Utilities Racing To Secure Electric Grid

← Back to Stories (view on slashdot.org)

Utilities Racing To Secure Electric Grid

Posted by Soulskill on Tuesday February 19, 2013 @11:59AM from the shouldn't-they-have-done-this-5-years-ago dept.

FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."

25 of 113 comments (clear)

Min score:

Reason:

Sort:

Best Nerdcore Band Name Ever by Jah-Wren+Ryel · 2013-02-19 12:00 · Score: 3, Funny

Theoretical Air Gap!

--
When information is power, privacy is freedom.
1. Re:Best Nerdcore Band Name Ever by ColdWetDog · 2013-02-19 12:25 · Score: 3, Funny
  
  Well, I, uh, don't think it's quite fair to condemn a whole program because of a single slip-up, sir.
  
  --
  Faster! Faster! Faster would be better!
2. Re:Best Nerdcore Band Name Ever by Ol+Biscuitbarrel · 2013-02-19 13:20 · Score: 2
  
  Thank you, General Turgidson, that will be all.
it always baffles me by gTsiros · 2013-02-19 12:07 · Score: 5, Insightful

... why are mission critical devices connected to the internet
sure we know that the weakest link is the meatware, not the hardware, but still...

--
Looking for people to chat about multicopters, coding, music. skype: gtsiros
1. Re:it always baffles me by Beardo+the+Bearded · 2013-02-19 12:38 · Score: 5, Interesting
  
  They aren't supposed to be online, no. What you have though is the desire to do remote monitoring. One of the SCADA systems I used had an email module so you could get an email when things got all fucked up. That's a super awesome feature to have on a mission critical device.
  "Hey, Beardo, it's Loader 1. Probably nothing to worry about, but sensors picked up a fluctuation in the output. Last time this happened the system crashed hard. Yeah, I know you're in a movie. Come check on meeee."
  Now if this was up to me, and I know it's not, I'd build that module with an optoelectronic relay so it can send messages but be physically incapable of receiving them. Of course that does limit the usefulness, I can't send back messages, but I could call the place and let the night crew know there's a problem (if they aren't already aware) and how to mediate it.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
2. Re:it always baffles me by Puff_Of_Hot_Air · 2013-02-19 12:47 · Score: 4, Informative
  
  ... why are mission critical devices connected to the internet
  sure we know that the weakest link is the meatware, not the hardware, but still...
  They aren't, at least, not directly. They are however generally connected at various points to the "business" network which is connected to the Internet (people gotta email). The literal air gap is largely fiction. The business network is hacked, then some vulnerability exploited in the bridge points or routers (it's a network of networks!). Why connect the SCADA to the business network at all? To get the data out to do reports, send email alarms etc. in theory this data exporting should be secure. Problem is that who is hacking your SCADA system? It's not the usual suspects; there is no money in it and the barrier of entry is too high for the script kiddies. It's other countries wanting to perform espionage. How the hell do you protect against that? Look at stuxnet, I mean really look at how that took down the centrifuges. Governments have resources that the average hacking group simply doesn't (or SCADA group). They also have no reason to reveal a compromised system. There could be sleeper, targeted, custom malware sitting on every SCADA server in the US, just waiting for the a time where it will be useful to activate. It's a brave new world!
3. Re:it always baffles me by dave562 · 2013-02-19 14:07 · Score: 3, Interesting
  
  If the SCADA system is architected properly, remote monitoring is done via a Historian server that does not have the ability to affect the control systems.
  I helped setup a Honeywell system to run a power plant in central California. My job was to architect the network piece of it. The hardware itself was completely mirrored in a typical master / slave relationship so that if the master failed, the slave was completely synchronized and could pick up the load.
  There was a hardware firewall in between the production network and the Historian. The connection between the two was one way so that the it could report historical data for reporting purposes.
  The corporate network connected to the historian via an IPSEC/AES-256 VPN connection. The switch fabric was redundant and the firewall used dual-homed, active/passive connections to mitigate against the potential of a switch failure.
4. Re:it always baffles me by drinkypoo · 2013-02-19 14:24 · Score: 3
  
  There was a hardware firewall in between the production network and the Historian. The connection between the two was one way so that the it could report historical data for reporting purposes.
  What I'm seeing you say is what I'd like to hear, but unfortunately what I'm reading is you were depending on a piece of software on a firewall to be vulnerability-free in order to provide your one-way communications.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
5. Re:it always baffles me by west · 2013-02-19 17:43 · Score: 2
  
  ... why are mission critical devices connected to the internet
  Because being connected to the internet saves a *lot* of money. Instead of having to have an entire emergency team on site at all hours, you can get away with a minimal team at nights/weekends, and workers who can, in an emergency, connect from home.
  It takes a very capable manager who can persuade the higher ups that its necessary to continue spending a few millions dollars in wage costs every year to avoid what (at least until very recently) seemed to be a very illusionary threat. Besides, surely with a few precautions like multi-factor authentication, there's no possible way that anyone could break in :-).
  Note, it's even harder if you're bidding for contracts. Try telling prospective clients that the reason your prices are double are because you refuse to enter the Internet age... Especially when those you are bidding against are assuring the customer that they're taking all the necessary precautions.
  It's a sad fact of life that it's rarely worthwhile to spend a lot of money to protect against rare disasters if your competitors aren't doing the same. (Note, normal disaster planning adds a few percent to cost - we're talking about making yourself bullet proof, which may double or triple your costs.) The odds are fairly high that with much higher costs, you'll be bankrupt before the disaster hits, and moreover, if all your competitors are being hit by the same disaster, the general sentiment becomes "no-one could have predicted it" and everyone keeps their jobs anyway.
6. Re:it always baffles me by blackraven14250 · 2013-02-19 18:19 · Score: 2
  
  They're not government owned in the US...
7. Re:it always baffles me by Redmancometh · 2013-02-19 18:27 · Score: 2
  
  "thanks george now we need to order an $800 EROM everytime to update firmware on our PLCs"
8. Re:it always baffles me by firewrought · 2013-02-19 19:11 · Score: 3, Insightful
  
  Why the hell are mission-critical systems connected to business networks that are themselves connected to the Internet?
  Because the functioning of the business relies integrally on both.
  Look... I sympathize with the "air gap" argument, but it's not the mid-90's anymore. Business has been transformed by the ability to connect industrial systems with centralized command centers with payment systems with other companies. It's not for execs to have bullshit ipad dashboards... it's for the business to make operational decisions that will take effect in the upcoming hours/minutes/seconds, to meet contractual and legal obligations, to feed customer- and billing-related systems (no point in running a business if you can't cut a bill, eh?).
  The world's not going back... VPN's, firewalls, segregated networks, etc., etc., but "air gap" won't do it anymore. Data is the lifeblood of business.
  
  --
  -1, Too Many Layers Of Abstraction
China tries to crack everything, news at 11 by xiando · 2013-02-19 12:11 · Score: 4, Interesting

Anyone with a web-server will tell you that they are seeing dozens of penetration attempts daily, even right now. I also see this on my home ADSL line. I'm not saying the government there is doing it, but I do know that there is no other country which is attacking everything everywhere this aggressively. I don't have any web pages in Chinese and I wonder if I would be better off just using one of those iptables -j DROP lists who list all IPs in China.

--
9/11: Never forget it was a false-flag operation
1. Re:China tries to crack everything, news at 11 by OhANameWhatName · 2013-02-19 13:09 · Score: 2
  
  I'm not saying the government there is doing it, but I do know that there is no other country which is attacking everything everywhere this aggressively
  I'm not saying that you're contradicting yourself, but you're contradicting yourself.
The best defence is interdependence by Baron_Yam · 2013-02-19 12:20 · Score: 2, Interesting

China benefits from a functional United States. So long as the benefits outweigh any prize that would remove them in the taking, Americans are fairly safe from Chinese attack.
1. Re:The best defence is interdependence by Anonymous Coward · 2013-02-19 12:53 · Score: 2, Interesting
  
  1: Does china control their military any better than the USSR did?
  2: Mapping out US electrical utilities is a big deal because if you want to disable your opponents energy infrastructure you need to know where all the substations are at. Those are far more vulnerable than the power stations themselves.
  3: Also there are trade secrets to acquire as well as contracts. If you know who they do business with, and you can copy their technology, then you can sell to those companies and make buko bucks doing so.
2. Re:The best defence is interdependence by kheldan · 2013-02-19 12:59 · Score: 2, Informative
  
  China benefits from a functional United States
  "Functional" is a very broad term. Everything could be "functional" and still be wired for demolition (in the virtual sense) at the push of a button halfway around the world, and furthermore laced with failsafes so that any attempt to tamper with it blows it all up in our faces. It could be that way right now and nobody knows it (or is telling us about it). Change the names around and think about it a moment: Someone infiltrates Iran's industrial control infrastructure in this way, and once it's completely irrevocable, issue what amounts to a blackmail notice. If it all worked as designed then Iran has no choice but to give in to any demands made, or have irrecovable damage done to their country. Now make this about the U.S. and China instead..
  
  ..oh, and here comes some dickheads modding me down to "-1, troll" or "-1, flamebait". Yeah, yeah, whatever.
  
  --
  Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
3. Re:The best defence is interdependence by camperdave · 2013-02-19 14:49 · Score: 3, Informative
  
  Mapping out electrical utilities is not a big deal, it is trivial. It is perfectly legal to drive around the country following power lines and they can find agents who blend in and can claim to be on vacation, looking for property or whatever. If there were a serious danger of attack on us via our infrastructure someone would have done it already because it is so very unprotected.
  Drive around the country? Google Maps, my friend. You can follow power lines all over the place from the comfort of your living-room.
  
  --
  When our name is on the back of your car, we're behind you all the way!
Happens all the time by Anonymous Coward · 2013-02-19 12:45 · Score: 5, Informative

Do you think that the energy industry is any easier on IT folks than anybody else?
Big dollar consultants instead of trained employees, given full unescorted access because the manager doesn't want to have to sit in the datacenter and escort them to the restrooms and such.
My SCADA datacenter still allows a cleaning crew in unescorted.
And electricians, and HVAC contractors and so on.
I found out they were PAINTING my datacenter the day that my storage started freaking out with heat alarms. Went running downstairs to find the facilities team had left a painting crew in the datacenter to cover all of my cabinets (and vented tiles) with tarps.
So these devices might not start connected to the internet, but a USB key here, a rogue cellular wi-fi bridge there, and some wild stuff can happen.
I've heard of other shops that had their SCADA people upset that they couldn't work from home, so they set up "secret" networks that only they knew about so they could still get in. Secret to their co-workers/management, but easy to find for the people who do that for a living.
Going anon for good reason.
China shouldn't be the concern by Anonymous Coward · 2013-02-19 12:54 · Score: 2, Interesting

The problem comes from the previous generation of smart meter addressing which included broadcast groups and whose keys were managed by the utilities via HSMs. The tech is solid, but when you are dealing with utilities whom have very little real sophistication on the IT side dealing with crypto technologies they don't understand, bad things can and will happen.
Get access to the HSM at the provider, or the smart cards they've backed up keys onto, and you can forge a packet that will trigger a significant number of meters. All that could go away if we simply required truck rolls for turn-offs, but that is the most marketable aspect that drives adoption (that and turning on 8 confusing pricing tiers which they help shift the "blame" for a high bill from the utility charging more to the user who "chose to run that A/C during the hottest time of the day".
Grr.
Re:Fuck off by Anonymous Coward · 2013-02-19 13:06 · Score: 2, Interesting

Half of these articles don't even hide the fact that they're written and promoted by people that are looking for government money to secure infrastructure. Often it's even infrastructure that they own and that they're responsible for. One such person is even named in the first sentence of this article.
We're all in danger! Quick better make some new laws, imprison a few more people, and find a hero that can protect us!
Not all companies are equally bad by dreamchaser · 2013-02-19 13:23 · Score: 3, Interesting

One of my clients is a large electric utility. Their security, both physical and for IT systems, is top notch. None of their SCADA systems are online, they do routine and regular audits of all security, and even 'trusted' people like myself have to jump through hoops to get into the Data Center, and are always escorted.
They have really cool doors to get in too. They are like decontamination booths. You step into a vertical tube and wait to be cleared then the tube rotates and opens the other side.
On the other hand, I've done work for other utilities where yes, the cleaning crew goes in through what amounts to an open door, without an escort.
1. Re:Not all companies are equally bad by bcong · 2013-02-20 02:38 · Score: 2
  
  Those doors are called man traps, and they do exactly what it sounds like they do if you are entering an area you are not supposed to.
Simple solution... by msauve · 2013-02-19 14:36 · Score: 3, Interesting

Change those systems from IP to ARCNET (or AppleTalk, or IPX, or ???).

--
"National Security is the chief cause of national insecurity." - Celine's First Law
Unmanned. by thegarbz · 2013-02-19 20:45 · Score: 2

Because mission critical devices may not be manned. This is a rising trend in remote asset management. It's used extensively in upstream processing and pipelining that is slowly working it's way to downstream.
Heck one large gas ... manufacturer (though it's hard to call air separation "manufacturing") in our country runs all plants remotely. Sure there are staff there, but no one in the control room, no one in front of the computers. The onsite staff are used to bring the plant online and handle emergency cases but as soon as a steady state is achieved the controls are handed over to a dedicated team in another country, who run these almost identical plants all over the world.
Airgap in this case is cutting off control.