“Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says” (nytimes):
The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.
Here’s my dumb question #22 for today: Why were any of these systems accessible via the Internet? Do the operators need to download porn and denounce Trump on Facebook to stay awake? What is the possible utility, so to speak, of a process control computer system being on the Internet? If the software is updated once every year, why not do that with a 5.25″ floppy or, if modernity is required, a USB drive?
Related:
It’s not a dumb question, but the answer is a dumb answer – convenience and security are eternally at war with one another, and convenience often wins. (I heard a story once about an executive for some gas refinery insisting that a hole be punched through the firewall so he could monitor, in real time and from home, the status of the plant so that he knew how much money he was making at any given moment, 24/7/365).
The development skillset/mindset for building and deploying systems on-prem and behind firewalls is becoming increasingly rare. Source: until recently I worked for a company working on machine learning analytics systems for manufacturing process control systems, and the inability to monitor/patch our systems in the field was a huge part of the challenge. Now I work for a company with a cloud-based, multi-tenant type solution, and the difference in mindset is shocking. Hardware is Somebody Else’s Problem; nobody wants to deploy anything anymore without the ability to monitor/patch it over the internet.
If some not-directly-connected-to-the-internet system has a UI or CLI that runs on some computer (e.g. some old Windows box), and that computer is on a network where at least one machine on the network has access to the internet (e.g. they access to online training materials), then there is a de facto way to get from the internet to that box, and from that box to the not-directly-connected-to-the-internet system (e.g. by a virus which is able to control the mouse and keyboard).
They would need to run the UI or CLI on a machine that was not connected to any network other than the system itself.
Good question. Seems like the computers which control the dams and nuclear plants should be on a dedicated network, with no access to the Internet, at all.
I find organizations frequently overestimate their capability. Believing you can keep a computer “safe,” while also putting it on a network connected to the Internet, seems like hubris, at least to me.
I seem to recall reading that the CANbus of a car also is accessible from the internet with some tinkering.
It’s a bit concerning, since every day we can see various forms of serious security failures. Looks like the bad guys are winning while the good guys are just concerned with their own convenience.
Perhaps this will change once industrial plants start blowing up on a more regular basis. (I wonder how insurance companies think about these issues?)
Phil, I work at a government owned critical infrastructure facility. The control systems and telemetry are connected to our local network, which is connected to the public internet. I asked the chief operator why, he said that although it’s accessed remotely now(by supervisors or IT help desk), it was originally hooked up to the network because the IT people never would’ve imagined setting up a computer without networking it. The same 2 year degree IT people running a community college network run ours.
In addition we failed to convince our bosses that it was possible to physically destroy infrastructure via cyberattack. They just literally couldn’t imagine that. In addition, they wouldn’t let us set up a WiFi base station because they thought THAT would open us up to hackers. We’ve already had an incident where someone claiming to be from the DOD was allowed to physically inspect our facility. Our supervisors, who are paid more than the Secretary of Defense, were unaware that the Department of Homeland Security, not defense is responsible for critical infrastructure.
For the same reason a TCP/IP stack was dropped into WinXP with little thought of a working firewall: because no one knew what schmucks our Internet neighbors would turn out to be.