I work for a government lab that tests this very type of thing, performing in house assessments on SCADA systems, in plant assessments and we play with what if scenarios, and all I can add knowing what I know and having seen what I have seen is that it is a miracle that there has not been a major SCADA cyber event.
is there a data historian in your SCADA system? Does it use some type of master-slave setup to replicate data into the corporate environment so that the bean counters can verify efficiency, production, or whatever metric they want to look at? Do you have RTUs or PLCs with unsecured dial in access? Is there wifi on the plant floor? Does your HMI use a web based help system?
There are 2,000 zeta joules of readily available energy, enough to meet the demands of the entire world for the next several millennia if we are willing to invest a little in the technology and infrastructure. See http://geothermal.inl.gov/publications/future_of_g eothermal_energy.pdf
The worst part of global warming is the impact that climate change is having on sensitive species such as the Pacific Northwest Tree Octopus. http://zapatopi.net/treeoctopus/ Get involved and help protect this rare species!
Ice samples taken by Dr. Richard Alley and described in his book the Two Mile Time Machine show changes of 5 deg celsius in a period of a few years. Why we think that this warming trend is unprecedented in the face of good evidence otherwise is amusing. Dr. Alley proposes that our current stable period of relatively stable climate is actually the anomaly. An interesting idea and worthy of reading.
Is kinda like:
Golstaff: I wanna cast...Magic Missile.
Cheeto: The room where he's casting all these spells from.
DM: He hasn't cast anything yet.
Golstaff: I am though, if you'd listen. I'm casting...Magic Missile.
DM: Why are casting Magic Missile? There's nothing to attack here.
Golstaff: I...I'm attacking the INTERNET!
[[[laughter from Cheeto and DM]]]
DM: Fine, fine, you attack the INTERNET.
there is no job security in the game indistry. Period. Top talent is laid of with impunity at the end of development cycles. I worked under a really great lead programmer who has an incredible work ethic, is very talented, and who would work 100+ hours every week to make sure we didn't slip our milestones. He has numerous credits on top titles. Last I heard he was laid off by Lucas Arts (him and the majority of the project's team) after putting in blood sweat and tears to see the project to completion.
You are disposable in the games industry. there is no job security.
you would rather be a consultant. At least then you are paid by the hour. 80 hour weeks for 6 months at a time while death marching to an unrealistic gold date is no fun. When I was putting in 100+ hour weeks at a now defunct game company I calculated I could make more money on a per hour basis by being a manager trainee at McDonalds.
Yes, the benefits were good.......... but nowhere near the compensation for the long hours.
Mestre Bimba ele morreu Mestre Bimba ele morreu Mestre Bimba ele morreu mas no coração do povo ele nunca faleceu deus te ponha em bom lugar esse homem varonil que deixou a capoeira para o povo do brasil meu senhor amigo meu meu senhor amigo meu me contou uma história capoeira hoje em dia é a arte é a glória, camará iê viva meu mestre Iê viva meu mestre, camarà iê quem me ensinou Iê quem me ensinou, camarà iê a malandragem Iê a malandragem, camarà iê da capoeira Iê da capoeira, camarà iê vamos embora Iê vamos embora, camarà
For the data historians session hijacking may be possible. Depending on configurations the SQL dtabase can be used as a file transfer mechanism to bootstrap a rootkit through the firewall. This is dependant on configuration. A properly configured DB with encryption and a limited set of registered commands can mitigate this, but a poorly configured historian allow the session to be hijacked after authentication. If the comand set that the historian is allowed to send back too the SCADA LAN is not limited then most SQL applications allow the creation of table that can be filled with a binary. So you can hijack the session and use standard SQL calls to transfer the rootkit, register a function. Use the function to unpack the binary...... and away you go.
Yes there are many many systems and many vendors. We have played with about a dozen. After establishing a foot hold on the SCADA lan (where possible) it take about a week to two weeks to reverse engineer the communication protocols to the actual end point devices. So far we have been able to reverse engineer every protocol we have encountered to the point where we can force the endpoints, ie force pumps on and off, force breakers to trip, etc, while spoofing the HMI so that the operator is not aware of what is going on. As the hardware in the endpoints is generally rather old and or slow there is no authentication going on. They do not have the horsepower to run encryption. So in our experience hacking the protocol and hijacking the session (once on the SCADA lan) is very successful. The only time we have been unable to force endpoints is when they are on serial coms instead of ethernet TCP communications.
The buffer overflowes then come when we start examining the various servers and worksations on the SCADA LAN and reverse engineering the binaries. This then allows us to root the various systems and so is another threat outside of the protocl monkeying that is possible.
As mitigation is possible for most attack vectors, a well lthought out and implemented defense posture will limit exposure. But there is something to think about.
If an group of baddies wants to bring down a specific target they can do some data gathering/social engineering/web searching and find out the flavor of SCADA system that the target is running. Then purchase the system and reverse engineer it. Go do a search for PLCs on ebay and see what you find.
Also, do the HMIs on the SCADA lans use web based help systems? Are the HMI able to receive e-mail? Both situations expose the SCADA LAN to client side exploits. Are the vendors able to connect to the SCADA lan through a VPN? Again another attack vector. Are the RTUs and other dial up hooked to live lines?
You mentioned that you have configured historians for power plants.... from which I will aussume you work in the power industry. Your company may have an incredible security posture..... but you have to consider this. What is the posture of all your neighboring companies with whom your SCADA LAN shares ICCP connections?
SCADA and digital control systems of critical infrastructure such as power (electrical grid), oil and gas distribution, water, sewer, telecommunications and most manufacturing processes are connected through firewalls to corporate LANs so that the metrics of the SCADA network can be monitored. Other routes to the SCADA systems exist so that the hardware/software vendors of the control system can perform patches and maintenance. Help systems on many SCADA networks use web based help which is vulnerable to client side browser attacks.
Corporate LANS are defiantly accessible to hackers. A knowledgeable hacker (who knows what tell tells to look for) will be able to identify SCADA networks and attack vectors after gaining a foothold on a corporate LAN.
As part of a team that performs pen testing on vendor systems and on in the field critical infra-structure (for a national lab) we have yet to encounter a SCADA network that did not have access to the corporate LAN. We have reversed engineered many of the communication protocols, and found buffer overflows and other exploits in the majority of the systems that we have tested. Though we are told that only one way communication exist between data stores on SCADA sub nets and the corporate LAN anyone who understands TCP communications knows that it is a two way protocol.
Attacks do not necessarily need to originate from the "internet" as Many field RTUs have non-authenticating dial up enabled, and can be found through intelligent war dialing.
As every nation state in the world has access to the same SCADA hardware and software, it is not beyond reckoning that they and well funded terrorist organizations are pursuing attack techniques against the systems the control all of the power grid, telecom systems etc. They need but purchase a system, study the standard installations, code base and protocols and find the exploits. The financial impact from a well executed cyber attack could be in the billions of dollars.
Yes they are on the internet kind of. They are on SCADA networks that are connected to corporate networks (through a firewall) so that the bean counters can maximize productivity...... General configurations include data stores with linkages through the firewalls, vendors that require some type of access to the SCADA systems and servers to perform maintenance and patching, and online help systems on the SCADA systems that use web based help systems (located on critical systems) that can call out to vendors sites, and basically any other wbe site.
As a new IE exploit is out in the wild it is not hard to imagine that critical systems can become infected from client side attacks. A hacker has to get past (in general) two firewalls, then yes the critical systems are acesseble via the internet. As most attacks these days use a combination of social engineering/ client side attacks against the corporate LAN getting a foothold behind the first firewall is not too difficult.
Basically power, oil distribution, water, sewer, gas piplines, communication systems, and most manufacturing processes use SCADA or digitsal control systems that in some way are connected to the internet.
I am currently on a team at a DOE lab that has 20 very good researchers who spend all their time and energy hacking SCADA systems and performing pen testing of various vendor products and pen testing in production control systems at a lot of utilities.
We have not performed and on site assesment in which we have not found access to the SCADA system (eventually) through an external internet connection.
Thats not the half of it...... most of the RTU out in the world have unsecured dial up access......
So the threat of cyberterrorism is very real. Economic impact from a well directed cyber attack could exceed billions of dolars.
radioactive decay means that you never completely run out of an element from natural decay, merely that at the end of an half life you have 50% less of the substance....
So at the end of the first half life you have 50%, at the 2nd 25%, 3rd 12.5%, 4th 6.25% etc etc. You will always have some remainder of the element.
So even if an element has a 1 year half life it does not just disappear... you merely have 50% less than the previous year.
Half life means that 50% of the mass of the radioactive element decays in the time span. So after 4.5 billion years there is 50% less u-238 by mass than there was 4.5 billion years ago.
It isn't all gone, nor can it ever be......... as the mass always reduce by 50%. That is why it is called "half life."
Duh exactly, as in you must not understand what "half life" means. It means that 50% of a given mass decays.... not the whole things..... so there is 50% less u-238 on the planet after 4.5 billion years. It all doesn't just turn into cold leftovers.
Would you want the newest and most experimental nuclear research facility in your neighborhood?
In a heartbeat...... then again I live in the area of, and work for the principle nuclear power research center in the US. I can spit and hit the first "city" powered by atomic energy on the planet.
The new Gen IV reactors that the US is developing are slated to be built here.
Now a $$ 10 billion fusion project..... just think of the boon to the local economy.
and here I'd though we had gone to gold years ago with the release of Adam 1.0...... they must have been debugging some of the problems with associated Eve software for all of these last few millenia.
Didn't misremember..... spelled it that way intentionally in reference to the foop of the Krikkit warship and because it is one of my favorite spoonerisms.
"Mostly Harmelss". I thought it a little strange after sparing Earth and Arthur for four book he finaly decides to knock off the whole crew in one swell foop.
It has been several years since I last programmed in Lisp. At the time there were few tools that would indicate how/where parenthesis balanced (and no integrated IDEs) making long lisp statements rather cumbersome to parse by hand. Writing Lisp programs in pico brings back some old memories.
Lisp does do some task rather elegantly, simplifying implementation and coding of some tasks. I still prefer other languages for most tasks.
Slashdot Mirror
I work for a government lab that tests this very type of thing, performing in house assessments on SCADA systems, in plant assessments and we play with what if scenarios, and all I can add knowing what I know and having seen what I have seen is that it is a miracle that there has not been a major SCADA cyber event.
is there a data historian in your SCADA system? Does it use some type of master-slave setup to replicate data into the corporate environment so that the bean counters can verify efficiency, production, or whatever metric they want to look at? Do you have RTUs or PLCs with unsecured dial in access? Is there wifi on the plant floor? Does your HMI use a web based help system?
There are 2,000 zeta joules of readily available energy, enough to meet the demands of the entire world for the next several millennia if we are willing to invest a little in the technology and infrastructure. See http://geothermal.inl.gov/publications/future_of_g eothermal_energy.pdf
The worst part of global warming is the impact that climate change is having on sensitive species such as the Pacific Northwest Tree Octopus. http://zapatopi.net/treeoctopus/ Get involved and help protect this rare species!
Ice samples taken by Dr. Richard Alley and described in his book the Two Mile Time Machine show changes of 5 deg celsius in a period of a few years. Why we think that this warming trend is unprecedented in the face of good evidence otherwise is amusing. Dr. Alley proposes that our current stable period of relatively stable climate is actually the anomaly. An interesting idea and worthy of reading.
Is kinda like:
Golstaff: I wanna cast...Magic Missile.
Cheeto: The room where he's casting all these spells from.
DM: He hasn't cast anything yet.
Golstaff: I am though, if you'd listen. I'm casting...Magic Missile.
DM: Why are casting Magic Missile? There's nothing to attack here.
Golstaff: I...I'm attacking the INTERNET!
[[[laughter from Cheeto and DM]]]
DM: Fine, fine, you attack the INTERNET.
we have a federal republic.
Does this mean that 30% of the total volume of the ocean is sharks? Damn that is pretty scary.
Maybe it is by weight........
there is no job security in the game indistry. Period. Top talent is laid of with impunity at the end of development cycles. I worked under a really great lead programmer who has an incredible work ethic, is very talented, and who would work 100+ hours every week to make sure we didn't slip our milestones. He has numerous credits on top titles. Last I heard he was laid off by Lucas Arts (him and the majority of the project's team) after putting in blood sweat and tears to see the project to completion.
You are disposable in the games industry. there is no job security.
you would rather be a consultant. At least then you are paid by the hour. 80 hour weeks for 6 months at a time while death marching to an unrealistic gold date is no fun. When I was putting in 100+ hour weeks at a now defunct game company I calculated I could make more money on a per hour basis by being a manager trainee at McDonalds.
Yes, the benefits were good.......... but nowhere near the compensation for the long hours.
they spell it brasileiros.............
Mestre Bimba ele morreu
Mestre Bimba ele morreu
Mestre Bimba ele morreu
mas no coração do povo
ele nunca faleceu
deus te ponha em bom lugar
esse homem varonil
que deixou a capoeira
para o povo do brasil
meu senhor amigo meu
meu senhor amigo meu
me contou uma história
capoeira hoje em dia
é a arte é a glória, camará
iê viva meu mestre
Iê viva meu mestre, camarà
iê quem me ensinou
Iê quem me ensinou, camarà
iê a malandragem
Iê a malandragem, camarà
iê da capoeira
Iê da capoeira, camarà
iê vamos embora
Iê vamos embora, camarà
For the data historians session hijacking may be possible. Depending on configurations the SQL dtabase can be used as a file transfer mechanism to bootstrap a rootkit through the firewall. This is dependant on configuration. A properly configured DB with encryption and a limited set of registered commands can mitigate this, but a poorly configured historian allow the session to be hijacked after authentication. If the comand set that the historian is allowed to send back too the SCADA LAN is not limited then most SQL applications allow the creation of table that can be filled with a binary. So you can hijack the session and use standard SQL calls to transfer the rootkit, register a function. Use the function to unpack the binary...... and away you go.
Yes there are many many systems and many vendors. We have played with about a dozen. After establishing a foot hold on the SCADA lan (where possible) it take about a week to two weeks to reverse engineer the communication protocols to the actual end point devices. So far we have been able to reverse engineer every protocol we have encountered to the point where we can force the endpoints, ie force pumps on and off, force breakers to trip, etc, while spoofing the HMI so that the operator is not aware of what is going on. As the hardware in the endpoints is generally rather old and or slow there is no authentication going on. They do not have the horsepower to run encryption. So in our experience hacking the protocol and hijacking the session (once on the SCADA lan) is very successful. The only time we have been unable to force endpoints is when they are on serial coms instead of ethernet TCP communications.
The buffer overflowes then come when we start examining the various servers and worksations on the SCADA LAN and reverse engineering the binaries. This then allows us to root the various systems and so is another threat outside of the protocl monkeying that is possible.
As mitigation is possible for most attack vectors, a well lthought out and implemented defense posture will limit exposure. But there is something to think about.
If an group of baddies wants to bring down a specific target they can do some data gathering/social engineering/web searching and find out the flavor of SCADA system that the target is running. Then purchase the system and reverse engineer it. Go do a search for PLCs on ebay and see what you find.
Also, do the HMIs on the SCADA lans use web based help systems? Are the HMI able to receive e-mail? Both situations expose the SCADA LAN to client side exploits. Are the vendors able to connect to the SCADA lan through a VPN? Again another attack vector. Are the RTUs and other dial up hooked to live lines?
You mentioned that you have configured historians for power plants.... from which I will aussume you work in the power industry. Your company may have an incredible security posture..... but you have to consider this. What is the posture of all your neighboring companies with whom your SCADA LAN shares ICCP connections?
SCADA and digital control systems of critical infrastructure such as power (electrical grid), oil and gas distribution, water, sewer, telecommunications and most manufacturing processes are connected through firewalls to corporate LANs so that the metrics of the SCADA network can be monitored. Other routes to the SCADA systems exist so that the hardware/software vendors of the control system can perform patches and maintenance. Help systems on many SCADA networks use web based help which is vulnerable to client side browser attacks.
Corporate LANS are defiantly accessible to hackers. A knowledgeable hacker (who knows what tell tells to look for) will be able to identify SCADA networks and attack vectors after gaining a foothold on a corporate LAN.
As part of a team that performs pen testing on vendor systems and on in the field critical infra-structure (for a national lab) we have yet to encounter a SCADA network that did not have access to the corporate LAN. We have reversed engineered many of the communication protocols, and found buffer overflows and other exploits in the majority of the systems that we have tested. Though we are told that only one way communication exist between data stores on SCADA sub nets and the corporate LAN anyone who understands TCP communications knows that it is a two way protocol.
Attacks do not necessarily need to originate from the "internet" as Many field RTUs have non-authenticating dial up enabled, and can be found through intelligent war dialing.
As every nation state in the world has access to the same SCADA hardware and software, it is not beyond reckoning that they and well funded terrorist organizations are pursuing attack techniques against the systems the control all of the power grid, telecom systems etc. They need but purchase a system, study the standard installations, code base and protocols and find the exploits. The financial impact from a well executed cyber attack could be in the billions of dollars.
Yes they are on the internet kind of. They are on SCADA networks that are connected to corporate networks (through a firewall) so that the bean counters can maximize productivity...... General configurations include data stores with linkages through the firewalls, vendors that require some type of access to the SCADA systems and servers to perform maintenance and patching, and online help systems on the SCADA systems that use web based help systems (located on critical systems) that can call out to vendors sites, and basically any other wbe site.
As a new IE exploit is out in the wild it is not hard to imagine that critical systems can become infected from client side attacks. A hacker has to get past (in general) two firewalls, then yes the critical systems are acesseble via the internet. As most attacks these days use a combination of social engineering/ client side attacks against the corporate LAN getting a foothold behind the first firewall is not too difficult.
Basically power, oil distribution, water, sewer, gas piplines, communication systems, and most manufacturing processes use SCADA or digitsal control systems that in some way are connected to the internet.
I am currently on a team at a DOE lab that has 20 very good researchers who spend all their time and energy hacking SCADA systems and performing pen testing of various vendor products and pen testing in production control systems at a lot of utilities.
We have not performed and on site assesment in which we have not found access to the SCADA system (eventually) through an external internet connection.
Thats not the half of it...... most of the RTU out in the world have unsecured dial up access......
So the threat of cyberterrorism is very real. Economic impact from a well directed cyber attack could exceed billions of dolars.
Damn thas some fly rhyme..........
fo shizzle!
radioactive decay means that you never completely run out of an element from natural decay, merely that at the end of an half life you have 50% less of the substance....
So at the end of the first half life you have 50%, at the 2nd 25%, 3rd 12.5%, 4th 6.25% etc etc. You will always have some remainder of the element.
So even if an element has a 1 year half life it does not just disappear... you merely have 50% less than the previous year.
modded as insightful?
Half life means that 50% of the mass of the radioactive element decays in the time span. So after 4.5 billion years there is 50% less u-238 by mass than there was 4.5 billion years ago.
It isn't all gone, nor can it ever be......... as the mass always reduce by 50%. That is why it is called "half life."
Duh exactly, as in you must not understand what "half life" means. It means that 50% of a given mass decays.... not the whole things..... so there is 50% less u-238 on the planet after 4.5 billion years. It all doesn't just turn into cold leftovers.
Would you want the newest and most experimental nuclear research facility in your neighborhood?
In a heartbeat...... then again I live in the area of, and work for the principle nuclear power research center in the US. I can spit and hit the first "city" powered by atomic energy on the planet.
The new Gen IV reactors that the US is developing are slated to be built here.
Now a $$ 10 billion fusion project..... just think of the boon to the local economy.
and here I'd though we had gone to gold years ago with the release of Adam 1.0...... they must have been debugging some of the problems with associated Eve software for all of these last few millenia.
I will now duck and cover.
for a Chinese pirater to sell pirated copies of MS products to the Chinese government?
the Enterprise used open source..... but now that the series has been canceled isn't this whole discussion kind of moot?
And I didn't like how they killed off Trip in the last episode.
Didn't misremember..... spelled it that way intentionally in reference to the foop of the Krikkit warship and because it is one of my favorite spoonerisms.
"Mostly Harmelss". I thought it a little strange after sparing Earth and Arthur for four book he finaly decides to knock off the whole crew in one swell foop.
Slightly anti-climatic and all that.
It has been several years since I last programmed in Lisp. At the time there were few tools that would indicate how/where parenthesis balanced (and no integrated IDEs) making long lisp statements rather cumbersome to parse by hand. Writing Lisp programs in pico brings back some old memories.
Lisp does do some task rather elegantly, simplifying implementation and coding of some tasks. I still prefer other languages for most tasks.