Slashdot Mirror

← Back to Stories (view on slashdot.org)

South Korean Power Plants To Conduct Cyber-Attack Drills Following Hack

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes South Korea's nuclear operator has been targeted in a cyber-attack, with hackers threatening people to 'stay away' from three of the country's nuclear reactors should they not cease operations by Christmas. The stolen data is thought to be non-critical information, and both the company and state officials have assured that the reactors are safe. However, KHNP has said that it will be conducting a series of security drills over the next two days at four power plants to ensure they can all withstand a cyber-attack. The hacks come amid accusations by the U.S. that North Korea may be responsible for the punishing hack on Sony Pictures. Concerns have mounted that Pyongyang may initiate cyber strikes against industrial and social targets in the U.S. and South Korea.

39 comments

  1. airgap by mrflash818 · · Score: 1

    Now would be a good time to institude a national airgap policy for critical infrastructure, if not already in place.

    --
    Uh, Linux geek since 1999.
    1. Re:airgap by oodaloop · · Score: 4, Insightful

      That didn't stop stuxnet. If you mandate an airgap, then employees will airgap their files, and music, and cat videos, and everything else they were using the internet for, and USB drives become the vector. Ban USB drives, and there is no airgap and no work. Data needs to go in and out of the network, one way or another. Airgap is no replacement for proper security measures and training.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    2. Re:airgap by ELCouz · · Score: 1

      About disabling physically any USB port? Use PS/2 for keyboards and mices ... and you are golden!

    3. Re:airgap by Anonymous Coward · · Score: 0

      not if you have a new dell with no PS2

    4. Re:airgap by Anonymous Coward · · Score: 1

      We have air gapped computers at work. The USB ports have been hot-glued shut.

    5. Re:airgap by Anonymous Coward · · Score: 0

      our brand new dells all still have PS2, in fact we were surprised by that. a few of our older dells didn't, but we bought new ones and there they are... a kid we recently hired asked what they were for...

    6. Re:airgap by Anonymous Coward · · Score: 1

      You can administratively disable USB mass storage while preserving access to keyboard and mice without much issue. In Windows its easily done with group policies and/or registry changes. If your users have local administrator rights they could attempt to override that setting. In which case you eliminate any reason for them to have local administrative rights, even if that means turning some of your fickle applications into remote apps on a server with no USB access.

      Those principals are applicable on other platforms, even if they are implemented differently.

    7. Re:airgap by Anonymous Coward · · Score: 0

      They don't use off-the-shelf Dells to run nuclear reactors.

    8. Re:airgap by Anonymous Coward · · Score: 0

      It's not that easy. Infrastructure that is interconnected with different companies (think power grid) needs to share data in order to facilitate reliability and stability.

    9. Re:airgap by Anonymous Coward · · Score: 1

      Nah they'd rather use basement bargain Gateway 2000 computers running Windows NT.

    10. Re:airgap by Anonymous Coward · · Score: 0

      you would be wrong.
          This is a nuclear power plant. no external to internal communications need to occur AT ALL.

      Think so ? Tell us what you think do and be specific.

    11. Re:airgap by currently_awake · · Score: 1

      Then disable autorun on all USB ports. And remove all software on critical computers that you don't actually need (and don't let users install anything). And epoxy all USB connectors on critical computers that don't actually need USB. Airgapping is the start of protection, not the whole cake.

  2. Huh? by NetNed · · Score: 1

    "May be responsible"???? What happened to the FBI and their concrete "sources can't be reveled" proof?

    1. Re:Huh? by oodaloop · · Score: 1

      Cyber != internet. Stuxnet hit Iran's nuclear enrichment facilities through USB drives. Being airgapped is not sufficient.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    2. Re:Huh? by Anonymous Coward · · Score: 0

      Could be as a means of monitoring things off site for safety reasons. or as a means of load balancing power production between facilities. Or to run an unreal tournament server.

    3. Re:Huh? by zlives · · Score: 1

      airgap is a good start.

    4. Re:Huh? by confused+one · · Score: 2

      It's pretty common for there to be a data link from the control system to the outside world. This is to provide feedback and monitoring capability -- for load balancing, security, and so the managers have access to information about the state of the machine(s). If they're smart, this data stream is one way only, with an intermediary firewall / server controlling access. If they're really smart, the cable only has the Tx pair connected.

    5. Re:Huh? by Graymalkin · · Score: 2

      The plant's control systems may indeed be air gapped. However there are still access vectors. For instance some internet connected switch that sits on a dedicated SCADA network might be exploited and then use the private SCADA network (which isn't necessarily TCP/IP) to access the otherwise air gaped systems. Even exploiting non-critical or seemingly non-critical machines might affect the operation of secure isolated systems.

      Then there's always the USB infection route. An unwitting user inserts a USB stick and you end up with a Stuxnet style infection. I'd much rather a nuclear power plant take a belt and suspenders approach to security rather than just assume an air gap is sufficient.

      --
      I'm a loner Dottie, a Rebel.
    6. Re:Huh? by cbiltcliffe · · Score: 1

      If there is an Internet connected switch on the dedicated SCADA network, then it's not air gapped, by definition. Air gapped means there's no wire running from the Internet side to the protected network. Hence, there is an "air gap" in between the two networks.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    7. Re:Huh? by bouldin · · Score: 1

      Are you suggesting that the power plant should not be air-gapped, or that it should be air-gapped with additional controls?

  3. Shouldn't this be obvious? by Anonymous Coward · · Score: 0

    Am I the only one who seems to have realized BEFORE everything was hooked up to 'The Net' and 'On the Cloud' that this is a bad idea, as it makes it vulnerable to attack?

    Managers always seem to want the "Next Big Thing" but never ask the important questions - is it a good idea? And what are the risks?

    Some of them dismiss the risks as trivial, like "Who would EVER want to risk their life spray painting their name on an overpass? Therefore - it will not happen." And thus, do not make any plans or steps to prevent such a thing from happening. Then seem surprised when it does.

    Astounding.

    1. Re:Shouldn't this be obvious? by Aeros · · Score: 1

      Yes..yes you are the only one to have thought about this. We will consult your expertise next time.

  4. I would imagine.... by mitcheli · · Score: 1

    that a lot of companies will be re-evaluating their security.

    --
    Select from tblFriends where interesting >= 4;
    1. Re:I would imagine.... by Anonymous Coward · · Score: 0

      and then concluding, ... meh

    2. Re:I would imagine.... by mitcheli · · Score: 1

      Sadly, you're probably right.

      --
      Select from tblFriends where interesting >= 4;
  5. Huh? by ELCouz · · Score: 1

    The fuck a nuclear reactor need to be connected to the Internet??? Air gap anyone?!?!

  6. Not going to mention the ongoing US cyberattack? by Anonymous Coward · · Score: 0

    So we're not going to mention the ongoing US cyberattack against North Korea that's effectively knocked it entirely off the Internet?

    Interesting.

  7. WCPGW by cellocgw · · Score: 2

    That's my first reaction: it's one thing to set up a virtual environment and pen-test it; rather another to test systems which are currently making sure nuclear plants are running properly and fully failsafed.
    Maybe I'm just paranoid 'cause I'm reading "Wolves eat Dogs," but I sure hope they don't test on an operational plant.

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  8. Repeat the lie until its believed... by s.petry · · Score: 1

    Come on guys, nobody is buying it. It can't be that after Iraq and the WMDs, or Benghazi, that people know we are flat out liars. MORE PROPAGANDA!

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Repeat the lie until its believed... by Aeros · · Score: 1

      WMD's found http://www.usnews.com/opinion/...

  9. Honestly... by Anonymous Coward · · Score: 0

    I wish more shit would do this. Nevermind that USB has turned out to be a huge mess for ensuring I/O access to your computer system.

    Lots of times when I was 'locked out' of my computer pre-USB I could still trigger reboots, application termination, or switch to console (linux, or rarely windows if the display driver crashed in a non-BSOD manner.) Nowadays if you have a USB-only system, or are utilizing a USB keyboard you often run into issues with bios access (some systems USB keyboards act just like AT or PS/2 ones, others only have predefined intervals where they trigger properly), you often find yourself with the usb bus disabled and no way to trigger system requests, interrupts, or non-hardware reboots.

    For all their talk about the 'future' a number of things have gotten changed in manners that have turned out to NOT be for the better.

  10. The threat of North Korea! by MagickalMyst · · Score: 3, Funny

    Watchout!

    Kim Jong now has the 1337 haxor skillz to set a Sony alarm clock to go off at any time he chooses!

    We're doomed!

    --
    Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
  11. In regard to by Squatting_Dog · · Score: 1

    I'm not advocating that the bombs should be falling, however, if North Korea has been confirmed as being responsible for the attack on Sony and now appears to be making terroristic threats against American allies then why has there been no response from the U.S.? Sanctions or something!

    A foreign nation has attacked a U.S. company on U.S. soil and has caused financial loss to that company and is threatening the lives of those associated with that company. Now, North Korea is making direct threats against the U.S. Is this not an act of War? Where is our response?

    1. Re:In regard to by currently_awake · · Score: 1

      I don't recall the sanctions against the USA over the stuxnet worm. Did you have some links?

    2. Re:In regard to by bouldin · · Score: 1

      We don't attack NK because they have enough bunkers on the North side of the DMZ to destroy Seoul. The bunkers are deep, and they could pound on Seoul with artillery for days before we could destroy all of them.

      Oh yeah, and China would threaten us with war.

  12. Protecting US power stations by myid · · Score: 1

    A Quartz article says the DHS accidentally released more than 800 pages "demonstrating how easy it was to hack elements in power and water systems."

    The article says the DoD bought devices that would protect power plants from attack:

    “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERC-CIP audits.”

    Assuming this article is accurate (I don't know how power stations work), I hope the new Congress will care enough about security to force utilities to secure themselves. I'm not holding my breath, though.

  13. simplest tool by Anonymous Coward · · Score: 0

    To prevent cyber attack:

    1. remove or turn off all router to the internet/ISP

    done

  14. Nukes should already be hardened by ChumpusRex2003 · · Score: 1
    Most national regulators require that any safety-critical computer systems in nuclear facilities are formally proven correct. Due to the difficulty in producing absolutely bug-free code, and proving that you have done so, a lot of systems continue to rely on pure analog control.

    For example, nuclear-grade UPS systems typically offer a feature such as the following: "Digital logic free. 100% analog control with fully verified behavior. No need for expensive and time consuming software verification"

    Similar validation is available for nuclear grade diesel generators and their control systems.

    Similar design principles are often applied to the reactor instrumentation, although reactor control is usually digital and verified to the highest level. That typically means no inputs to the system, except the core sensors and core controls. The software uses only a minimal subset of language and OS features - e.g. no memory allocation, no dynamic linking or binding, etc. Calibration and model data must be built into code using a validated code generator and then statically linked into the binary, all memory must be statically allocated at compile time, etc.

    The risk is whether less critical systems may be at risk - SCADA and similar systems may be in use for alternator controls, or in switchyard controls. The risk is that grid power to the plant could be interrupted, forcing the plant onto generator power. Or perhaps, other plant might be degraded - non-critical water pumps or plant controls, could mean that under degraded conditions, the plant has less tolerance to a reactor accident.

    Realistically, unless you have schematics which detail the control systems in use, it is not possible to determine the severity of a particular attack. Further the interaction between different plant systems may be difficult to predict.

    Even if the only realistic target for a cyber attack is the switchyard, that is still highly disruptive and degrades the safety margin of the plant by removing grid power as an energy source.

  15. Re:Not going to mention the ongoing US cyberattack by Anonymous Coward · · Score: 0

    Highly doubtful that the US govt is behind NK going dark. What does it accomplish? This sounds more like Anonymous or another hacktivist group running a DDOS on NK's one ingress/egress point (lol).