Hackers Caused A Blackout For The First Time

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Can someone explain to me again why mission critical systems are connected to the internet? It's not like an electrical substation or nuclear power plant has to check its Facebook page.

Half of the homes in Ukraine's Ivano-Frankivsk region were left without power for several hours on December 23rd, according to a local report that attributed the blackout to a virus that disconnected electrical substations from the grid. Researchers at iSight on Monday said their analysis of malware found on the systems of at least three regional electrical operators confirmed that a "destructive" cyberattack led to the power outage.
 
The provide redundant power to the united states, substations are often connected up on a grid. This grid is connected to multiple power supply stations. This way if one goes down or can't produce enough, the grid (and power) can keep humming along as the second station picks up the demand. All of this requires communication from the substations.

To further solidify the power supply, substations can report back to the central dispatch of when there appears to be a bad power condition (knocked over pole for example) to aide in the diagnosis of power problems.

Also those substations have to be sync'd to within a few milliseconds of one another lest they blow each other out due to phase voltage differences.

The protocol which protects them power lines themselves and the substations is very tough to break (so I'm told by industry insiders) as it's proprietary and involves multiple levels of defense...

The weak-spot is the control station which off the shelf computers. If computer at the control station can be affected, they can send the system into chaos. (ie: Iran's problem with it's centrifuges)

It is of my opinion that all such mission critical components should have:
1 All USB ports sealed.
2 NO external drives are allowed.
3 The case needs to be locked and inside a 24/7 locked and monitored room with keycard access.
4 That ROMs and OS should be reprogrammed regularly from a read only master boot device that is locked in a safe.
5. That secure boot device also runs diagnositics for irregularities (approved ROM checksum errors)...
6. And absolutely 100% be run on an isolated dedicated network with special network port adapters with a hardware level protocol that is a layer on top TCP/IP with no INTERNET ACCESS.
7. These devices connect to a central hub where they handshake and go, "Oh you're XYZ. Okay you are on my approved list. You can talk to machines P, D, & Q command control level protocol 1" This goes through perfect forward encryption and handshaking with standard challenge and response protocols.
8. All control protocol APIs do not involve random length data parameters. not VARCHAR. No SQL scripting. The only thing that is allowed is canned routines with a fixed set of parameters with predefined values. This allows for a finite test set to run against hacking tools.

But no one wants to do this....

It was all part of my paper of first level defense called Paladin.
 
The provide redundant power to the united states, substations are often connected up on a grid. This grid is connected to multiple power supply stations. This way if one goes down or can't produce enough, the grid (and power) can keep humming along as the second station picks up the demand. All of this requires communication from the substations.

To further solidify the power supply, substations can report back to the central dispatch of when there appears to be a bad power condition (knocked over pole for example) to aide in the diagnosis of power problems.

Also those substations have to be sync'd to within a few milliseconds of one another lest they blow each other out due to phase voltage differences.

The protocol which protects them power lines themselves and the substations is very tough to break (so I'm told by industry insiders) as it's proprietary and involves multiple levels of defense...

The weak-spot is the control station which off the shelf computers. If computer at the control station can be affected, they can send the system into chaos. (ie: Iran's problem with it's centrifuges)

It is of my opinion that all such mission critical components should have:
1 All USB ports sealed.
2 NO external drives are allowed.
3 The case needs to be locked and inside a 24/7 locked and monitored room with keycard access.
4 That ROMs and OS should be reprogrammed regularly from a read only master boot device that is locked in a safe.
5. That secure boot device also runs diagnositics for irregularities (approved ROM checksum errors)...
6. And absolutely 100% be run on an isolated dedicated network with special network port adapters with a hardware level protocol that is a layer on top TCP/IP with no INTERNET ACCESS.
7. These devices connect to a central hub where they handshake and go, "Oh you're XYZ. Okay you are on my approved list. You can talk to machines P, D, & Q command control level protocol 1" This goes through perfect forward encryption and handshaking with standard challenge and response protocols.
8. All control protocol APIs do not involve random length data parameters. not VARCHAR. No SQL scripting. The only thing that is allowed is canned routines with a fixed set of parameters with predefined values. This allows for a finite test set to run against hacking tools.

But no one wants to do this....

It was all part of my paper of first level defense called Paladin.

Yea I feel no one inside should be in front of anything more than a thin client heavily restricted. Why any company or service with critical systems allows internet browsing on any system on the same network blows my mind.
 
Security is still such an after-thought for most industries, companies and consumers. Companies and industries are way behind the "bad guys" and it doesn't appear that it's going to get much better. There are so many attack vectors now that unless there's a technological/security revolution (which won't happen) these types of things will continue to happen and continue to escalate.
 
The provide redundant power to the united states, substations are often connected up on a grid. This grid is connected to multiple power supply stations. This way if one goes down or can't produce enough, the grid (and power) can keep humming along as the second station picks up the demand. All of this requires communication from the substations.

To further solidify the power supply, substations can report back to the central dispatch of when there appears to be a bad power condition (knocked over pole for example) to aide in the diagnosis of power problems.

Also those substations have to be sync'd to within a few milliseconds of one another lest they blow each other out due to phase voltage differences.

The protocol which protects them power lines themselves and the substations is very tough to break (so I'm told by industry insiders) as it's proprietary and involves multiple levels of defense...

The weak-spot is the control station which off the shelf computers. If computer at the control station can be affected, they can send the system into chaos. (ie: Iran's problem with it's centrifuges)

It is of my opinion that all such mission critical components should have:
1 All USB ports sealed.
2 NO external drives are allowed.
3 The case needs to be locked and inside a 24/7 locked and monitored room with keycard access.
4 That ROMs and OS should be reprogrammed regularly from a read only master boot device that is locked in a safe.
5. That secure boot device also runs diagnositics for irregularities (approved ROM checksum errors)...
6. And absolutely 100% be run on an isolated dedicated network with special network port adapters with a hardware level protocol that is a layer on top TCP/IP with no INTERNET ACCESS.
7. These devices connect to a central hub where they handshake and go, "Oh you're XYZ. Okay you are on my approved list. You can talk to machines P, D, & Q command control level protocol 1" This goes through perfect forward encryption and handshaking with standard challenge and response protocols.
8. All control protocol APIs do not involve random length data parameters. not VARCHAR. No SQL scripting. The only thing that is allowed is canned routines with a fixed set of parameters with predefined values. This allows for a finite test set to run against hacking tools.

But no one wants to do this....

It was all part of my paper of first level defense called Paladin.

Umm, not like this. Instead they need to treat them like the Military treats clasified systems and put them on a completely independant communications network that has no common systems anywhere with Internet and standard communications networks. In other words, completely issolated. But that costs a lot of money, and it makes it much more difficult to administer, all of a sudden you need WSUS servers for example that have all of MS's patches/updates but they are not linked to MS's Primary servers, no internet. You litteraly have to stand up everything all over again. Hell, just to save costs I would put them on the Military's Network and require the workers to be cleared with Government Security Clearances, they just get a different level of Access, say SECRET INF for National Infrastructure. A Guy with INF Access wouldn't be allowed to see SIGINT or HUMINT stuff, just INF stuff.

There are plenty enough Defense Contractor companies around who operate classified facilities, this would just be an extension of that, would greatly improve security while minimizing additional costs.
 
Oh, and DG, your security proposals are excellent, when I said "not like this", I didn't mean to say those steps aren't appropriate to high risk systems. I wanted to edit and remove that part of my post, and focus my comments to this specific part of yours;

6. And absolutely 100% be run on an isolated dedicated network with special network port adapters with a hardware level protocol that is a layer on top TCP/IP with no INTERNET ACCESS.
 
Interesting that this occurred in the Ukraine. Putin testing out his cyber-warfare unit?
 
Maybe he's testing his defenses against an attack.

These are the guys who used to train their troops in live chemical agent environments :D
 
Well then, now we will have to deploy anti-missile beam weapons in order to defend the satellites, Star Wars reborn.

raytheons-exoatmospheric-kill-vehicle-is-reagans-star-wars-on-earth.jpg



http://www.businessinsider.com/raytheons-exoatmospheric-kill-vehicle-is-the-new-star-wars-2012-7
 
Negligence, pure and simple. Why anyone wouldn't have a system this important air gapped, like the military does, is beyond me. They must have been wearing purple, because they were just begging to be graped.
 
Back
Top