The Idaho National Laboratory Protects the U.S. Infrastructure from Cyber Attacks

[cageymaru]

The Idaho National Laboratory is known as one of the primary cybersecurity facilities in the United States. It has a premier cybersecurity research and development lab that is currently getting a $85 million expansion complete with 20 laboratories and separately housed supercomputers. These facilities will protect the nation's dams, energy pipelines, drinking water systems, and nuclear power plants. Right now the facility is researching how to retrofit aging critical infrastructure with modern "bolt-on" control systems that will keep foreign actors from infiltrating and attacking them.

It is estimated that there will be 1 million cybersecurity openings by 2020 and the Idaho National Laboratory has begun recruiting middle school and high school kids to the program. They look for curious kids that want to know if they can breach into a security system and seek to hire them for the "Dark Side" room. "Those are the kids we're looking for," said Darren Stephens, a cyber-researcher at the lab.

Its employees work to prevent threats like one that occurred in 2013, in which the Justice Department said seven Iranian hackers working at the behest of the Iranian government gained access to the controls of a dam in the suburbs of New York City. Prosecutors said the hackers would have been able to remotely access the dam's gate, but it was disconnected at the time for maintenance. Prosecutors in an indictment made public in 2016 called it a "frightening new frontier in cybercrime."

 

[viscountalpha]

Why are they connected to the internet in the first place!?!?!

 

[maxz01]

Why are they connected to the internet in the first place!?!?!

This x 1000.

I can't understand it, why the hell would you do that? Why not have a self-contained system that can only be hacked with actual physical infiltration?

 

[Ranulfo]

This x 1000.

I can't understand it, why the hell would you do that? Why not have a self-contained system that can only be hacked with actual physical infiltration?

Because that limits centralized control from DC.

 

[maxz01]

Or the old Dostoevsky phrase: Man is sometimes extraordinarily, passionately in love with suffering. Perhaps we want disasters to happen so that we have something interesting to do. A too perfect world would be dull. He also said we'd destory paradise if it ever came upon Earth because we'd be bored as f. Good idea then to expose industrial systems, should lead to some fun catastrophes to give meaning to life in the struggle. Also explains wars.

 

[sfsuphysics]

Because that limits centralized control from DC.

Why should DC have a button on whether or not electricity works in certain parts of the country?

I mean I know DC has played hardball in the past and threaten to withhold federal highway money if said state didn't follow what they want, but christ are they going to threaten to turn off power? or water? If that ever gets to the case then something which I can not say needs to happen.

 

[seanreisk]

Why are they connected to the internet in the first place!?!?!

This isn't about DC hardball. Power installations, especially nuclear and hydro power installations, are major terrorist targets, but you have to weigh physical threats against cyber threats. Although it seems obvious that cutting these installations off from the internet would protect them from hackers, a hacker would be a mild threat compared to losing the facility to an armed force. How many jihadists would it take to seize control of one of these facilities? A facility like this has to have some connection to the outside.

It's all dangerous. You have to pray that someone, somewhere, has been clever enough to trap and double-trap the system security.

 

[mesyn191]

I can't understand it, why the hell would you do that? Why not have a self-contained system that can only be hacked with actual physical infiltration?

Cost cutting.

Many of the power, internet, water, and various other infrastructure related industries have been quitely switching to remote administration and automation as much as possible over the last decade or so. As the older generations of workers at these places age out and retire they just don't replace them with younger people unless they have no other choice. You don't hear about it much because its all specialized blue collar and somewhat white collar labor that is being wiped out but its quite the problem now, with no turning back, since the man power that knew how to handle things is now either retired for years or dead. So the expectation in industry is for automation/remote control installations to accelerate and become even more prevalent.

Its great for their bottom line! Problem is they cheaped out on the security wherever possible to get things done as cheap as possible and pump up those quarterly profits and now its biting them (and us) in the ass.

Because that limits centralized control from DC.

LOL dude how the heck would a internet remote admin system limit centralized control from anywhere much less DC?

The whole point of these systems is to eliminate personnel as much as possible and have everything centralized in one location in another state or country where labor is cheaper.

These are private companies doing this of their own free will too! Sure they're often regulated but they get to influence the regs and the enforcement of those regs heavily thanks to decades of lobbying and they're generally not suffering at all here. They're profitable for the most part for a reason. "DC" has nothing to do with it. Keep that conspiracy crap over with the Q's and other boomers on the chan's.

 

[Deleted member 245375]

All that money, all that hardware, all that staff...

and some 12 year old with a fuckin' 10 year old Nokia N770 running Linux can bring it all down with a few taps on the keyboard if he/she is so inclined. Why the N770? Because using a modern smartphone ain't l33t enough, of course.

For those that don't know the reference...

 

[maxz01]

Weird that we don't see way more cyber attacks then. Seems like it would be easy to hide behind VPN and anonymize your computer in other ways too then just shut down the power for the lulz, just to impress your friends. Seems like something a bunch of 14 yr olds could do.

 

[fairlane]

US Senate Passes Bill That Would Create Pilot Program to Examine Using Analog Controls for Power Grid Security

The US Senate has passed a bill that would establish a pilot program aimed at reintroducing analog security controls to the country’s power grid. The Securing Energy Infrastructure Act would appropriate US $10 million for the program. The Department of Energy (DOE) would be responsible for finding volunteer organizations within the energy sector to pilot analog and other non-digital systems for use in protecting the energy grid.

America has fully embraced technology and its use with power grid ICS components, which permits control and management of those systems to scale. While there are inherent risks with this path, recommendations have emerged since the 2015 and 2016 power grid attacks, which include strong egress controls, micro-segmentation/isolation, and separation of activities, which when implemented would strengthen the security posture of these systems. Given the long lifecycle of system components, these activities need to be completed regardless of replacing items with non-digital equivalents.

https://www.nextgov.com/cybersecuri...grid-name-cybersecurity-passes-senate/153719/

 

[fairlane]

Weird that we don't see way more cyber attacks then. Seems like it would be easy to hide behind VPN and anonymize your computer in other ways too then just shut down the power for the lulz, just to impress your friends. Seems like something a bunch of 14 yr olds could do.

Two points here. One: Your ISP (if they care) can discover you are running a VPN, which may be considered suspicious. Two: How well do you trust your VPN provider, because you are trusting them with a lot. Also, if the government wants to spy on you they can simply monitor VPN exit points. All the people doing things worth hiding probably come from there anyway...