Hackers Shut Down Plant by Targeting Its Safety System

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
A plant of an unmentioned nature and location (some believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system. It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing attention on breaking into utilities, factories, and other types of critical infrastructure, cyber experts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks. In the incident, hackers used sophisticated malware to take remote control of a workstation and then sought to reprogram controllers used to identify safety issues. Some controllers entered a failsafe mode, which caused related processes to shut down.
 
The IT/OT security industry in North America is indeed trying to get ahead of the game for shit like this. I've been to actual security meetings for these before. Dunno what's going on in India though...
 
So, it can be done.
And if it can be done elsewhere, chances that it might occur on your own turf are there.
Now, remind me again, why do such critical structures - of national security proportions - have to be accessed remotely via internet or by any other means of remote access?
Do the benefits of remote access outweigh the potential for disaster? I don't think so.
 
So... hackers hacked something somewhere.

I'm on the edge of my seat.
 
  • Like
Reactions: Parja
like this
Huji said:
Safety isn't bulletproof. The issue is these systems are designed, and then people have a platform to test against. With enough effort, they find a way in.
Click to expand...

Build it more idiot proof and we'll just build a better idiot
 
better stock some candles !

If it's digital, it can be hacked. Some things should remain analog, off-grid, off-net, to ensure functionality.
 
Around 4 or 5 years ago I watched a Nova episode on PBS regarding cyber attacks. One segment that really caught my attention was about a series of attacks on a U.S. nuclear power plant. They were very aware of it happening but couldn't understand the code being sent. The code didn't really relate to any of the modern tech being used in the main systems. One of the older technicians or engineers(I don't really remember) then thought it looked familiar. A little more investigation and they figured out it was some ancient code for basic machine handling(my guess is something similar we've seen with CNC machines). The scariest part was this code was still used by the controllers for the machines that were in charge of the cooling rods. Fortunately, they said, those controllers were not connected to any outside lines. Not hard to imagine what could've happened.
 
BloodyIron said:
The IT/OT security industry in North America is indeed trying to get ahead of the game for shit like this. I've been to actual security meetings for these before. Dunno what's going on in India though...
Click to expand...

Poor Internet security has been a thing for well over 10 years now. If they are just now having meetings about securing things, they are a bit late. How many of us remember stories about the race between doing a new install of XP and it getting hacked before you could apply patches from Microsoft Update?

SCADA 'security' has long depending on obscurity for its primary defense. One big problem with industrial control stuff is it often has lifespans measured in decades. The control systems for power plants, water treatment plants and similar were designed to last the life of the plant and are expensive to upgrade to be secure if they need to interact with the Internet.
 
aShrubbery! said:
So, it can be done.
And if it can be done elsewhere, chances that it might occur on your own turf are there.
Now, remind me again, why do such critical structures - of national security proportions - have to be accessed remotely via internet or by any other means of remote access?
Do the benefits of remote access outweigh the potential for disaster? I don't think so.
Click to expand...

Yeah... I got nothing. On one hand I think it could be done well (encryption devices on both ends, rekey daily, weekly, monthly etc...), limit comms to only other stations/home (IP list), the list goes on.

On the other, it’s probably about money and convince.
 
aShrubbery! said:
So, it can be done.
And if it can be done elsewhere, chances that it might occur on your own turf are there.
Now, remind me again, why do such critical structures - of national security proportions - have to be accessed remotely via internet or by any other means of remote access?
Do the benefits of remote access outweigh the potential for disaster? I don't think so.
Click to expand...
Former Instrumentation & Controls Engineer here. There are reasons why you might want some of these systems connected. These control systems do more than just monitor and control the equipment. They also archive years' worth of data, so that operators can engineers can (at least in theory) notice long-term, gradual changes in the process, so they can identify maintenance issues ahead of time, before something breaks and causes expensive downtime. On the electrical grid, you've got lots of power generation interconnected in order to ramp up when demand increases, or shed loads as needed. Also, Corporate wants to be able to monitor how plants are operating, so they can make forecasts and do that sort of corporate bologna. Manufacturers for particularly expensive equipment like gas turbines like to have a link into their systems so they can better support the customer (or identify if a customer is abusing their $millions turbine).

IMO if you need information from your control system available to the outside world, you need to run it over a unidirectional interface so that it *can't* get hacked. Like RS-232 with only one data line connected. But even that doesn't help you if you use an infected laptop to program your PLCs, as happened in the case of Stuxnet.

Dead Parrot said:
SCADA 'security' has long depending on obscurity for its primary defense. One big problem with industrial control stuff is it often has lifespans measured in decades. The control systems for power plants, water treatment plants and similar were designed to last the life of the plant and are expensive to upgrade to be secure if they need to interact with the Internet.
Click to expand...
Very true. You can forget about security patches for your PLCs that have been out of manufacturing for 20 years. When your choices are either A) buy spares on eBay, or B) spend hundreds of thousands of dollars (and experience days or weeks of downtime) to replace whole sections of your control system, it's tough :)
 
Putz said:
been a while since they have burned down anyone houses... that or Wynne is keeping those accidents quiet lol
Click to expand...

One of my friends told me yesterday that his smart meter burned in the meter socket on Friday. The utility cut the power off until he could get the socket fixed. The electrician said he has seen a lot of burned smart meters lately. Central US Utility. Makes me glad that mine is outside on a stone wall. Wonder if 'smart' meters can have firmware updates applied as security holes are found?
 
You must log in or register to reply here.
Back
Top