It is trivial to make a "one way, unhackable" ethernet connection to export data to a unsafe network device.
you have a machine on the SCADA network with TWO network cards. One connects to another PC on the insecure network via an ethernet cable with ONLY the TX wires connected. no RX lines. set both to a static IP and then UDP broadcast your information from the secure PC to the insecure one.
There is no hacker or security expert on this planet that can hack that connection and gain access to the SCADA system. Unless they found a way around physics or can teleport things with their mind.
The problem is most places refuse to hire educated IT staff with experience in security. They want low cost MCSE holders that can barely do their job at the lowest cost possible.
If updates to SCADA software are needed, "most are not in reality" you use write once media such as a DVD or BluRay created on a machine that has nothing to do with the SCADA system and based on an OS that is drastically different to further reduce the chances of homogenous OS infection vectors. If it's important, then the files are inspected byte by byte on a security computer designed to look for infections and injection. then after full and careful inspection you apply the updates.
THIS is how you run a critical system SCADA network. and 99% of them out there are not ran this way as the people in charge of it have zero education in security let alone networking and IT.
Almost ALL of us that have had to deal with SCADA knew this was possible. Most of the time because incredibly stupid managers DEMAND the systems be accessible from the internet.
SCADA systems need to be airgapped completely from any network other than their own. Boo Hoo to the company that needs to buy a second set of computers for the employees to get email on. the SCADA computers are to be used ONLY for SCADA systems.
100% of the security failures lie at the feet of the managers of these facilities. Until we start beating them with sacks of doorknobs nothing will change. and yes, the SCADA infection via usb drives are the fault of management. allowing the use of USB or any other device that has not been secured and low level formatted before use on a known clean machine is the fault of management.
All USB ports should be disconnected or physically inaccessible via lock and key to users.
If they were smart they would have a large resivoir built to hold several million gallons. use the excess energy to pump water up to fill the resivoir. Then you can simply store that water for a very long time until a surge demand is needed, then run the water back through turbines to generate power when it is needed.
Well the EPA does what it can to make sure the poor cant heat themselves here in the USA. Wood stoves are currently under battle as polluters. Even though the Rocket mass heater burns so completely that very little comes out of the chimney.
IF you outlaw heating systems that people can gather the fuel themselves for, you lock them into more of a slavery system.
Here in the USA they would start talking about how the poor poor billionaires that own these power companies need government bailouts because of falling electricity prices.
Oh woe is the Robber Baron, for his massive fortunes are not growing fast enough. We the people must help this poor destitute billionaire..
Another american car maker off my list of ever buying again.
There is no legitimate reason to have a GPS in my car unless I specifically paid for it as a part of the navigation package or the "on Star" package. Putting one there without my consent is criminal behavoir.
Yes I have tons of friends that have retired either because they took bullets, lost legs, or were lucky and mustered out. Vets are not american soldiers, they are vets. They will shoot officers, they have a healthy hate for the military and have seen the evil first hand and do not want to be a part of it anymore.
Active duty, specifically fresh ones will go and kill your family in your home if told to by their commanding officer.
Yes sir, right away sir, kill the children too sir?
Ubuntu runs FANTASTICALLY on that "out of date" hardware.
I have a couple of 24" iMac's that are the bit white plastic variety that utterly scream running linux. It's still fantastic hardware, s oyou can use a different OS on it to keep it in service. Makes an awesome Kitchen PC.
"They'd sooner go AWOL than murder their own families, or anyone else's. Do robots suffer from that sort of compassionate episode?"
would they do that for strangers? They took an OATH to protect the American people. Will they disobey an order or put a bullet through their commanders head to protect American citizens? The military beats the ability to go against order out of new recruits. That's what Boot camp is for.
Most will not, and your brothers will not be deployed near their family, for it is a LOT easier to kill strangers and believe you are doing it to protect your family.
We had to round up all these Japanese Americans for their own safety and the safety of America.... Our country has a history of violating the rights of the citizens when it's convenient and nobody holding the guns will question it.
Looking from the inside in, it doesnt look like it either. The rich refuse to give anything to the poor, and in fact the rich are hell bent on trying to make sure the poor can not afford any health care.
The people in charge here and our rich are some of the most horrible people on the planet. While our poor and upper poor (used to be called middle class, we dont have that anymore) are some of the most caring around. I have seen a lot of people that have barely anything give what they have to spare to others that need it.
"Americans don't seem to think that non-Americans are people, therefore not deserving of rights"
The education level of other countries seems to be incredibly low, as it seems you people can not distinguish between our government and the people. Should I simply apply everything your government believes in directly to you then? Because that is exactly what you are doing to me.
By being narrow and simple minded you lose the respect of others.
None of the homing torpedoes in WW-II worked. None of them. Hell until late in the war 90% of our torpedoes were duds because we could not get a working proximity fuse.
I have rebuilt 4 Mark 16 WW-II/ Korean War torpedoes off of the USS Silversides and No homing at all in them 100% mechanical except for the proximity fuse. They can be set for straight or a pattern run only.
What I find entertaining is the Naive thinking these will be used in the theater of war. They want to use these in the American cities. We have the bogeyman of "terrorisim" for the people to be distracted from the problem of urban terrorists we have had for centuries here and getting worse. Street gangs are nothing more than domestic terrorists and the governmnet refuses to do anything at all about them. The police are afraid of them. So they run rampant in places like Chicago, NYC and they pretty much own Detroit.
Smaller town are starting to have problems with them as well as they are spreading like a cancer across the land.
"how do you know that smart weapons won't result in fewer deaths, and fewer deaths of non-combatants?" We dont need smart weapons for that. All we need is someone to deem that everyone that died in the attack was a combatant.
Once you gain actual access the game is over. IF you have a Domain controller and have some real restrictions in place, then things get a bit harder for the attacker with a compromised login. But the added security only really comes from the PDC and the domain environment. Local security hive is still pretty easy (for an attacker) to circumvent when you have direct user access.
Well the fact that you would have had to install this old outdated style font in order to trigger this.. Yes it is still secure. It can be used once you have a user login compromised, but windows is a freaking open book once that threshold is crossed.
My keys to the universe are printed on a piece of paper in the safe. Take the key to the safe open the safe grab the red envelope that has printed on it in big letters "PASSWORDS" and go from there. I update it monthly.
And it's not just for me, If I get splatted by some moron in a SUV texting his BFF my wife has access to everything without having to go through nasty messes that companys put in the way for a widow to gain access to her husbands accounts.
Not Cost.
Profit.
Please do not confuse the two as Profit has a higher driving force than Cost does.
It is trivial to make a "one way, unhackable" ethernet connection to export data to a unsafe network device.
you have a machine on the SCADA network with TWO network cards. One connects to another PC on the insecure network via an ethernet cable with ONLY the TX wires connected. no RX lines. set both to a static IP and then UDP broadcast your information from the secure PC to the insecure one.
There is no hacker or security expert on this planet that can hack that connection and gain access to the SCADA system. Unless they found a way around physics or can teleport things with their mind.
http://www.stearns.org/doc/one-way-ethernet-cable.html
The problem is most places refuse to hire educated IT staff with experience in security. They want low cost MCSE holders that can barely do their job at the lowest cost possible.
If updates to SCADA software are needed, "most are not in reality" you use write once media such as a DVD or BluRay created on a machine that has nothing to do with the SCADA system and based on an OS that is drastically different to further reduce the chances of homogenous OS infection vectors. If it's important, then the files are inspected byte by byte on a security computer designed to look for infections and injection. then after full and careful inspection you apply the updates.
THIS is how you run a critical system SCADA network. and 99% of them out there are not ran this way as the people in charge of it have zero education in security let alone networking and IT.
It's because they hire management that are dumb as boxes of rocks or a small salad bar. Educated managers are not wanted, only ones that can schmooze.
Almost ALL of us that have had to deal with SCADA knew this was possible. Most of the time because incredibly stupid managers DEMAND the systems be accessible from the internet.
SCADA systems need to be airgapped completely from any network other than their own. Boo Hoo to the company that needs to buy a second set of computers for the employees to get email on. the SCADA computers are to be used ONLY for SCADA systems.
100% of the security failures lie at the feet of the managers of these facilities. Until we start beating them with sacks of doorknobs nothing will change. and yes, the SCADA infection via usb drives are the fault of management. allowing the use of USB or any other device that has not been secured and low level formatted before use on a known clean machine is the fault of management.
All USB ports should be disconnected or physically inaccessible via lock and key to users.
Running a email server is NOT cheap. so still use gmail but with your own domain. Low cost and you get the absolute best spam filtering on the planet.
If they were smart they would have a large resivoir built to hold several million gallons. use the excess energy to pump water up to fill the resivoir. Then you can simply store that water for a very long time until a surge demand is needed, then run the water back through turbines to generate power when it is needed.
At least that is how we do it here in the USA.
http://en.wikipedia.org/wiki/Ludington_Pumped_Storage_Power_Plant
Well the EPA does what it can to make sure the poor cant heat themselves here in the USA. Wood stoves are currently under battle as polluters. Even though the Rocket mass heater burns so completely that very little comes out of the chimney.
IF you outlaw heating systems that people can gather the fuel themselves for, you lock them into more of a slavery system.
They based this off of American laws. we NEVER have utility price drops.
Here in the USA they would start talking about how the poor poor billionaires that own these power companies need government bailouts because of falling electricity prices.
Oh woe is the Robber Baron, for his massive fortunes are not growing fast enough. We the people must help this poor destitute billionaire..
Another american car maker off my list of ever buying again.
There is no legitimate reason to have a GPS in my car unless I specifically paid for it as a part of the navigation package or the "on Star" package. Putting one there without my consent is criminal behavoir.
Ford's CEO is a dirty criminal.
Yes I have tons of friends that have retired either because they took bullets, lost legs, or were lucky and mustered out. Vets are not american soldiers, they are vets. They will shoot officers, they have a healthy hate for the military and have seen the evil first hand and do not want to be a part of it anymore.
Active duty, specifically fresh ones will go and kill your family in your home if told to by their commanding officer.
Yes sir, right away sir, kill the children too sir?
Ubuntu runs FANTASTICALLY on that "out of date" hardware.
I have a couple of 24" iMac's that are the bit white plastic variety that utterly scream running linux. It's still fantastic hardware, s oyou can use a different OS on it to keep it in service. Makes an awesome Kitchen PC.
"They'd sooner go AWOL than murder their own families, or anyone else's. Do robots suffer from that sort of compassionate episode?"
would they do that for strangers? They took an OATH to protect the American people. Will they disobey an order or put a bullet through their commanders head to protect American citizens? The military beats the ability to go against order out of new recruits. That's what Boot camp is for.
Most will not, and your brothers will not be deployed near their family, for it is a LOT easier to kill strangers and believe you are doing it to protect your family.
We had to round up all these Japanese Americans for their own safety and the safety of America.... Our country has a history of violating the rights of the citizens when it's convenient and nobody holding the guns will question it.
Hence why a lot of the lesser educated Americans believe all Muslims are terrorists.
Every country has it's nationalism turned up to 11. Great Britian, Germany, France, Spain, Iran, China, etc... Please show me a humble country.
Looking from the inside in, it doesnt look like it either. The rich refuse to give anything to the poor, and in fact the rich are hell bent on trying to make sure the poor can not afford any health care.
The people in charge here and our rich are some of the most horrible people on the planet. While our poor and upper poor (used to be called middle class, we dont have that anymore) are some of the most caring around. I have seen a lot of people that have barely anything give what they have to spare to others that need it.
"Americans don't seem to think that non-Americans are people, therefore not deserving of rights"
The education level of other countries seems to be incredibly low, as it seems you people can not distinguish between our government and the people. Should I simply apply everything your government believes in directly to you then? Because that is exactly what you are doing to me.
By being narrow and simple minded you lose the respect of others.
None of the homing torpedoes in WW-II worked. None of them. Hell until late in the war 90% of our torpedoes were duds because we could not get a working proximity fuse.
I have rebuilt 4 Mark 16 WW-II/ Korean War torpedoes off of the USS Silversides and No homing at all in them 100% mechanical except for the proximity fuse. They can be set for straight or a pattern run only.
No. Windows for Warbots....
and it will have a red screen of death.
What I find entertaining is the Naive thinking these will be used in the theater of war.
They want to use these in the American cities. We have the bogeyman of "terrorisim" for the people to be distracted from the problem of urban terrorists we have had for centuries here and getting worse. Street gangs are nothing more than domestic terrorists and the governmnet refuses to do anything at all about them. The police are afraid of them. So they run rampant in places like Chicago, NYC and they pretty much own Detroit.
Smaller town are starting to have problems with them as well as they are spreading like a cancer across the land.
"how do you know that smart weapons won't result in fewer deaths, and fewer deaths of non-combatants?"
We dont need smart weapons for that. All we need is someone to deem that everyone that died in the attack was a combatant.
It seems to work well for the government so far.
no not skynet, not yet. More like ED209
Put the weapon on the ground, you have 30 seconds to comply.....
The only way we can save Detroit is to help foster the creation of OCP.
Once you gain actual access the game is over. IF you have a Domain controller and have some real restrictions in place, then things get a bit harder for the attacker with a compromised login. But the added security only really comes from the PDC and the domain environment. Local security hive is still pretty easy (for an attacker) to circumvent when you have direct user access.
Well the fact that you would have had to install this old outdated style font in order to trigger this.. Yes it is still secure. It can be used once you have a user login compromised, but windows is a freaking open book once that threshold is crossed.
My keys to the universe are printed on a piece of paper in the safe. Take the key to the safe open the safe grab the red envelope that has printed on it in big letters "PASSWORDS" and go from there. I update it monthly.
And it's not just for me, If I get splatted by some moron in a SUV texting his BFF my wife has access to everything without having to go through nasty messes that companys put in the way for a widow to gain access to her husbands accounts.
This explains a lot,
Guys leave this guy alone... He is "special" and he can not actually understand complex things like "puters" or "english"