Utilities Racing To Secure Electric Grid

← Back to Stories (view on slashdot.org)

Utilities Racing To Secure Electric Grid

Posted by Soulskill on Tuesday February 19, 2013 @11:59AM from the shouldn't-they-have-done-this-5-years-ago dept.

FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."

5 of 113 comments (clear)

Min score:

Reason:

Sort:

it always baffles me by gTsiros · 2013-02-19 12:07 · Score: 5, Insightful

... why are mission critical devices connected to the internet
sure we know that the weakest link is the meatware, not the hardware, but still...

--
Looking for people to chat about multicopters, coding, music. skype: gtsiros
1. Re:it always baffles me by Beardo+the+Bearded · 2013-02-19 12:38 · Score: 5, Interesting
  
  They aren't supposed to be online, no. What you have though is the desire to do remote monitoring. One of the SCADA systems I used had an email module so you could get an email when things got all fucked up. That's a super awesome feature to have on a mission critical device.
  "Hey, Beardo, it's Loader 1. Probably nothing to worry about, but sensors picked up a fluctuation in the output. Last time this happened the system crashed hard. Yeah, I know you're in a movie. Come check on meeee."
  Now if this was up to me, and I know it's not, I'd build that module with an optoelectronic relay so it can send messages but be physically incapable of receiving them. Of course that does limit the usefulness, I can't send back messages, but I could call the place and let the night crew know there's a problem (if they aren't already aware) and how to mediate it.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
2. Re:it always baffles me by Puff_Of_Hot_Air · 2013-02-19 12:47 · Score: 4, Informative
  
  ... why are mission critical devices connected to the internet
  sure we know that the weakest link is the meatware, not the hardware, but still...
  They aren't, at least, not directly. They are however generally connected at various points to the "business" network which is connected to the Internet (people gotta email). The literal air gap is largely fiction. The business network is hacked, then some vulnerability exploited in the bridge points or routers (it's a network of networks!). Why connect the SCADA to the business network at all? To get the data out to do reports, send email alarms etc. in theory this data exporting should be secure. Problem is that who is hacking your SCADA system? It's not the usual suspects; there is no money in it and the barrier of entry is too high for the script kiddies. It's other countries wanting to perform espionage. How the hell do you protect against that? Look at stuxnet, I mean really look at how that took down the centrifuges. Governments have resources that the average hacking group simply doesn't (or SCADA group). They also have no reason to reveal a compromised system. There could be sleeper, targeted, custom malware sitting on every SCADA server in the US, just waiting for the a time where it will be useful to activate. It's a brave new world!
China tries to crack everything, news at 11 by xiando · 2013-02-19 12:11 · Score: 4, Interesting

Anyone with a web-server will tell you that they are seeing dozens of penetration attempts daily, even right now. I also see this on my home ADSL line. I'm not saying the government there is doing it, but I do know that there is no other country which is attacking everything everywhere this aggressively. I don't have any web pages in Chinese and I wonder if I would be better off just using one of those iptables -j DROP lists who list all IPs in China.

--
9/11: Never forget it was a false-flag operation
Happens all the time by Anonymous Coward · 2013-02-19 12:45 · Score: 5, Informative

Do you think that the energy industry is any easier on IT folks than anybody else?
Big dollar consultants instead of trained employees, given full unescorted access because the manager doesn't want to have to sit in the datacenter and escort them to the restrooms and such.
My SCADA datacenter still allows a cleaning crew in unescorted.
And electricians, and HVAC contractors and so on.
I found out they were PAINTING my datacenter the day that my storage started freaking out with heat alarms. Went running downstairs to find the facilities team had left a painting crew in the datacenter to cover all of my cabinets (and vented tiles) with tarps.
So these devices might not start connected to the internet, but a USB key here, a rogue cellular wi-fi bridge there, and some wild stuff can happen.
I've heard of other shops that had their SCADA people upset that they couldn't work from home, so they set up "secret" networks that only they knew about so they could still get in. Secret to their co-workers/management, but easy to find for the people who do that for a living.
Going anon for good reason.