only settings by denobug · · Score: 4, Insightful

    Perhaps compliance with new regulations? A service company could theoretically roll an update out accross a country or state without having to visit each elevator.

    No you do that ON-SITE. This is not web services or video games. You have someone there locally to confirm it is working in real life when making parameter changes like this.