SCADA systems security issues

SCADA systems are used to monitor and control critical installations in oil and gas refineries, water and power distribution plants, manufacturing plants and other industrial facilities. There has been a lot of discussion about malware and security in industrial automation systems after Stuxnet. Widely viewed as the most complex piece of computer malware ever created, Stuxnet is believed to have been designed to sabotage uranium enrichment centrifuges at the Iran’s Natanz nuclear plant. If nasty malware can do that, other similar malware can do something else nasty as well.

Attacks against SCADA systems can have potentially very serious consequences. I think that we have been quite lucky that we have not seen any big disasters yet. Even though the attacks are rare at the moment, security researchers are confident that their number will increase, especially since the Stuxnet industrial sabotage worm set a successful precedent. And now there are many news on Dugu worm.

News around one month ago told that SCADA hack shut down a US water plant at 8 November 2011. This hacking attack at a US water plant has been credited to an unknown attacker (handle “pr0f” took credit) who according to hacker sources managed to access a SCADA controller and take over systems. Once again caused security experts to question the security of SCADA systems. Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System. “This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this,” he wrote. “You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely (expletive) the state of national infrastructure is. I’ve also seen various people doubt the possibility an attack like this could be done,” he wrote in a note on the file sharing Web site pastebin.com. On the other hand Federal officials said there’s no evidence to support a report that hackers destroyed a pump used by an Illinois-based water utility after gaining unauthorized access to the computer system it used to operate its machinery. What is the truth in this case it is hard to say.

What is known that many industrial systems are vulnerable. Siemens Simatic is a common SCADA product and has been the subject of other warnings from security researchers according to Siemens industrial control systems are vulnerable to attack that can cause serious problems. The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned earlier that Siemens’ SIMATIC S7-1200 programmable logic controllers (PLCs) are vulnerable to so-called replay attacks that can interfere with the normal operations. An attacker with access to the PLC or the automation network could intercept the PLC password and make unauthorized changes to the PLC operation. ISO-TSAP protocol is functioning to specifications; however, authentication is not performed nor are payloads encrypted or obfuscated.

White Paper On Industrial Automation Security In Fieldbus And Field Device Level is an interesting white paper (from Vacon, Nixu and F-secure) that focuses on presenting a generic overview about security in industrial automation. Security aspects of traditional fieldbuses, Ethernet-based networks and wireless communication technologies are presented. Challenges regarding data security in the field of industrial automation are discussed. The properties of industrial automation devices are described with a focus on security, tampering possibilities, and risk mitigation methods.

Many protocols used in industrial control systems were intentionally designed to be open and without security features. As long the the networks that run those protocols are kept physically separate from public network you are quite safe. For the most part SCADA systems are not necessarily designed to be connected to the internet, but engineers can put in workarounds for remote access. Anytime you do this you put in a pathway where someone can get in. And there are often case where remote devices are accessed using those non-secure protocols though unsafe networks (public telephone network, cellular network, radio waves, even Internet).

There has been long time the belief that SCADA systems have the benefit of security through the use of specialized protocols and proprietary interfaces (security through obscurity), networks are physically secured and disconnected from the Internet. Today those beliefs all do not hold anymore. There are nowadays you can find many tools on Internet to work with standard SCADA protocols (for example Wireshark can be used to decode several commonly used SCADA protocols).

The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks. Modern SCADA systems should be designed so that they can be withstand the situation they are accidentally connected to Internet (it will happen sooner or later). In addition to making SCADA system itself secure, you should separate it from Internet (no connection at all or very strictly configured series of firewalls). FACT CHECK: SCADA Systems Are Online Now article tells at nearly everything is connected now. Nearly all SCADA systems are online. The addition of a simple NAT device is far from bulletproof security access control.

Most of SCADA systems in use are are old computer systems. They are usually horribly patched (“if it ain’t broken, don’t fix it”) and often run very old operating system version. Windows is very commonly used operating systems on SCADA applications, because only few SCADA-packages support other than Windows operational systems. It seems that there are many people who are not happy with the security stance being taken within their organizations around SCADA hosts. Even if you have patches up to date and current anti-malware on a host, all you have done is eliminated some of the risk (and maybe created new risks caused by fact that anti-malware software can sometimes disturb normal system operation). Add a firewall and you have reduced some of the risk. Pile on as much security as you want and people are going to find ways to disable it and make themselves vulnerable.

I wish no one had to worry about hackers in any application, but we do. Unfortunately, data security is never a non-issue.

FACT CHECK: SCADA Systems Are Online Now article mentions an interesting story on Boeing 747 (For those who do not know, modern 747′s are big flying Unix hosts with lots of Ethernet). They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 – VLANs. The security researchers managed to break the VLANs and access other systems (including Engine management systems). The issue here is that all that separated the engine control systems and the open network was VLAN and NAT based filters.

256 Comments

  1. Tomi Engdahl says:

    Researcher Finds Nearly Two Dozen SCADA Bugs In a Few Hours
    http://it.slashdot.org/story/12/11/26/2114214/researcher-finds-nearly-two-dozen-scada-bugs-in-a-few-hours

    “It is open season on SCADA software right now. Last week, researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric.”

    “now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours’ work.”

    What does a flightless bird and SCADA software have in common?
    http://blog.exodusintel.com/2012/11/25/what-does-a-flightless-bird-and-scada-software-have-in-common/

    Researcher Finds Nearly Two Dozen SCADA Bugs in a Few Hours’ Time
    https://threatpost.com/en_us/blogs/researcher-finds-nearly-two-dozen-scada-bugs-few-hours-time-112612

    “The most interesting thing about these bugs was how trivial they were to find. The first exploitable 0day took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison. The most difficult part of finding SCADA vulnerabilities seems to be locating the software itself,” Portnoy said in a blog post.

    In fact, he said that locating the software was more difficult than finding the bugs themselves.

    Reply
  2. Tomi Engdahl says:

    Power station, airport SCADA defences ‘dead as a dodo’
    Security bod promises to help fix holes rather than flog exploits
    http://www.theregister.co.uk/2012/11/27/scada_vulns/

    Researchers have discovered yet more security vulnerabilities in crucial equipment used by power plants, airports, factories and other critical systems.

    Exodus Intelligence said it has found more than 20 flaws in SCADA (supervisory control and data acquisition) software from vendors including Rockwell Automation, Schneider Electric, Indusoft, RealFlex and Eaton Corporation. The bugs expose machinery to the risk of either remote code execution or denial of service attacks.

    Last week, researchers at Maltese startup ReVuln recorded a video in which they boasted of discovering zero-day vulnerabilities in SCADA applications from vendors such as Siemens, GE and Schneider Electric.

    ReVuln intends to sell information on these vulnerabilities, potentially to government agencies, rather than report them to equipment manufacturers to fix.

    Reply
  3. outdoor garden tool set says:

    That is the proper weblog for anybody who wants to find out about this topic. You realize a lot its nearly arduous to argue with you (not that I actually would want…HaHa). You undoubtedly put a brand new spin on a topic thats been written about for years. Nice stuff, simply nice!

    Reply
  4. montre automatique says:

    Howdy! Someοne іn mу Myspaсe group shared
    this sіte wіth us ѕo I came tо gіvе іt a look.
    I’m definitely enjoying the information. I’m boοκmarking anԁ wіll bе tweeting thiѕ to my follοwers!
    Оutstanding blοg аnd fantaѕtic style and ԁesign.

    Reply
  5. Tomi Engdahl says:

    Virtual patching for process control systems
    http://www.controleng.com/home/single-article/virtual-patching-for-process-control-systems/81e89c06c35f85f68d13bb0a10a88a23.html

    Increase protection from software vulnerabilities sooner while allowing more control of your industrial network maintenance.

    In today’s industrial organizations, patching process control system software to remove security vulnerabilities is a regular, ongoing activity that is fraught with risk. Significant issues, such as a software regression, can be the result of installing a patch. At the same time, there is a potential for the system to become compromised if a patch has not been applied.

    The calculation of whether to patch or not is governed by the trade-off between the risk of installing a defective patch versus the risk of a penetration, which pits two equally important objectives against one another. Patching a critical system may “break it”—but failing to do so could leave it open to a security vulnerability.

    In addition to the security risk trade-off, there is a more pragmatic trade-off relative to the use of resources. Whether carried out automatically or manually, patching involves the application of resources, whose utilization and cost must be factored into the overall frequency of patching decisions.

    An innovative technique known as virtual patching, however, allows industrial organizations to improve the patch process while raising a system’s security posture. Components like vulnerability filters provide security for the unpatched systems, allowing better alignment of the patch process with production requirements.

    Today’s security risks

    In manufacturing plants and other industrial facilities, the advent of open control system architectures and standard protocols has been a mixed blessing for enterprises. On one hand, the evolution from isolated proprietary applications to open technology has expanded process and business information availability. On the other hand, open technology has exposed the manufacturing enterprise to a variety of electronic threats. With the further integration of manufacturing assets to enterprise resource planning systems, the risks become even greater.

    The increased vulnerability of the enterprise resulting from open architectures, coupled with increasing numbers of malware attacks, has made cyber security a major concern for manufacturers around the world. Accidental or malicious attacks can cause significant risk to the health and safety of personnel, production, and corporate reputation, to name only a few.

    In order to minimize risks to plant automation and information systems, it is important to implement a defense-in-depth strategy, which incorporates multiple layers of protection. One such layer in particular includes hardening of the servers and stations.

    Implementing patches in a process control network can be a time-consuming exercise, which apart from providing an increased resilience of the control system equipment against malware attacks, also introduces increased risk of failure during the patch installation process. Installing a software patch typically requires:

    Coordination with the process operations staff to determine the appropriate time slot for patching
    Actual installation of the patch
    Swapping primary and secondary server functions to allow patching on the secondary server, and
    Rebooting equipment to activate the modified software.

    Together, these factors result in an average patch processing time for a server or station of between one and two hours per node. This exercise soon becomes costly, since security patches are normally issued monthly and are not necessarily aligned due to different patch release cycles from different manufacturers. While waiting for these elements to align, the vulnerability is public but the system is not patched, so there is an increased risk of a successful exploit—an infection by a network worm in the majority of the cases.

    Virtual patching techniques

    Virtual patching, unlike traditional patching, protects the system without touching the application, its libraries, or operating system. Additionally, virtual patches are available much sooner than actual software patches. Within days after disclosure of a vulnerability, a virtual patch can become active, where an application manufacturer might take weeks to months to modify and test the software.

    The process is designed to place a shield around the control network that checks for the activity of known vulnerabilities and offers good protection against so-called “zero-day attacks” not indentified by protection mechanisms such as anti-virus software. A vulnerability filter is not impacted by this situation directly, since it filters the exploit of a specific vulnerability without being sensitive to changes in a particular signature.

    The benefits of shielding are two-fold. Not only does it offer protection against network-based attacks or denial-of-service attacks, but it also stops the propagation of malware over the network.

    Virtual patching in practice

    Virtual patching filters the traffic between two points, using vulnerability filters which are designed to detect and block traffic that violates application protocols. These vulnerability filters behave like a network-based virtual software patch to protect downstream hosts from network-based attacks on unpatched vulnerabilities. The vulnerability filters are created as soon as new vulnerabilities are discovered to preempt any attacks. Specifically, this approach is used to shield the control network from traffic coming from Level 3 or above, or traffic flowing between communities.

    Determining when and how to patch is a critical decision that should not be taken lightly.

    Reply
  6. Tomi Engdahl says:

    Researchers find crippling flaws in global GPS
    http://www.scmagazine.com.au/News/325731,researchers-find-crippling-flaws-in-global-gps.aspx

    Researchers have developed three attacks capable of crippling Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones.

    The scenarios developed include novel remote attacks via malicious GPS broadcasts against consumer and professional- grade receivers which could be launched using $2500 worth of equipment.

    A 45-second crafted GPS message could bring down up to 30 percent of the global GPS Continuously Operating Reference Stations (CORS), while other attacks could take down 20 percent of NTRIP networks, security boffins from Carnegie Mellon University and firm Coherent Navigation wrote in a paper

    Together, attack scenarios created “serious ramifications to safety systems”.

    “Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack,” the team of four researchers said

    “The good news is that as far as we know, we are the only ones with a spoofing device currently capable of the types of attacks,” Nighswander said.

    “The bad news is that our spoofer would not be prohibitively expensive and complicated for someone to build, if they had the proper skillset.

    Attacks were conducted against seven receiver brands including Magellan, Garmin, GlobalSat, uBlox, LOCOSYS and iFly 700.

    Trimble was working with researchers to push out a patch for its affected products, Nighswander said.

    Attacks included location spoofing in applications used by planes, cars, trucks and ships to prisoner ankle bracelets, mobile phone towers, traffic lights, and SCADA systems.

    The researchers said their work differed from existing GPS jamming and spoofing attacks because it detailed a larger attack surface “by viewing GPS as a computer system”. This included analysis of GPS protocol messages and operating systems, the GPS software stack and how errors affect dependent systems.

    “The overall landscape of GPS vulnerabilities is startling, and our experiments demonstrate a significantly larger attack surface than previously thought,” the researchers wrote.

    “For example, we show that we can permanently de-synchronise the date of Phasor Measurement Units used in [a] smart grid. We also show we can cause UNIX epoch rollover in a few minutes, and year 100,000 (the first 6-digit year) rollover in about two days.”

    Reply
  7. Tomi says:

    Stuxnet strikes again, Iranian official says
    http://www.theverge.com/2012/12/25/3803216/stuxnet-strikes-again-iranian-official-says

    Is Stuxnet back? A provincial defense official in southern Iran is claiming that one of the largest power plants in the country and other industrial sites were again targeted by the notorious virus reported to be the creation of the Israeli and American governments.

    This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan.

    Stuxnet is a powerful worm that was written to attack industrial systems manufactured by global megabrand Siemens. The virus is introduced via an infected USB drive, then establishes communication with a remote server. Attackers can then copy data or take control of a plant’s monitoring system.

    Reply
  8. Tomi Engdahl says:

    FBI Memo: Hackers Breached Heating System via Backdoor
    http://www.wired.com/threatlevel/2012/12/hackers-breach-ics/

    Hackers broke into the industrial control system of a New Jersey air conditioning company earlier this year, using a backdoor vulnerability in the system, according to an FBI memo made public this week.

    The intruders first breached the company’s ICS network through a backdoor in its Niagara AX ICS system, made by Tridium. This gave them access to the mechanism controlling the company’s own heating and air conditioning, according to a memo prepared by the FBI’s office in Newark

    The breach occurred in February and March of this year, several weeks after someone using the Twitter moniker @ntisec posted a message online indicating that hackers were targeting SCADA systems, and that something had to be done to address SCADA vulnerabilities.

    The individual had used the Shodan search engine to locate Tridium Niagara systems that were connected to the internet and posted a list of URLs for the systems online. One of the IP addresses posted led to the New Jersey company’s heating and air conditioning control system.

    The backdoor URL gave access to a Graphical User Interface (GUI), “which provided a floor plan layout of the office, with control fields and feedback for each office and shop area,” according to the FBI. “All areas of the office were clearly labeled with employee names or area names.”

    Forensic logs showed that intruders had gained access to the system from multiple IP addresses in and outside the U.S. The memo does not indicate if the intruders manipulated the system after obtaining access to it.

    Five months after the breaches first began, Tridium and the Department of Homeland Security’s ICS-CERT division published alerts disclosing a directory traversal and weak credential storage vulnerability in the Niagara AX Framework system.

    More than 300,000 Tridium Niagara AX Framework systems are installed worldwide

    more than 20,000 of the Niagara systems connected to the internet.

    Reply
  9. Tomi Engdahl says:

    Shodan pinpoints shoddy industrial controls.
    http://www.shodanhq.com/

    Reply
  10. Tomi Engdahl says:

    Hackers tap SCADA vuln search engine
    Shodan pinpoints shoddy industrial controls.
    http://www.theregister.co.uk/2010/11/02/scada_search_engine_warning/

    A search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering, the US Computer Emergency Readiness Team has warned.

    The year-old site known as Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition, systems used to control equipment at gasoline refineries, power plants and other industrial facilities. As white-hat hacker and Errata Security CEO Robert Graham explains, the search engine can also be used to identify systems with known vulnerabilities.

    According to the Industrial Control Systems division of US CERT, that’s exactly what some people are doing to discover poorly configured SCADA gear.

    Besides opening up industrial systems to attacks that target unpatched vulnerabilities, the information provided by Shodan makes networks more vulnerable to brute-force attacks on passwords, many of which may still use factory defaults, CERT warned.

    Reply
  11. Tomi Engdahl says:

    Thousands of SCADA Devices Discovered On the Open Internet
    http://it.slashdot.org/story/13/01/10/2013215/thousands-of-scada-devices-discovered-on-the-open-internet

    “Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget. That’s mostly what comprises the arsenal of two critical infrastructure protection specialists who have spent close to nine months trying to paint a picture of the number of Internet-facing devices linked to critical infrastructure in the United States. It’s not a pretty picture.”

    Reply
  12. Tomi Engdahl says:

    January 14, 2013, 9:22PM
    Malware Infects Two Power Plants Lacking Basic Security Controls
    https://threatpost.com/en_us/blogs/malware-infects-two-power-plants-lacking-basic-security-controls-011413

    During the past three months, unnamed malware infected two power plants’ control systems using unprotected USB drives as an attack vector. At both companies, a lack of basic security controls made it much easier for the malicious code to reach critical networks.

    In one instance, according to a recent report from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), malware was discovered after a power generation plant employee asked IT staff to look into a malfunctioning USB drive he used to back up control systems configurations.

    A scan with updated antivirus software turned up three instances of malware, two common and one considered sophisticated.

    That discovery prompted a more thorough on-site inspection that revealed “a handful of machines that likely had contact with the tainted USB drive.” This included two of 13 workstations in an engineering bay tied to critical systems.

    “Detailed analysis was conducted as these workstations had no backups, and an ineffective or failed cleanup would have significantly impaired their operations,” according to the report.

    Analysts noted the need for operators of the nation’s critical infrastructure networks to follow best practices. In recent years security researchers have tried to draw more attention to SCADA and ICS security (or the lack thereof) as a way of pushing companies, usually privately owned, to invest more resources in protecting their networks from cybercriminal activity.

    Reply
  13. Tomi Engdahl says:

    Malware infects US power facilities through USB drives
    ICS-CERT recommends power plants adopt new USB practices
    http://www.techworld.com.au/article/446611/malware_infects_us_power_facilities_through_usb_drives/

    Two U.S. power companies reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

    ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use.

    In the second incident, a power company contacted ICS-CERT in early October to report a virus infection in a turbine control system

    The malware delayed the plant’s reopening by three weeks, the organization said.

    Reply
  14. Web Site says:

    Greetings from Idaho! I’m bored at work so I decided to browse your site on my iphone during lunch break. I enjoy the information you provide here and can’t wait to take a look when I get home.
    I’m amazed at how quick your blog loaded on my mobile .. I’m
    not even using WIFI, just 3G .. Anyways, excellent site!

    Reply
  15. Charleen Streight says:

    ive been looking for the founder or creator? of the first forensic accountant in australia, would anyone know? Thanks

    Reply
  16. Tomi Engdahl says:

    Software moles in your systems
    http://www.controleng.com/home/single-article/software-moles-in-your-systems/5a0347ba765249f3926eb61201e7dd59.html

    Old programs, utilities, and plug-ins languishing on your computer or control systems could threaten your security.

    Reply
  17. Automation systems security issues « Tomi Engdahl’s ePanorama blog says:

    [...] connected to allow remote operation and some are unintentionally connected to Internet. Many control systems connected to Internet have serious security issues (for example some have default passwords in them and some have known security vulnerabilities in [...]

    Reply
  18. Computer Manuals says:

    I have already been online on-line higher than 3 hours recently, yet I certainly not uncovered any attention-grabbing article such as the one you have. It is beautiful well worth ample for me. Personally, if perhaps most online marketers and web owners built great content material while you performed, the internet can be additional valuable than previously.

    Reply
  19. rent an office in boise says:

    Heya i’m for the primary time here. I came across this board and I to find It really helpful & it helped me out a lot. I hope to present one thing again and help others such as you aided me.

    Reply
  20. oliver says:

    Fantastic goods from you, man. I have be aware your stuff previous to and you’re just too fantastic. I actually like what you have received right here, really like what you’re stating and the way in which wherein you are saying it. You’re making it enjoyable and you still care for to stay it sensible. I can not wait to learn far more from you. This is really a great web site.

    Reply
  21. Destiny Bernsen says:

    I want to point out my appreciation for your generosity for all those that should have help on this important idea. Your special dedication to passing the message around came to be rather powerful and has continually allowed professionals much like me to reach their pursuits. Your amazing valuable suggestions entails a whole lot to me and still more to my office colleagues. Best wishes; from all of us.

    Reply
  22. revitol cellulite formula says:

    Excellent, what a web site it is! This weblog provides useful facts to
    us, keep it up.

    Reply
  23. Alonso Rode says:

    I simply had to appreciate you again. I am not sure the things I would have worked on in the absence of the type of information discussed by you concerning that subject. It has been a terrifying concern in my position, nevertheless taking a look at a professional way you resolved that took me to cry with fulfillment. Now i’m happier for your help and in addition hope you find out what an amazing job you are always providing instructing some other people with the aid of your websites. I am certain you haven’t come across all of us.

    Reply
  24. pensjonaty Jurata says:

    some truly prize content on this site, saved to fav.

    Reply
  25. Tomi Engdahl says:

    SAP users slack, slow and backward on security
    Some systems unpatched since 2005, says researcher
    http://www.theregister.co.uk/2013/06/18/sap_users_slack_slow_and_backward_on_security/

    Cross-site scripting, failure to check credentials, directory traversal and SQL injection make up more than three-quarters of vulnerabilities in SAP environments, according to a presentation by ERPScan’s Alexander Polyakov to RSAConference Asia Pacific 2013.

    That’s troubling, he told delegates, because ERPScan is also observing a growing willingness by SAP users to open up interfaces to the Internet

    “If someone gets access to the SAP they can steal HR data, financial data or corporate secrets … or get access to a SCADA system.”

    A successful intrusion into the SAP system could easily mean the “end of the business”,

    Reply
  26. battery charger for iphone says:

    I look forward to digging further of your quality article.
    Thanks!

    Reply
  27. Sonia says:

    Does your site have a contact page? I’m having a tough time locating it but, I’d like
    to shoot you an e-mail. I’ve got some recommendations for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it grow over time. Thank you, so much!

    Reply
  28. marine battery charger says:

    With havin so much written content do you ever run into any problems of plagorism or copyright infringement?
    My blog has a lot of exclusive content I’ve either created myself or outsourced but it appears a lot of it is popping it up all over the internet without my permission. Do you know any ways to help prevent content from being ripped off? I’d truly appreciate it.
    It’s been so very much appreciated!

    Reply
  29. oilfield waste disposal says:

    What if the oil field is huge, but no one else has discovered it? Can the neighbors tap the field from their own property? Does the oil field belong to the original discovering party?

    Reply
  30. Tomi says:

    The top 10 new reasons to be afraid of hackers
    http://www.theverge.com/2013/7/31/4568992/top-10-new-reasons-to-be-afraid-of-hackers-def-con-black-hat

    5. Hackers could shut down a power plant.

    Wireless networks are pretty useful for controlling power plants. They’ve also been implemented in nuclear, oil, gas, and water facilities. A pair of hackers discovered a vulnerability in a certain type of wireless device made by three of the leading industrial wireless automation solution providers. The vulnerability means that a hacker within a 40-mile range of the plant could read and write data into theses devices using only radio transceivers

    4. Hackers are haunting your house.

    Let’s start with your smart television: hackers can grab your account information, install a virus, or take over your webcam and microphone and stare at you while you scarf popcorn on the couch. Suddenly you’re sweating: the hackers have cranked up your thermostat to sauna levels. Next, the lights start flickering on and off. And finally, your smart door-lock, which uses Wi-Fi or Bluetooth, suddenly clicks open. As connected devices make our home lives more convenient, the paths of entry multiply from just the computer to everything in the house.

    3. You could be shocked to death by your own pacemaker.

    bugs and viruses can seriously disrupt modern medical devices.

    2. Hackers could take control of your car while you’re driving.

    Car hacking has turned out to be one of the biggest hacking trends of the year. Hackers can break into your car remotely or sneak in to tweak things under the dashboard.

    exploits for vehicle security and driverless cars.

    1. You’re being hacked by the government.

    “While politicians are clearly scared about hacks from China, our own law enforcement agencies are clearly in the hacking business,”

    Reply
  31. water softeners austin says:

    Thanks for your publication. What I want to point out is that when searching for a good on the net electronics go shopping, look for a website with full information on critical factors such as the personal privacy statement, safety measures details, any payment guidelines, along with other terms and also policies. Always take time to look at help plus FAQ pieces to get a superior idea of the way the shop is effective, what they are capable of doing for you, and in what way you can use the features.

    Reply
  32. Tanner Bill says:

    Hey everybody- which is the top place for recycling electronic equipment that you’ve heard of?

    Reply
  33. etre riche says:

    Very descriptive post, I liked that bit. Will there be part 2?

    Reply
  34. Tomi Engdahl says:

    Security Advisory Information
    http://links.mkt1451.com/servlet/MailView?ms=NDMzNDIxMzYS1&r=Njk0ODUzNDgxMTQS1&j=MjA2Njk1ODk3S0&mt=1&rt=0

    GE Intelligent Platforms has released security advisories and product updates (SIMs, firmware updates) to address security vulnerabilities in the following products:

    DNP3 I/O driver for Proficy HMI/SCADA (iFIX and CIMPLICITY)

    GE Intelligent Platforms urges all customers to follow the recommendations in the security advisories.

    Reply
  35. Tomi Engdahl says:

    Cyber security experiment reveals threats to industrial systems
    http://www.controleng.com/single-article/cyber-security-experiment-reveals-threats-to-industrial-systems/5b75a30de6824978593bab5433bd061f.html

    A recent report shows how “honey pots” designed to look like municipal water utility networks attract many hackers. Security experts offer their analysis of the findings and suggest how they could influence your defensive strategies.

    At the Black Hat conference in July, Trend Micro presented a report about an experiment the company conducted where it deployed 12 honey pots around the world that were designed to look like the ICS (industrial control system) networks of municipal water utilities. Between March and June, these attracted 74 intentional attacks, including at least 10 where the attackers were able to take over the control system.

    The system was put out there, accessible from the Internet. The researcher was interested in the amount of activity such Web-facing control systems receive from the threat community. He’s done some research in this area, so this project had two goals: First, to validate his interest by seeing if those people are looking for such targets, if they would find the honey pot realistic, and then what they would do with it. Second, he wanted to gauge the technical capabilities of those who came looking.

    Did the attackers know how to approach industrial systems and communication protocols, or did that reduce their effectiveness? Many users try to take comfort in the idea of “security by obscurity,” believing that hackers don’t know how to deal with industrial networks.

    Assante: Most of the attackers came simply because they had some general Internet exploit capabilities, but weren’t fully prepared to deal with the realities of a control system. Control systems have common elements like an OS layer and the application layer, and in this case Web-based remote access. But a small subset of the people who came was prepared to dig into control systems and came with enough capability to take over the systems they found. Around 10 of those who got in were able to establish full control over the system that was being simulated in the honey pot. Four of them did it by manipulating the industrial protocol being simulated or hardware devices.

    Those attackers came with the right tools, experience, and a plan of what they wanted to do to operate at the level of the industrial protocol and hardware—not just at the application level or OS level.

    That leaves a question: Of the 10 who took control of the process, did they do anything that might have harmed the process, or is this just a learning expedition? Could they change HMIs? Could they move setpoints? Did they put down a Trojan to keep a foothold to maintain access? There has to be some indication of the motivation of the threat actors that took over the process. What do we think their intent was? Is there anything we can learn from their motivation?

    So there are hackers and there are hackers. We tend to think of them in a more abstract sense rather than as individuals.

    Conway: The bad-news side to that discussion is that we can say the very good people are very limited in numbers, and those very good people would have identified that this was a honey net. Those people would not have brought to bear all their tools and capabilities just for someone else to capture them and do some analysis.

    Assante: Another bad thing that is harder to get our arms around is that all this activity was on a few honey nets. In the defensive communications circle, we know incidents are occurring, we have generalized reporting by the ICS CERT and that kind of thing, but we know that real-world reporting is much more limited.

    Scary stuff, certainly. So now what?

    Conway: When we look at it and say, “What do we do about it?”, I think of things like, disable Internet access, look at your trusted resources, impose a USB media lockdown, whitelist applications, and so on. But then I ask myself, “Did Trend Micro do anything to make these honey nets more visible as targets?” I look at how much time and effort they put in to make sure these systems were indexed and queried with Google. They made sure they’re accessible within SHODAN.

    Assante: Reducing the attractiveness of your system for compromise certainly works when people are applying a capability or tool that they have looking for it (for example, crafted searches for Internet facing ICS components). If you reduce the observables for them to find you, that’s a good thing.

    How practical is it for individual companies to reduce their visibility? How do you do that?

    Assante: If you’re web accessible, there are things you can’t do. You can’t hide that fact, but you can reduce the likelihood that somebody is going to correlate what’s there.

    The first thing you should be doing is looking at yourself and saying, “What am I telling people?” That’s the first thing to understand. Is there a reason I need to make that information available? Is there an operational benefit? If there isn’t, figure out how you can deny that information. Once you do that, stand back and say, “I did the best I could here. Now, what’s the next thing I can do to mitigate the risk?”

    t seems that one of the toughest things for asset owners to determine is if they have experienced intrusions.

    Conway: If you have a network that’s using all TCP/IP V4 or all Modbus for normal communication, you can put in a canary with listeners for all other protocols. If anybody talks to it using a different protocol, you know something’s configured wrong or something worse is happening. Another possibility, most medium to large utilities have test networks, and attackers don’t necessarily know that they are in a test network.

    Assante: When you’re getting a new control system or you have come to a new situation with an existing control system, you have to establish your base lines. How does this work? What is required for it to work? What is spurious or unnecessary? You should be able to get this from your supplier, particularly during the procurement phase. There are tools available, like the SOPHIA tool from Idaho National Labs, that are designed to passively baseline your communications at the port and channel level. You have to build a profile of the system and then you can tell when there’s a deviation. Most deviations are misconfigurations or somebody making a change in settings, but you still need to do something about it. You have to run it down and find out why it changed. That requires an investment in time and resources.

    Reply
  36. Tammera Broccolo says:

    Wonderful paintings! That is the kind of information that should be shared across the internet. Disgrace on Google for no longer positioning this submit upper! Come on over and seek advice from my website . Thank you =)

    Reply
  37. Tomi Engdahl says:

    Police warning after drug traffickers’ cyber-attack
    http://www.bbc.co.uk/news/world-europe-24539417

    The head of Europe’s crime fighting agency has warned of the growing risk of organised crime groups using cyber-attacks to allow them to traffic drugs.

    The director of Europol, Rob Wainwright, says the internet is being used to facilitate the international drug trafficking business.

    His comments follow a cyber-attack on the Belgian port of Antwerp.

    Drug traffickers recruited hackers to breach IT systems that controlled the movement and location of containers.

    Mr Wainwright says the alleged plot demonstrates how the internet is being used as a “freelance marketplace” in which drug trafficking groups recruit hackers to help them carry out cyber-attacks “to order”.

    “[The case] is an example of how organised crime is becoming more enterprising, especially online,” he says.

    “We have effectively a service-orientated industry where organised crime groups are paying for specialist hacking skills that they can acquire online,” he adds.

    The attack on the port of Antwerp is thought to have taken place over a two-year period from June 2011.

    The organised crime group allegedly used hackers based in Belgium to infiltrate computer networks in at least two companies operating in the port of Antwerp.

    The breach allowed hackers to access secure data giving them the location and security details of containers, meaning the traffickers could send in lorry drivers to steal the cargo before the legitimate owner arrived.

    Workers were first alerted to the plot when entire containers began to disappear from the port without explanation.

    “These criminal organisations always look for a new way to get drugs out of the harbour,” says Danny Decraene who heads the Antwerp organised crime unit of the Belgian Federal Police.

    He says the operation to hack the port companies took place in a number of phases, starting with malicious software being emailed to staff, allowing the organised crime group to access data remotely.

    When the initial breach was discovered and a firewall installed to prevent further attacks, hackers broke into the premises and fitted key-logging devices onto computers.

    This allowed them to gain wireless access to keystrokes typed by staff as well as screen grabs from their monitors.

    Mr Wainwright says the IT attack is consistent with a “new business model” of organised crime activity and he says he expects this kind of cyber-security breach to “become a more significant feature in future” of drug trafficking.

    “What it means therefore is that the police need to change the way they operate – they have to become much more tech savvy,” he says.

    Reply
  38. Tomi Engdahl says:

    Bluetooth-Sniffing Highway Traffic Monitors Vulnerable to MITM Attack
    https://securityledger.com/2012/12/bluetooth-sniffing-highway-traffic-monitors-vulnerable-to-mitm-attack/

    A system that monitors traffic patterns by pinging Bluetooth devices carried within passing automobiles is vulnerable to man in the middle attacks that could allow a remote attacker to steal data or remotely control or disable systems used to monitor freeways across the U.S., according to an alert from the Department of Homeland Security’s Industrial Control System Computer Emergency Readiness Team (ICS-CERT).

    ICS-CERT issued an advisory on Friday for customers who use Bluetooth-based traffic systems from the firm Post Oak Traffic Systems. Post Oak’s AWAM Bluetooth Reader Traffic Systems do not properly generate authentication keys used to secure communications. That could allow an attacker to calculate the private key used by the AWAM reader, then use those to impersonate the device, siphoning off administrative credentials that would give them direct access to the traffic monitoring system, DHS warned.

    Post Oak’s Anonymous Wireless Address Matching (AWAM) devices are installed at the roadside and detect passing vehicles by pinging Bluetooth-enabled devices being carried inside the vehicles, like mobile phones, mobile GPS systems and in-vehicle navigation systems, according to Post Oak marketing materials. The technology is used by the City of Houston and powers sites like this traffic information portal run by Houston TranStar.

    Post Oak claims that the data collected is anonymous and that communications between the roadside monitoring stations and the central management system are secure.

    “The sensors collect anonymous data that cannot be used to gather personal information. All data collected by the sensors are encrypted upon receipt before being sent to TranStar for processing. The information can be viewed on Houston TranStar’s website,” said a May, 2011 press release from TranStar on the system.

    Reply
  39. Tomi Engdahl says:

    China military hackers persist despite being outed by U.S.: report
    http://www.reuters.com/article/2013/11/06/net-us-usa-china-hacking-idUSBRE9A51AN20131106

    (Reuters) – The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions, a U.S. computer security company and congressional advisory panel said on Wednesday.

    A report by the cybersecurity company Mandiant in February identified the People’s Liberation Army’s Shanghai-based Unit 61398 as the most likely culprit in hacking attacks on a wide range of industries. China’s Defense Ministry denied the accusations.

    “From what we can tell, they are still stealing the same type of data from the same industries,” Mandiant spokeswoman Susan Helmick said on Wednesday.

    “The focus appears to be the same but the methods and malware, they had to shift,” Helmick said.

    A spokesman for the Chinese embassy in Washington on Wednesday repeated China’s response to the initial Mandiant report.

    “Cyber attacks are transnational and anonymous,” said spokesman Geng Shuang. “We don’t know how the evidence is collected in this report.”

    Reply
  40. Tomi Engdahl says:

    Stuxnet infected Russian nuke power plant – Kaspersky
    Another unintended victim of game-changing Iran attack
    http://www.epanorama.net/blog/2013/01/14/security-trends-for-2013/comment-page-29/#comment-2471566

    The infamous Stuxnet malware thought to have been developed by the US and Israel to disrupt Iran’s nuclear facilities, also managed to cause chaos at a Russian nuclear plant, according to Eugene Kaspersky.

    The Kaspersky Lab founder claimed that a “friend” of his, working at the unnamed power plant, sent him a message that its internal network, which was disconnected from the internet, had been “badly infected by Stuxnet”.

    Kaspersky didn’t reveal when exactly this happened, saying only that it was during the “Stuxnet time”.

    “Everything you do is a boomerang,” he added. “It will get back to you.”

    “It’s cyber space. [There are] no borders, [and many facilities share the] same systems.”

    Reply
  41. Tomi says:

    International Space Station Infected With USB Stick Malware Carried on Board by Russian Astronauts
    http://www.ibtimes.co.uk/articles/521246/20131111/international-space-station-infected-malware-russian-astronaut.htm

    Renowned security expert Eugene Kaspersky reveals that the International Space Station was infected by a USB stick carried into space by a Russian astronaut.

    Kaspersky said he had been told that from time to time there were “virus epidemics” on the station.

    The Russian said this example shows that not being connected to the internet does not prevent you from being infected. In another example, Kaspersky revealed that an unnamed Russian nuclear facility, which is also cut off from the public internet, was infected with the infamous Stuxnet malware.

    “[The staffer said] their nuclear plant network which was disconnected from the internet … was badly infected by Stuxnet. So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity.”

    terms of cyber-espionage “all the data is stolen globally… at least twice.”

    Kaspersky told the Press Club that creating malware like Stuxnet, Gauss, Flame and Red October is a highly complex process which would cost up to $10 million to develop.

    Reply
  42. Tomi says:

    International Space Station Infected With Malware Carried By Russian Astronauts
    http://science.slashdot.org/story/13/11/11/1317214/international-space-station-infected-with-malware-carried-by-russian-astronauts

    “According to Russian security expert Eugene Kaspersky, the SCADA systems on board the International Space Station have been infected by malware which was carried into space on USB sticks by Russian astronauts.”

    Reply
  43. Tomi Engdahl says:

    Safety Finds a Home on the Ethernet Network
    http://www.designnews.com/author.asp?section_id=1386&doc_id=268390&cid=nl.dn14

    Not many years ago, safety systems were standalone networks.

    It was common practice to make sure the safety network was physically separate from the network that controlled the plant. Many machines had their own safety tools that were completely separate from networks altogether. This made for an inefficient patchwork of differing systems running through the plant, but that has completely changed in just a few short years. Now the unthinkable is the rule: Safety lives on the same Ethernet network as the control system.

    The result of these changes is that safety is now more efficient, more flexible, less expensive, and safer.

    “You can have a safe network on a standard network. The thing we use is the black channel principle,” Zachary Stank, safety specialist at Phoenix Contact, told Design News. “The safety is on the same network as control, but it can’t be touched by anything.”

    Before the shift to Ethernet networks, the idea of running safety and control on the same network was considered reckless. The two functions were incompatible. This incompatibility is still the case. The difference now is that Ethernet allows clear separation between control and safety even though they’re on the same wire.

    Hackers are now targeting safety networks
    These days, anything that is networked is vulnerable to hackers. Networked safety is no exception. “If your threat is somebody who wants to cause you upset, embarrass you, and show that you can’t be trusted, they will go after the safety system,” Eric Byres, chief technology officer at Tofino Security, a Belden company, told Design News.

    Byres noted that tools to hack into a safety system have been showing up at hacker conferences. He pointed to a toolkit offered by a Russian company for $2,500 that is specifically designed to attack networked safety systems. While that cost may seem dear to your bedroom hacker, Byres views it as little. “If a criminal organization wants to extort money or steal intellectual property and sell it, the $2,500 is chump change.”

    Reply
  44. Tomi Engdahl says:

    Hackers at Your Gate
    http://www.designnews.com/author.asp?section_id=1386&doc_id=269644&cid=nl.dn14

    Hackers are trying to get into your plant data and your intellectual property. Think you’re safe? Hackers may have already attacked your data. The average length of time from a cyber-attack to the moment that attack is detected is a whopping 416 days, according to the National Board of Information Security Examiners (NBISE).

    Michael Assante, director of NBISE painted a dire picture of the growing threat of cyber-security at the Rockwell Automation Fair in Houston Tuesday.

    Assante classified cyber-attacks into three categories:

    General cyber-attacks are less structured. The hackers are out for notoriety and fame. They’re part of the hacker community.
    Targeted cyber-attacks are directed to specific goals. The attacks could be for monetary gain or to steal intellectual property.
    The third category is the most dangerous, strategic cyber-attacks. These are highly structured attacks with intent to commit major economic disruption or cyber-terrorism. Assante noted that strategic cyber-attacks are growing. “We have passed the inflection point,” he said.

    As for warding off attacks, Assante believes the answer is an educated staff and networks that require authentication. “People pave the way to cyber-security,” he said. “We have to secure people, and we have to make people cyber-aware.”

    Kulaszewicz noted that Rockwell and Cisco Systems have developed a strategic relationship to increase connectivity and productivity, but also to work on security. “We’re using role-based security. We design for security and audit to identify gaps,” he said.

    Who are the bad guys?
    Attacks can come from anywhere in the world. (At a hackers conference you can buy a Russian toolkit to crack plant systems for $2,500.) However, the biggest threat may be plant employees. “It can be malicious insiders,”

    Reply
  45. Tomi Engdahl says:

    SCADA flaws put world leaders at risk of TERRIBLE TRAFFIC JAM
    Host city for 2014′s G20 meeting pen tests its traffic lights and finds flaws galore
    http://www.theregister.co.uk/2013/11/21/scada_flaws_put_world_leaders_at_risk_of_terrible_traffic_jam/

    In November 2014, leaders of the G20 group of nations will convene in Brisbane, Australia, for a few days of plotting to form a one-world government high-level talks aimed at ensuring global stability and amity.

    Queensland, the Australian state in which Brisbane is located, is leaving no preparatory stone unturned as it readies itself for the summit. For example: new laws mean it will be illegal to carry a reptile, fly a kite or use a laser pointer close to the venues used for the meeting.

    The State has also conducted a review of its traffic management systems, mostly to figure out how to improve traffic flow but also with half an eye on the G20 summit and the likely online attacks and protests it will attract.

    That review’s report (PDF) tried penetration tests on Queensland’s two operators of intelligent transport systems (ITS) and succeed with both. “The entities audited did not actively monitor and manage information technology security risks and did not have comprehensive staff security awareness programs,” the report notes. Managers assumed the SCADA kit in use was secure, staff weren’t aware of social engineering or other attacks and it was possible to extract information from both traffic system operators with USB keys.

    “If the systems were specifically targeted, hackers could access the system and potentially cause traffic congestion, public inconvenience and affect emergency response times. Such attacks could also cause appreciable economic consequences in terms of lost productivity.”

    Reply
  46. Tomi Engdahl says:

    Meet Stuxnet’s stealthier older sister: Super-bug turned Iran’s nuke plants into pressure cookers
    New report claims to blow lid off Mark I cyber-weapon build
    http://www.theregister.co.uk/2013/11/21/stuxnet_fearsome_predecessor/

    Super-malware Stuxnet had an older sibling that was also designed to wreck Iran’s nuclear facilities albeit in a different way, according to new research.

    The elder strain of the worm, dubbed Stuxnet Mark I, dates from 2007 – three years before Stuxnet Mark II was discovered and well documented in 2010.

    Writing in Foreign Policy magazine yesterday, top computer security researcher Ralph Langner claimed that the Mark I version of the weapons-grade malware would infect the computers controlling Iran’s sensitive scientific equipment, and carefully ramp up the pressure within high-speed rotating centrifuges

    Crucially, the malware did by overriding gas valves attached to the equipment while hiding sensor readings of the abnormal activity from the plant’s engineers and scientists. The end goal was to sabotage the cascade protection system that kept thousands of 1970s-era centrifuges operational.

    The 2010 version, by contrast, targeted the centrifuge drive systems: it quietly sped up and slowed down rotors connected to centrifuges until they reached breaking point, triggering an increased rate of failures as a result.

    But prior to that, Stuxnet Mark I sabotaged the protection system the Iranians hacked together to keep their obsolete and unreliable IR-1 centrifuges safe, as Langner explained in detail in his 4,200-word article.

    Samples of the Mark I malware were submitted to online malware clearing house VirusTotal in 2007, but it was only recognised as such five years later in 2012.

    The Mark I had to be installed on a computer connected to the industrial control system to carry out its sabotage, or otherwise infect a machine from a USB drive; it was probably installed by a human, either wittingly or unwittingly.

    He reckoned the 2010 build of Stuxnet set back the Iranian nuclear programme by two years: it subtly reduced the centrifuges’ ability to reliably enrich uranium at volume, forcing the scientists to tear their hair out in frustration and chase a ghost in the machine. This was a far longer delay than if the software nasty triggered the sudden catastrophic destruction of all operating centrifuges, because Iran would have been able to diagnose the problem and rebuild its processing plant using spares.

    The effectiveness of the whole scheme is a matter of some dispute among foreign policy and security analysts with some even arguing it ultimately galvinised Iran’s nuclear efforts.

    Reply
  47. Tomi Engdahl says:

    Slideshow: Holistic View Drives Industrial IP Advantage
    http://www.designnews.com/author.asp?section_id=1386&doc_id=269919&itc=dn_analysis_element&

    Manufacturing companies stand to be one of the greatest beneficiaries of Internet Protocol technologies that are being bundled under the Internet of Things (IoT) banner. But according to a new industry group called the Industrial IP Advantage that is gearing up to educate engineers on networking technology and business impact, adopting a holistic view that brings together control engineering, IT, and plant management is ultimately a key to success.

    Industrial IP offers a holistic deployment of Internet Protocol that will be a real game-changer for manufacturing. This digital communications fabric is the way to drive IoT value and connect not only equipment, people, and devices, but also to the supply chain and customers.

    Founding members of the Industrial IP Advantage, including Panduit, Cisco, and Rockwell Automation, are banding together as a group to promote deploying a secure, holistic, digital-communications fabric based on standard, unmodified use of the Internet Protocol (IP). The idea is that to take full advantage of this intelligence — all devices within a plant need to talk with one another, as well as those at the enterprise level, using a unified networking infrastructure that is IP-centric.

    Reply
  48. Tomi Engdahl says:

    Hackers Love Windows XP
    http://www.designnews.com/author.asp?section_id=1386&doc_id=270150&cid=nl.dn14&dfpPParams=ind_182,industry_auto,industry_consumer,industry_machinery,aid_270150&dfpLayout=blog

    Cyber security is going to be a big issue for plants using Windows XP once Microsoft quits offering extended support and security updates. MS quits in Windows XP beginning April 8, 2014. While this event means little to the average PC owner — years ago we moved on to Windows 7 or 8 — for many manufacturing and process plants, April will be the cruelest month. Plants often keep the same automation technology for 10 or 20 years.

    Problem is, hackers have also marked that date. In a recent blog, Microsoft’s director of trustworthy computing (honest, that’s his title), Tim Rains, noted that “attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders.”

    According to Microsoft, when it releases a security update, security researchers and criminals will often reverse engineer the security update quickly in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will let them exploit it on systems that do not have the security update installed.

    Hackers also try to identify whether the vulnerability exists in other products with the same or similar functionality. If a vulnerability is addressed in one version of Windows, these hackers will check other versions of Windows to see if they have the same vulnerability.

    To make sure its customers are not at a disadvantage to attackers, the Microsoft Security Response Center releases security updates for all affected products simultaneously.

    But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities, and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop code that can take advantage of those vulnerabilities.

    While the obvious solution for plants would be to upgrade to a newer Windows operating system, this could involve significant cost and interruptions. Software upgrades in an operating production network commonly encounter unintended and unanticipated consequences.

    Automation vendors and security firms are offering solutions. These companies have a track record of managing antiquated automation systems.

    For many plants, this could be a more feasible solution than shutting down the plant and installing Windows 7 or 8. While that approach is a no-brainer for an office network, it becomes a bit complicated when a number of legacy automation and control systems are tied into Windows XP.

    Reply
  49. Hawaii SEO says:

    i luv ur blog. pls read my blog later for help with ur site. see me at Hawaii SEO.

    Reply
  50. Tomi Engdahl says:

    Professor : Automation systems are protected basis in a bit of sleep

    Aalto University researchers fresh security research reveals that there are still a number of grid-connected , unprotected automation systems.

    Automation systems are managed , for example, surveillance cameras and electronic locks houses . They also control the number of the basic structures such as the even distribution of water .

    Web-based attack was found in open automation systems and the entities total of 4 695

    Unsecure items quantities have thus increased significantly – more than 60 per cent since last spring , when the matter was investigated for the first time . Aalto University researchers estimates that the most critical is the number of a hundred.

    Aalto University School of Networking professor Jukka Manner , the problem should be to wake up in advance.

    ” A large percentage is explained by the fact that automation and web -dependent systems are increasing. Moreover, they are installed in the walls” , the mainland states.

    Manner of the unprotected automation systems is usually due to human error . On the other hand are mainly responsible for the computer systems administrators , and equipment suppliers on the other hand , that is, how they both help their clients for startup .

    Difficult to automation systems, protection is not a Manner that . Often sufficient to protect the simple firewalls.

    “The reason for the large exception can also be found välipitämättömyydestä . Suppose that no one is interested in slam Finnish wind mills or machine shops . ”

    “It is now possible to check that the security holes exploited without anyone noticing. ”

    Continental believes that the information the spring of open automation systems not achieved all its targets. The growth of the number of items , this does not explain .

    “That’s why most of the old sites are still open , it is interesting . Problem with going through now in a bit of sleep , of which only wake up when something happens.”

    In the spring of objects found in the open for about 80 per cent were still open. As in the spring , according to Manner’s alarming is that many devices on a network user interfaces are also available the user names and passwords.

    Communications Regulatory Authority of the National Security Authority ( Cert.fi ) release, the unprotected devices connected to the network and automation systems has remained roughly the same since the spring .

    Now, the network found , unprotected automation equipment consists of, among others, industrial automation , real estate automation systems and network cameras.

    Already in the spring on the report told that the open automation equipment found , for example, two power plants , wind mill , water treatment plant , one of the prison , and the traffic system .

    Source: http://www.hs.fi/kotimaa/Professori+Automaatioj%C3%A4rjestelmien+suojaamattomuus+on+ruususen+unta/a1387514900750

    Reply

Leave a Reply to Tomi Cancel reply

Your email address will not be published. Required fields are marked *

*

*