Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative

Posted by timothy on from the he-did-it-his-way dept.

An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."

5 of 32 comments (clear)

  1. Why not do what experts have recommended? by s.petry · · Score: 4, Insightful

    If you want "networked" configuration nodes, an isolated network should be the only thing accessing equipment. That node should not access anything else, or any other networks. If you want a monitoring node, counters coming from devices should never be writable to anything but local hardware. Monitoring nodes can access other networks for consolidation of data, but not be writable to other networks.

    I really can not understand how people continue to believe that everything should be connected to everything. Worse, that everything should be able to write to everything else. After nearly 3 decades of being shown it's a bad idea, maybe the mind set of executives should change? It's like continually banging your head on a wall, and will feel really good when you finally stop!

    Does the Government mandate this configuration as a few here have implied? If so, maybe it's time to boot shitbags out of the Government?

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Why not do what experts have recommended? by mlts · · Score: 3, Informative

      In the early to mid 1990s, intrusions did happen, but it would take some doing because someone on DECNet would have to take some doing to jump to a machine on a private x.25 network.

      These days, I've wondered about following the US government's lead with SIPRNet and NIPRNet, and having a "BIPRNet", which would be a switched network using leased lines among companies. Unless access between two machines was prearranged in advance, the boxes will not be allowed to connect to each other or forward packets. For security, the machines either share a symmetric key (like WPA2-AES-PSK), or are paired using public keys similar to Bluetooth pairing. This gives two layers of security. First, the core switch would have to be compromised to allow a third machine to connect, and then both machines would have to be compromised so they would bother interacting with the third machine and not ignore it outright. It isn't perfect, but it would be far stronger for B2B communications than the usual VPNs or SSL/TLS which can be hijacked by compromised CAs.

      This won't replace the Internet by any means, but will provide a way for businesses or internal departments to communicate that is highly resistant to mass IP probing and other attacks.

    2. Re:Why not do what experts have recommended? by TheRealMindChild · · Score: 2

      I really can not understand how people continue to believe that everything should be connected to everything

      Management: I don't care how it works, just make it work

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    3. Re:Why not do what experts have recommended? by spacefight · · Score: 4, Informative

      Not to forget that ther was an air grap at Natanz - so we're talking about more than just shutting off nodes access to the net.

      Stuxnet, as an example, bridged the air gap multiple times via infected USB keys...

    4. Re:Why not do what experts have recommended? by rhysweatherley · · Score: 2

      If you want "networked" configuration nodes, an isolated network should be the only thing accessing equipment. That node should not access anything else, or any other networks...

      Because those experts are morons. It ignores the economic cost of companies having to run a separate parallel Internet. Take electricity suppliers that need to monitor and control remote switching devices, for example. GSM/CDMA networks are just there, already deployed by the telecommunications industry. A cheap GSM modem and an account with the local telecomms supplier is economically better at contacting remote stations than running ones own wires out to single-point stations in the suburbs and the bush.

      Isolated networks also don't work. Putting a dodgy default-passworded device on an internal network doesn't work when your attacker walks up to the remote station, cuts off the padlock, and installs their own device straight onto your wide-open "no one could possibly hack this because it's disconnected" network. Which is basically how Stuxnet got deployed - direct intervention onto a private network at a weak point.

      This problem cannot be solved with simplistic "if you don't want people to hack it, don't connect it to the Internet" solutions. How about building it to be difficult to hack in the first place? Or making VPN layers the default way the Internet works rather than an afterthought? Or teaching (mostly non-software) engineers security techniques that were honed over decades of fighting malware on the open Internet? Or any of a million other practical solutions that don't boil down to "la la, I can't hear you so you can't hear me".