Slashdot Mirror
Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk (securityledger.com)
chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."
That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?
Cyberpunk to counter Cyber attacks!
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Mechanical offline safeties wouldn't be a bad idea for a lot of things.
While controlled normally over the Internet, this are still pumps and other powerful motors.
As long as the power is on (either from the net or from a local backup), they can be operated manually and locally, or at least they should have that option. This way, in case of a cyber attack that somehow cripple the remote control rooms, of course we should go back to basics: send someone over who can pull the network cable, and manually press the "On" switch. The same you'd have to do if you keep old machines around (which normally also rely on electricity being available), but the difference is the need of maintaining two sets of machinery, one set of which is normally not used.
So why that second set of outdated machines? Costs a lot more to maintain than a manual override on the regular machinery.
'The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack'
Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks. I presume converged is a code-word for 'cloud'. And if the NSA hadn't acted to dilute security on the Internet, these networked devices wouldn't be so easy to attack.
âoeYou'll see things here that look odd, even antiquated to modern eyes, like phones with cords, awkward manual valves, computers that, well, barely deserve the name. It was all designed to operate against an enemy who could infiltrate and disrupt even the most basic computer systems. Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection.â
geek. lawyer.
If you install a fiber connection to it, and power it with a belt driven generator (driven by an electric motor sitting outside the cage), you can safely use it via remote terminal without compromising the integrity of the Faraday cage.
An EMP might take out the remote terminal and external motor, but everything inside will be fine. Since you still have a working belt-driven generator, you can use a lawnmower engine or something to drive the belt, and run your electronics even without a working power grid.
Winter or Cylons are coming. One of those.
Some drink at the fountain of knowledge. Others just gargle.
The base of any system security is not to rely on a monoculture. If all your systems run on Windows using the same hardware, software and firmware version which the creators have long abandoned.
Require that critical systems are modifiable by the end user and can be carried from platform to platform, it's the government after all, they can set the laws and reject any contract from entities that are either too large or don't want to adhere to basic rules of security and risk management.
Custom electronics and digital signage for your business: www.evcircuits.com
Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking, and hunt down criminal hackers around the world. Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.
Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Going back to the days of stepper relays and carbon-granule microphones would be very expensive, even as a backup-only system. Better to design hardened infrastructure and phase it in, along with duplication and surplus capacity.
Contribute to civilization: ari.aynrand.org/donate
Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks.
The problem is that almost everything today is "critical infrastructure". It's one thing to build a separate network for dams and nuclear power plants if you deem those as critical infrastructure. It's another if you deem our entire telecommunications system as critical infrastructure. Moving that to IP based systems is pretty unavoidable today.
Fast Federal Court and I.T.C. updates
If you want to prevent a wholesale shutdown of services by hackers then the best way to do that is to disconnect your most vital systems (water, electricity and transportation) from communications networks (the internet).
* The last reason (price) for not using solar+battery almost everywhere is fading fast and we should encourage the proliferation of isolated power systems. With the exception of exotic locations, only businesses should need to have access to the power grid.
* Depending on and funding combative nations to fuel our transportation has been foolish since day one, we need to switch to electric vehicles posthaste.
* Finally, we need to start changing our water systems into closed loop systems to conserve the water we can access to minimize external dependency because the climate is changing.
We have two choices: adapt or die.
Anons need not reply. Questions end with a question mark.
Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.
At this point it should be obvious that more & more critical infrastructure will be hooked up to networks, including the internet. Even if experts consider that dumb.
Conclusion: good advice won't help, what's needed is casualties. When a cyberattack takes out large parts of the power grid, or causes a chemical plant to blow up, and people actually DIE as a result, THEN maybe air-gapping will be looked at in a different light. Until then, prepare for cyberattacks to have worse & worse real life effects.
Legacy systems will quickly become obsolete, as their stagnating performance will make them useless for future computing and communication tasks. Sure you can have a working 300 baud modem, but what would you do with it on today's internet and industrial control systems? Servers will probably time out trying to deliver a web page through it. In the world where Moore's law reigns, retiring older technologies only makes sense.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
Our society cannot function on steampunk technology - if it did it would be a different society, no matter how alluring the aesthetic.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I remember watching Hackers for the first time back in the mid '90s, and my suspension of disbelief couldn't get past all the things depicted as being hooked up to the internet. Apparently, some other fuckers were watching it, and thinking it was a great idea.
Mark my words, Hollywood probably got killer robots right too - they're just wrong on the date.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
Seriously. I didn't know telecommunications networks use pneumatic pumps used to pump water. What function could they possibly have in a telecommunication network? Oh... Pneumatic pumps pump water as a hedge against global disruption resulting from a cyber attack on critical infrastructure. Pumps. What can't they do?
One good EMP will take down the copper connections quite nicely. But, then, the power to make the controls driven by the copper connections work will be as gone as that for the FIOS or other connections.
{^_^}
If critical infrastructure fallback systems are economically obsolete, it says a lot about the obsolescence of that economic system.
Telcos have been actively pushing residential customers off of copper wire and onto VOIP, and making ENORMOUS savings on their costs - but continuing to charge the rates that used to pay for copper landlines. The only savings to the customer is free long-distance, which costs practically nothing for the telcos to provide.
And yet, when the power goes out, so does my VOIP phone line, provided by the local telephone company. I've got a UPS to power the phone router, but apparently there isn't one at the telco switch. So when power goes out, so do the "landline" phones, AND the cell system (which is ALSO powered by the electric utility).
I really ought to buy a new HAM radio, since I used to be an ARES operator. Because in a widespread power outage. that might be the only communications link.
It depends mostly on the complexity. If I designed a toaster oven firmware you wouldn't be able to find someone who could hack it. Because I'd do formal verification and prove it to be correct, and it would be easy to do so since it is a simple system. But if you have a heterogeneous networked environment, then designing for security quickly spirals out of control. It's theoretically possible to create an unhackable system in a complex environment, but it may actually be impossible to prove it to be secure, which is kind of the point.
“Common sense is not so common.” — Voltaire
In this case, "critical" means "urban."
Densely populated cities rely quite a bit on automation, facilitated by modern communication networks. Urban areas have a high population density. They are designated critical because they have more people per square mile than Billings, Montana.
If you live in NYC or LA, please explain why Billings, MT should care if you drown in your own sewage because your WiFi is down.
Potato chips are a by-yourself food.
Of course not. What they want is to quit using an obviously insecure technology designed for entertainment and casual communication for command and control of critical infrastructure. Maybe the internet can actually be secured. But so far, all the signs seem to say that it can not be -- at least not any time soon.
Like the his faithful Indian companion Tonto used to ask the old Lone Ranger. "What now Kimosabe?"
At least, these guys have a plan of sorts. Leave the phone lines in place. The financial community's response to similar problems is to pretend the problems don't exist. Anyone want to bet on THAT ending well?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
If we're going to add in the additional cost of preserving and maintaining the old systems that the new systems replaced, isn't it better to just use the old systems and save money by totally ditching the new ones?
Don't disagree. But the phrase you're looking for is probably "adequacy of that economic system." The notion that maximizing efficiency/minimizing costs will produce the best of all possible worlds seems a bit suspect.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
That's what we're currently trying to do. Doesn't seem to be working all that well though.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Is this the best we can do? Rely on economically obsolete systems as a backup for cyberattacks?
Calling it 'economically obsolete' indicates that you've fallen for the propaganda of the voodoo economists whose 'live for today / profit is king' attitudes have already fucked us over so badly. There is nothing 'economically obsolete' about having that spare tire in your trunk, (and knowing how to change a tire), because it could save your ass in some nasty circumstances. It's incredibly old-school and seems almost quaint in this era of cell phones, auto clubs, and urban sprawl - and it costs the manufacturers money, and you might be able to put the space now occupied by it to good use. But do you really want to see it disappear?
If you're thinking it's 'technically obsolete', I agree. But then, we're back to economics. And the same voodoo economists who want to rip out the POTS infrastructure because it can fatten their bottom line, aren't about to install a vast, multi-homed, hardened-hardware, no-wireless-links, redundant fibre communication network that runs independently of the Internet. That would be WAY more expensive than maintaining copper and filling the gaps that have been ripped out in digital chunks.
As usual, the bean counters will win, and everyone, including them, will eventually lose as a result, because (short-term) profit.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Years ago, in my first job, I worked in a steel factory on control systems. They had a "gas plant" heated coal to extract coal gas for use elsewhere in the factory, which was a potentially hazardous environment, to put it politely. Despite the fire risk from the gas, they had to have electronic CO sensors for safety and to measure the gas quality, but those were designed to be safe in that environment. Beyond that, there were no electronics in the plant, nothing that could cause a spark. The control systems for the plant itself were all pneumatic, and were pretty amazing in retrospect. I'm talking full proportional (PID) control, not just on-off switching. You had pneumatic actuators which were like pneumatic transistors: a tiny pressure controlling a hefty valve that controlled large gas flows precisely.
(this is not a
Maybe the internet can actually be secured. But so far, all the signs seem to say that it can not be -- at least not any time soon
The Internet is pretty secure. The issues with unauthenticated updates to BGP were fixed a couple of years back and I don't remember anything major since then. The endpoints connected to the Internet are a very different matter, but unless you're advocating typewriters then they're largely unavoidable.
I am TheRaven on Soylent News
There's a thing, called a data diode... you have wild open internet on one side, and a safe network on the other.... data can only EXIT to the internet, and never enter... protected by the laws of physics themselves. You can monitor all you want, but never control, from the internet. These are the types of things we need to allow remote monitoring of stuff.
Yes, truly redundant systems should be kept in place... the FAA is phasing out a ton of VOR stations... but at least they've had the sense to keep a minimal network around (directly contradicting what I thought a few minute of googling ago).
I thought the DoD insisted that we keep the copper infrastructure in place as a fallback. Is that imperilled? Is that why they wanted MITRE (who work for them) to publish this?
What if you made a mistake in your proof and your formal verification is incorrect?
Hey, somebody could break into my den and use my typewriter to write ransom notes. Or they could steal my pen and use it to send out advertisements to oh, a dozen other people. Since my front door lock is a zwave device, they could even do this as part of a cyberattack.
This is only half kidding. From times ancient, computer security has been a tradeoff between the risks associated with any given level of security and the benefits obtained by operating at that level. You can run your computer wearing no clothes and having just passed through an x-ray machine and a 2 Tesla magnet, with dual isolation power inside a faraday cage itself inside a locked down secure facility that requires retinal scans and a realtime DNA match to allow you into the room followed by the correct entry of a 240 character random password to login, but you aren't going to get a lot of productive work done with no internet and an icy cold ass. Or you can run an ordinary laptop (like my Lenovo) with a reasonably secure OS (Fedora 25 on a fully encrypted SSD) with moderately aggressive network blocks on all ports but 22 for ssh, use only bidirectionally encrypted channels for all secure traffic, and avoid doing really stupid things (like downloading and running darkweb apps and content) and be pretty reasonably safe AND still be able to get a fair amount of work done when you aren't screwing around replying to things on /. :-) Is my system secure, truly secure? Hell no. But it is, as you say, "pretty secure" and it is STILL USEFUL.
Saving "copper" doesn't even make sense from a security point of view. There is nothing special about copper vs fiber or radio. And what do they mean? Twisted pair? Cat 5 ethernet? Time-Warner (sorry, "Spectrum") coax cable? Uh huh. They mean cable, not twisted pair, not phone lines.
This sounds like legislative rescue for TWCpectum, probably in response to whining about the demise of their near-monopoly on "copper" as fiber ripples through the world replacing the copper with something faster and much, much cheaper.
I don't even understand what they could be asserting regarding the security of "copper" vs alternatives. Copper, fiber, radio all carry encoded signals. Radio is by far the least secure as a transmission medium, with the signal openly available to everybody in range. Copper is easy to tap, and can often be tapped without even breaking the physical medium with an actual insertion via short range near field transducers. Fiber is actually the most difficult to tap, and is the most likely medium to have detectable artifacts from tapping. Intermediate hardware ALL is pretty much equally hackable, although again fiber probably wins the signal reamplification game as one doesn't have to read, then rewrite, every packet to boost fiber signals, where most wire repeaters do, and hence are hackable. And when we get to the network itself, the routers and major switching stations, the core stuff is usually professionally managed and "probably" pretty secure, the end stage stuff (cable modems, WAPs, etc) is probably vulnerable as hell but irrelevantly so as long as you use only secure point to point channels for work, and the BIGGEST vulnerability, proven over and over, is the operating system and applications on your actual computer or personal digital device.
I'm sure that there are official lists somewhere, but my impression after doing this stuff for many decades is that if you run Windows (almost any version, although by the end XP wasn't horribly insecure if you avoided e.g. explorer and outlook) then whether your network is "copper" or "fiber" or "radio" is almost completely irrelevant to your total risk. If you run IOS you are "pretty secure". If you run most versions of Linux and don't do really stupid things you are "prettier securer". If you run any of these -- even Windows -- and know what you are doing, you can boost "prettier securer" to as close as you like to "prettiest securest", completely independent of the networ
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
I expect we will see more and more of the approach taken by some medical devices, where the software (vulnerable) controls are limited by analog failsafes in the machinery. Due in part to the Therac-25 incident. "Just airgap it" is an inadequate solution in many cases, or even more expensive than maintaining analog backups.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
I'd just have to relearn how to set IRQ's, comm ports, AT commands...but I'd get the joy of hearing that modem sound again.
I'm pretty sure copper meant anologue twisted pair, and was meant as a stand in for "80s and before tech "
The pneumatic tubes I took to mean mechanical switches, rather than wires and computers to switches. For example the NYC subway still has pneumatic controls in points.
I don't see any advantage to direct dial and modems vs the internet though. A firewall can do the same thing.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
What they want is to quit using an obviously insecure technology designed for entertainment and casual communication for command and control of critical infrastructure.
You have that backwards. The Internet was originally designed for command and control of critical (military) infrastructure. One of the core design goals was that it be able to survive nuclear war, which it does by supporting multiple paths for data, with automatic re-routing. We repurposed this military design first for education and then later for business and entertainment, and now for nearly everything.
Maybe the internet can actually be secured. But so far, all the signs seem to say that it can not be -- at least not any time soon.
Nonsense. The Internet is quite secure. But to make that statement mean anything we have to define what "secure" means in this context. What it means in this case is that the Internet delivers packets from point A to point B with high reliability, and that it's infeasible to cause large scale misrouting or packet loss. It does that extremely well. It's not terribly difficult to disrupt specific links in the vast network, but that only affects the nodes serviced by the affected link -- and then only if the nodes don't have any redundant connectivity.
Now, the endpoints, those we clearly are not very good at securing. But that's not the Internet's fault. This isn't just semantics, either. When you distinguish the connectivity fabric from the endpoints, it makes the risks much clearer. The problem isn't that the Internet is in any way insecure or defective, the problem is that people are connecting insecure nodes that manage critical infrastructure to this globally-accessible network. I may be sitting in a Starbucks in Moscow, and attacking a power delivery substation in New York City. The Internet will be faithfully doing its job of delivering my packets to the substation and the substation's responses back to me. The computer controlling the substation, on the other hand, may not be doing it's job of properly authenticating the commands given to it.
So... how does retaining analog copper help? At all? It's not like the power company can use that copper to manage the substation. It's not like the existence of that copper does anything to make the fact that I can ping the insecure substation from Moscow any less problematic. It's useless. What might be useful is to put critical infrastructure on separate networks, but there's no reason to use old analog technology for that. And I said "might" not "would" in that last sentence very deliberately, because it's not at all clear that the flexibility gained and money saved by using the Internet rather than a separate network isn't worth the risk. Real-world security is all about cost/benefit analyses, not because bean counters say so, but because there are real societal benefits associated with openness, alongside the risks.
It's remotely possible that a large EMP burst would take out the Internet, because modern electronics, including all of the endpoints and the routers, are extremely sensitive to EMP. In that event, having the old copper network in place might be useful, if we also have EMP-resilient devices to connect to it, meaning old-style analog telephones and telephone switches. But those are long gone. If that's the goal, we can't "keep" that infrastructure, we have to rebuild that infrastructure. And, if we're going to plow the billions into it, we'd be better served putting those billions into EMP-hardening the core routing infrastructure (luckily, most of the network is optical fiber, already EMP-oblivious, excepting the repeaters), and ensuring that critical emergency services, etc., have EMP-hardened endpoint devices.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Actually not. ARPAnet was designed to tie a few dozen facilities doing government research together using a packet switching network and allow them to communicate via a common protocol (TCP/IP). The notion that one would use a publically accessible packet switching network for military command and control would have been instantly rejected back then. (And, one would hope still would be today).
See http://www.nethistory.info/His...
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Direct dial? What is this direct dial of which you speak? Next think you know, you'll be talking about cradles for old-timey phones in black bakelite and 300 baud, and I'll have to run screaming from the room before the word "teletype" is uttered...
Pardon me, my goose-quill pen is almost dry and my inkwell was emptied by a passing goat. I'll be right back.
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
I stand corrected, in part. My core point, however, was that the Internet was not "designed for entertainment and casual communication". And the rest of my argument holds, that the Internet does what it does very well and is in no way "insecure".
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Kevin Costner and Jeanne Tripplehorn, on the double!
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
... because the current one is trashed out.
Once business got their fucking tentacles snaking across the infrastructure, shit went downhill.
Tor is a failed attempt, but it's a good try.
It little behooves the best of us to comment on the rest of us.
the worst crime is converting nuke power plants from electro mechanical protective relays to easily hackable microprocessor based electronic relays like the GE Multilins. I installed Multilins in a missile defense power plant and had to call the FBI with a warning "do not connect Multilins to the internet". The stupid military didn't care.. Caveat emptor.
Then your house burns down, sorry.
“Common sense is not so common.” — Voltaire
The system is secure as long as you don't have physical access to my toaster.
Obviously you can plug it into the wrong voltage (110? 220?), or stuff it full of newspapers and cause all sorts of havoc.
And the manufacture may have built it out of spec, and left out the water sensor that prevents you from killing yourself with a toaster in the bathtub.
“Common sense is not so common.” — Voltaire
existing equipment is basically being kept alive by cannibalizing the unused machines installed in the 1990s for spare cards. there are no analog phones being made any more, it's all chip on board stuff, the 5xx series type of phones are almost 40 years past production.
if this is supposed to be a new economy, how come they still want my old fashioned money?