This April I met an energetic young man named Dillon Beresford. He told me that he had gotten some SCADA gear and setup a lab in his apartment and discovered a raft of vulnerabilities that he would be presenting shortly at TakeDownCon.
The most interesting aspect of the meeting was that it was essentially entirely random – I wasn’t anyplace I would have expected to meet the next rock star of industrial security.
Crossposted from InfoSec Island
Crossposted from Infosec Island
[Note: “SCADA” and “ICS” are essentially interchangeable terms for “Critical Infrastructure”. ICS is “Industrial Control Systems” and it doesn’t really matter what SCADA means for our purposes here.]
The root problem with SCADA security is that control systems have been built on the concept that devices can be trusted.
Since everything else about SCADA is based on the concept that devices can never be trusted (“Sure, the temperature in the boiler should stay at such-and-such, but I would like to monitor the hell out of it, anyway.”), once you get your head around the idea that you cannot trust your cyber devices either you find that it fits with existing industrial ideology quite well.
The solution to industrial cyber security is to do your best to build a reliable cyber system – just as you do with the physical assets in the industrial process – then monitor it like a convicted criminal in solitary confinement.
Hi folks,
This is a short article I wrote for InfoSecIsland. Normally I wouldn’t post something like this on a political blog, but the conversations here on Stuxnet were as intelligent as any other. This was written with my Day Job hat on but is not a pitch for AlienVault specifically – any SIEM will do – but since AlienVault has the Open Source SIEM the topic cannot be discussed without bringing them up anyway.
Background
Control System networks are electronic systems for controlling the physical world. These systems are deployed in virtually every aspect of modern life from power grids to transportation, manufacturing, agriculture, building control and more. Since 1979 these systems have been becoming increasingly similar to the Information Technology (IT) networks which have developed over that time. Today, most Control System networks are based on the same TCP/IP protocols that run on the Internet and use computer systems which are vulnerable to the same attacks which plague business and home users.
In June of 2010, the first malware specifically designed to attack Control System networks was found in the wild. Stuxnet, a complex worm that targets Siemens’ WinCC Control System server software, uses a vulnerability involving USB thumb drives to compromise the Windows operating system of WinCC servers. Once installed, Stuxnet subverts the WinCC software itself and then pushes altered software to the Programmable Logic Controllers (PLCs) that control very high speed motors. Since the motors Stuxnet is designed to target operate at between 807 Hz and 1210 Hz the popular conclusion that this worm was targeted at the nuclear centrifuge installation at Natanz, Iran, is generally supportable (the United States restricts exports of similar motors above 600Hz due to their use in refining nuclear fuel).