OT: Zero Days - Stuxnet Documentary

...but we are putting a lot of time in to worrying about something that doesn't seem to be happening much.

I don't think anyone is panicking about the direct impacts, IMHO it is more about awareness and the indirect response. Given the rise of ransomware and real-world examples of ICS attacks you can no longer go into a facility and tell the management team - "The ICS computers require Windows 7, you can't apply Windows updates after it's commissioned, full administrator level access is required across the board, the ICS network needs to be isolated, BUT we need VPN access for remote support..."

It's just full of holes.
 
When sufficient means are available any given system is vulnerable to attacks... The Cat-and-Mouse game had been going on since economic and/or political competition existed and will not cease until said competition becomes history...Never that is...:D

It is always a matter of minimizing damages...
 
Just to give a different view because I like to be awkward.

How many threads do we have here where we discuss the possibilities and Stuxnet (61 threads that mention Stuxnet). How many threads where a member has actually discovered a worm or virus in their PLC systems, I don't actually remember one. I am sure someone will point me to a thread to prove me wrong, but we are putting a lot of time in to worrying about something that doesn't seem to be happening much. I am not saying we shouldn't be secure, but maybe don't close the concrete bunker lid quite yet. If you are running a power or water purification plant perhaps some paranoia is justified, but average Joe using a PLC to run his dust extraction system is probably OK.

http://www.plctalk.net/qanda/showthread.php?t=112082
 
Just to give a different view because I like to be awkward.

How many threads do we have here where we discuss the possibilities and Stuxnet (61 threads that mention Stuxnet). How many threads where a member has actually discovered a worm or virus in their PLC systems,

Speaking of awkward.. I can't say what I want to say in this forum but I'll just say that it really happens and it involves some of the biggest names you heard of. And no, you won't find it on Google.

Think like the "bad guy" for a brief minutes or two. I'm sure everyone here can penetrate a system with a bit of effort and there are people there

It's not about being paranoid. Just being aware. After all, how many people you know gets run over on the highway. We are just simply being aware not to run across 8 lanes of traffic going at 60+ MPH. Being aware doesn't mean a lot of $ or effort.
 
I told you someone would find one, but to be fair connecting a device direct to an open port on the internet, you really get what you deserve. So I am not going to include this one.

Speaking of awkward.. I can't say what I want to say in this forum
Not sure what the anger is about. I didn't say it never happens, just that we talk about it a lot more than it actually happens. I appreciate that companies don't always report attacks and more shame on that, it is only with accurate data that we can know the risk. I do think that the anonymity here would allow people to tell when they had a problem, which brings me back to the 61 threads talking about Stuxnet and the 'almost' none mentioning actual attacks.
 
Not sure what the anger is about. I didn't say it never happens, just that we talk about it a lot more than it actually happens. I appreciate that companies don't always report attacks and more shame on that, it is only with accurate data that we can know the risk. I do think that the anonymity here would allow people to tell when they had a problem, which brings me back to the 61 threads talking about Stuxnet and the 'almost' none mentioning actual attacks.


I had a colleague of mine discover one offshore Australia back in 2011. The software he was looking into had been a standard format for years and when he plugged in his laptop (which was not infected) he noticed some weird blocks.

It didn't affect the system as none of the addresses Stuxnet looked for were available in the system... He opened the project in the local engineering station and the funny blocks weren't there.



Disconnected the Engineering Station, re-imaged the drive, reset the PLC to factory condition, download software again and that was it.
 

?! sorry, i just laughed. Such as the problem with my posting sometime. I meant to say that I can't put down any detail of an actual case of an ICS infection I have first hand knowledge on, not that I want to say something untoward to you.

No anger here, just some frustration dealing with compliance and IT sometimes. Truth is, most people deal with small non critical system that cyber-security isn't a big deal as long as you can recover from it.
 

Similar Topics

Hi. If any member of the forum has strong IntervalZero background, I may be able to buy some hours of consulting. We are developing a PROFINET IO...
Replies
0
Views
547
Why is M32 zero when all the conditions for setting are met? Thanks in advance.
Replies
4
Views
1,460
Hello, I have been tasked to create routines that has a JSR with zero return parameters to go to a routine with a RET with zero parameters. Is...
Replies
2
Views
1,343
I have a zero center pressure sensor where 0.0 is 12mA, 0.5 is 20mA and -0.5 is 4mA. I cant figure out a way to get accurate results I have...
Replies
11
Views
2,797
Hi, I have siemens SM1231 RTD module, the temperature I need to read is sub zero. The input is 15 bit plus sign, anyone can suggest the easiest...
Replies
6
Views
2,575
Back
Top Bottom