Cyber Warfare

Mad_Poet

Member
Join Date
Feb 2017
Location
Virginia
Posts
375
My newspaper this morning had an article "Preparing the Battlefield" in
which they reminded me of Stuxnet and the effort to sabotage the
Iranians uranium enrichment efforts.

The article talks about efforts to insert malware into various systems so that
critical infrastructure can be crippled in time of war . . .

Does anyone have any thoughts no these matters? Comments?
Real life experiences?

Poet.
 
All things considered, it is less dangerous, probably requires similar amount of investment, has the potential for reduced collateral damaged and no damage to the image of a country in comparison with a bomber dropping bombs willy nilly to hit a factory or power plant.

This used to be something that a spy could potentially do, but it would require (in my mind at least) some time for him to be in a position to do so undetected... with the possibility of planting viruses or "additional undesired features", it is obvious that it will be exploited in all ways possible.
 
This article came up a couple of weeks ago:

https://www.theregister.co.uk/2018/06/18/physically_hacking_scada_infosec/

In fairness, the scaremongering is coming from a company trying to sell network security products but we will all have to get more cute about network security.

This article came us yesterday and points out that far more than machinery is at risk of hacking:

https://www.theregister.co.uk/2018/07/04/plane_hacker_roberts_interview/


I've had more machinery taken down by IT departments and Microsoft updates than hackers.

Nick
 
I did recently have a customer that had their data server hit with ransomware. So if they got to the data server, then they had access to the Control Network.

I couldn't find any evidence that they messed with the PLC or HMI but it made me a little nervous. This was the first time in my career that I have had my system this close to some kind of hack.
 
Originally Posted by Manglemender View Post
I've had more machinery taken down by IT departments and Microsoft updates than hackers.

This is soooo TRUE, I have worked for several companies over the years that their own staff is what kept me busy.
 
Try a Google search with "energy infrastructure malware". Among the hits you may get is this article from The Guardian from March of this year:

US accuses Russia of cyber-attack on energy sector and imposes new sanctions

One quote: "US officials said that malware had been found in the operating systems of several organisations and companies in the US energy, nuclear, water and “critical manufacturing” sector, and the malware as well as other form of cyber-attacks had been traced back to Moscow."

Additional detail here: Alert (TA18-074A)
Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors


This is one example of the looming threat being called the "Cyber Pearl Harbor" (another term that you may find interesting to Google).
 
I have been very fortunate in this regard. I told the IT Director of the risks we faced. He gave me what was needed to get the problem resolved (including access to the switches that were the backbone of our network and admin access on the domain). I told the Network admin what needed to happen to get our control systems as isolated as could be without a complete rewiring. He took care it, etc etc.

That being said, windows update has taken down more pieces of equipment than anyone else, and having a plant-wide JSON camera network, along with network-connected PLC's on the same VLAN as our primary business network scares the **** out of me.

I also see home automation companies that lay the home automation equipment and the home general use network on the same layer. That scares the **** out of me too. When I asked them about it, I was just told that it is easier. Time for my company to start getting into home automation as well :sick:
 
I've had more machinery taken down by IT departments and Microsoft updates than hackers.

I suspect that I also have had more downtime due to updates and IT fat-finger reboots ...

But ... as our IT guy has pointed out ... I don`t monitor and log enough information to actually *KNOW* that I don`t have a hacker injecting stuff all of the time.

Our head office guys are trying to monitor our Controls networks ... the IP stuff they can sort of wrap their heads around. The Controlnet, Devicenet, Profibus, Modbus ... not so much ;)
 

Similar Topics

Hi all, Searching the site, this is the newest/closest to my question thread I found on safety PLCs, editing the safety task, etc...
Replies
10
Views
3,829
- Industrial Networks & Cyber Security - Hi, We are all well versed in IT security, windoze risks & Stuxney etc.. What do we know about the...
Replies
9
Views
1,671
Hi, In CSI Cyber S1E02, it's shown that a PLC can be hacked by using a Blue tooth device. Is this possible? How can one avoid this? Ron
Replies
10
Views
4,705
Hi All, Does anybody know of Annual Process Control Cyber Security Conferences that are worth attending? Our company is looking at setting up a...
Replies
22
Views
8,560
Look like Stux is at it again. http://news.yahoo.com/gauss-stuxnet-linked-cyber-weapon-hits-lebanon-181202373--abc-news-topstories.html
Replies
2
Views
2,363
Back
Top Bottom