You are not registered yet. Please click here to register!


 
 
plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
 
Try our online PLC Simulator- FREE.  Click here now to try it.

---------->>>>>Get FREE PLC Programming Tips

New Here? Please read this important info!!!


Go Back   PLCS.net - Interactive Q & A > PLCS.net - Interactive Q & A > LIVE PLC Questions And Answers

PLC training tools sale

Reply
 
Thread Tools Display Modes
Old July 10th, 2018, 06:42 AM   #1
Paully's5.0
Lifetime Supporting Member
United States

Paully's5.0 is offline
 
Join Date: Jan 2006
Location: WI
Posts: 2,022
OT: Zero Days - Stuxnet Documentary

I came across Zero Days on Hulu the other day (rent from Amazon as well). It's a very good documentary on the Stuxnet worm, and talks about how complex it was and the intent. Some great detail on just how targeted it was. I thought it was really well done and basically laughs at the thought of isolated networks being "secure".

How Stuxnet was able to cross the air-gap and infect the isolated network at the Natanz facility will probably never be known, but it was clear that the attackers did target outside contractors doing work at the facility as means of entry. Can't rule out some human asset either, however as many of us are OEMs/Systems Integrators we are certainly prime targets for future ICS attackers.

Check it out! If you don't have Hulu the $1.99 rental is worth it!
  Reply With Quote
Old July 10th, 2018, 07:12 AM   #2
gclshortt
Member
Canada

gclshortt is offline
 
gclshortt's Avatar
 
Join Date: Dec 2014
Location: Cobourg
Posts: 2,525
http://watchdocumentaries.com/zero-days/

Looks interesting. Thank you.
__________________
Garry
http://www.accautomation.ca
Connect with us on Facebook: facebook.com/accautomation/
  Reply With Quote
Old July 10th, 2018, 07:22 AM   #3
AshleyParr
Member
United Kingdom

AshleyParr is offline
 
AshleyParr's Avatar
 
Join Date: Dec 2008
Location: Midlands, UK
Posts: 177
its truly awesome to watch it, terrifying but awesome!
  Reply With Quote
Old July 10th, 2018, 01:26 PM   #4
harryting
Lifetime Supporting Member
United States

harryting is offline
 
harryting's Avatar
 
Join Date: May 2002
Location: Puget Sound
Posts: 1,801
Well, most techs I talk to still believes in air-gap. To be fair though, you have to be THE TARGET and if you are, no defense can really be "enough".

The video link doesn't work. I may have to shell out the $10 to buy the DVD for our next meeting. How long is the video?
  Reply With Quote
Old July 10th, 2018, 01:34 PM   #5
keshik
Lifetime Supporting Member
Canada

keshik is offline
 
Join Date: Jun 2011
Location: Portland, OR
Posts: 399
Quote:
Originally Posted by harryting View Post
How long is the video?
From Amazon, 113 minutes.
https://www.amazon.com/Zero-Days-Col...ords=Zero+Days
  Reply With Quote
Old July 10th, 2018, 04:53 PM   #6
Aabeck
Member
United States

Aabeck is offline
 
Aabeck's Avatar
 
Join Date: Feb 2013
Location: Detroit
Posts: 969
Quote:
Originally Posted by harryting View Post
Well, most techs I talk to still believes in air-gap. ......
Like the scientists at the nuclear plant in Russia (if I remember right) a couple months ago that connected the secured, isolated computer network in the plant to the internet so they could mine BitCoins?
__________________
Never underestimate the quality of idiots that will be running your machines
http://aabeck.com
  Reply With Quote
Old July 10th, 2018, 07:02 PM   #7
GaryS
Member
United States

GaryS is offline
 
GaryS's Avatar
 
Join Date: Aug 2003
Location: Lancaster Pa.
Posts: 681
You ask how Stuxnet crossed the air gap simple the human factor somebody moved it on a flash drive.
There was an article published about a year ago with some of the details and some of th details are still classified above top secrete
here are a few links along the same lines that I think you will fine interesting

https://www.computerworld.com/articl...could-use.html

https://www.wired.com/2011/08/siemen...oded-password/

https://en.wikipedia.org/wiki/Stuxnet
  Reply With Quote
Old July 11th, 2018, 02:07 AM   #8
cardosocea
Member
United Kingdom

cardosocea is offline
 
Join Date: Nov 2016
Location: Fields of corn
Posts: 920
I think it's established that Stuxnet made its way in via the engineers working at the plant.

Now, if you look at the number of engineers familiar with nuclear power that could travel in and out of Iran without raising issues, the number will be small (I think).

One other thing that I become sorely aware while doing installation and commissioning is that the guys doing installation and commissioning need to be administrators on their computers to install whatever software they need for an instrument, switch or whatever... they also don't travel with two laptops, spend a long time away from home and at times have long stretches with nothing to do apart from watching videos... and they do not turn down an offer from anyone to see the latest and greatest that has hit the shelves or cinemas.
  Reply With Quote
Old July 11th, 2018, 04:33 AM   #9
AustralIan
Member
United Kingdom

AustralIan is offline
 
Join Date: Jan 2013
Location: UK
Posts: 754
* adds "must have two laptops" to Industrial Control Systems Cyber Security requirements for contractors.
  Reply With Quote
Old July 11th, 2018, 06:13 AM   #10
geniusintraining
Lifetime Supporting Member + Moderator
United States

geniusintraining is online now
 
geniusintraining's Avatar
 
Join Date: Jun 2005
Location: SC
Posts: 5,565
How much of this is fear mongering? I know its real but I do think that a lot of money is made from conspiracy theories and fear mongering, if there is not a market for your product then make one...
__________________
www.PLCCable.com PLC Communication Cables, PLC Trainers, Fluke Meters, MicroLogix, ControlLogix, Siemens, Allen Bradley and more... all your automation needs... ((NEW)) After Market 1784-U2DHP Allen Bradley USB to DH+ and Gateways
  Reply With Quote
Old July 11th, 2018, 06:26 AM   #11
cardosocea
Member
United Kingdom

cardosocea is offline
 
Join Date: Nov 2016
Location: Fields of corn
Posts: 920
Quote:
Originally Posted by AustralIan View Post
* adds "must have two laptops" to Industrial Control Systems Cyber Security requirements for contractors.
This isn't really feasible... companies aren't going to issue a "personal" laptop for use of their employees. And if they did it would be so shitty, that employees would likely use theirs either way.

What I find, and this obviously depends on the environment and license agreements in place, is for the engineers to use the local engineering station and the project file goes through an anti-virus check.

Mind you that it can still fail, but it's less likely to give headaches... Or just move all the SCADA bits to Linux and get done with it.
  Reply With Quote
Old July 11th, 2018, 06:59 AM   #12
AustralIan
Member
United Kingdom

AustralIan is offline
 
Join Date: Jan 2013
Location: UK
Posts: 754
Quote:
Originally Posted by cardosocea View Post
move all the SCADA bits to Linux.
I'm in!

Next, the PLC programming software.
  Reply With Quote
Old July 11th, 2018, 09:23 AM   #13
harryting
Lifetime Supporting Member
United States

harryting is offline
 
harryting's Avatar
 
Join Date: May 2002
Location: Puget Sound
Posts: 1,801
Quote:
Originally Posted by geniusintraining View Post
How much of this is fear mongering? I know its real but I do think that a lot of money is made from conspiracy theories and fear mongering, if there is not a market for your product then make one...
I can go on my soap box and talks for hours on this topic, as it's been quite a pain point for me in the last few years. Some of my very condensed thoughts...

- look at this forum for example, we don't even have consensus among the people who are doing ICS for a living. So, ya, it's a problem.

- Compliance does not equal Security.

- IT does not understand ICS but they tend to run the show for most larger operation.

- Security doesn't mean spending a lot of money (again, not talking about Compliance), but requires some consensus on basic IT hygiene practice.

- ICS folks need to step up to the plate more and get more educated on the topic.
  Reply With Quote
Old July 11th, 2018, 10:16 AM   #14
BryanG
Member
United Kingdom

BryanG is offline
 
Join Date: Feb 2005
Location: Manchester
Posts: 1,254
Just to give a different view because I like to be awkward.

How many threads do we have here where we discuss the possibilities and Stuxnet (61 threads that mention Stuxnet). How many threads where a member has actually discovered a worm or virus in their PLC systems, I don't actually remember one. I am sure someone will point me to a thread to prove me wrong, but we are putting a lot of time in to worrying about something that doesn't seem to be happening much. I am not saying we shouldn't be secure, but maybe don't close the concrete bunker lid quite yet. If you are running a power or water purification plant perhaps some paranoia is justified, but average Joe using a PLC to run his dust extraction system is probably OK.
__________________
Knowledge is power, share the knowledge.
  Reply With Quote
Old July 11th, 2018, 10:23 AM   #15
Aabeck
Member
United States

Aabeck is offline
 
Aabeck's Avatar
 
Join Date: Feb 2013
Location: Detroit
Posts: 969
And I just got an email that Siemen's now has a PC/PLC combo unit - so now it can be attacked in stereo.
__________________
Never underestimate the quality of idiots that will be running your machines
http://aabeck.com
  Reply With Quote
Reply
Jump to Live PLC Question and Answer Forum

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Add 30 days to time/date stamp hackj0632 LIVE PLC Questions And Answers 1 August 17th, 2015 03:57 PM
Panelview Plus with DH+ module stops communicating after a few days Bill Sikorski LIVE PLC Questions And Answers 2 February 6th, 2015 09:19 PM
OT: Way OT geniusintraining LIVE PLC Questions And Answers 25 June 17th, 2010 02:28 AM
OT: Ireland (way OT) sapoleon LIVE PLC Questions And Answers 8 September 19th, 2007 09:39 AM
Siemens S7 Julian Date Conversion Formula Mike Graham LIVE PLC Questions And Answers 7 June 6th, 2005 01:18 PM


All times are GMT -5. The time now is 08:01 AM.


.