WTF? A nuclear plant on the Net? (4 Apr, 2017)

Have your say on today's Aardvark Daily column

WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby aardvark_admin » Tue Apr 04, 2017 6:08 am

This column is archived at: http://aardvark.co.nz/daily/2017/0404.shtml

Who would be stupid enough to connect the critical systems at a nuclear power plant up to a publicly accessible network such as the Internet?

Seriously?

If these systems are connected to the Net then someone needs a good arse-kicking.

If they're not connected then the hysteria-merchants in and outside of the media need a good arse-kicking

Either way, arses need to be kicked -- don't they?
aardvark_admin
Site Admin
 
Posts: 2728
Joined: Wed May 07, 2014 2:10 pm

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby Logan Savage » Tue Apr 04, 2017 7:55 am

aardvark_admin wrote:Who would be stupid enough to connect the critical systems at a nuclear power plant up to a publicly accessible network such as the Internet?
Haven't you heard? Its called the Internet Of Things. :lol:
"Capitalism has defeated communism. It is now well on its way to defeating democracy"
(David C. Korten, When Corporations Rule the World)
User avatar
Logan Savage
 
Posts: 510
Joined: Sat Jul 05, 2014 10:41 am

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby aardvark_admin » Tue Apr 04, 2017 8:04 am

Logan Savage wrote:
aardvark_admin wrote:Who would be stupid enough to connect the critical systems at a nuclear power plant up to a publicly accessible network such as the Internet?
Haven't you heard? Its called the Internet Of Things. :lol:

The Internet of Things that go bang?

How to "control-alt-delete" a whole country perhaps? :-/
aardvark_admin
Site Admin
 
Posts: 2728
Joined: Wed May 07, 2014 2:10 pm

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby Logan Savage » Tue Apr 04, 2017 8:32 am

aardvark_admin wrote:The Internet of Things that go bang?
Yep, it seems the IOT philosophy wants everyTHING connected, regardless of how stupid or pointless it is. I had someone knock on my door offering me a security system that would allow me to unlock my front door while I was at work. "Why would I want to do that?" I inquired as politely as I could manage. Because if my house called me to tell me it was on fire then I could unlock the door for the fire brigade of course. *sigh* A solution looking for a problem. Although the Equation Group let stuxnet and flame cross air gaps so its probably academic.
"Capitalism has defeated communism. It is now well on its way to defeating democracy"
(David C. Korten, When Corporations Rule the World)
User avatar
Logan Savage
 
Posts: 510
Joined: Sat Jul 05, 2014 10:41 am

Air gapping is potentially more dangerous

Postby dingram17 » Tue Apr 04, 2017 9:31 am

When things are air-gapped people use USB sticks, laptops etc to fix things up and apply updates. We saw how well airgapping worked for the Iranians ...

It is possible to have corporate networks connect to operational networks. Multiple layers of defence are needed, not just one firewall (or even two firewalls). What I've used in the past to link "industrial control systems" is good old RS232 running DNP3 or Modbus. Have a terminal server on each side of a serial link, and a limited dataset. On the IP side of each terminal server have a protocol-aware firewall (like a Tofino) that is looking for odd messages that come through. The worst case is generally crashing whatever is connected, rather than carte-blanche control.

The corporate network should also be firewalled from the public internet with very limited access. Just have email & an RDP/Citrix endpoint.

By monitoring what is going on in the "industrial" world it is easier to identify problems. I'd think that a plant/process fault would be more likely than an ELS breaking in. And by mixing and matching your protection technology & brands you make it VERY hard indeed. And disable those USB ports!
User avatar
dingram17
 
Posts: 22
Joined: Mon May 09, 2016 9:47 am

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby Weasel » Tue Apr 04, 2017 2:29 pm

I read the article, nothing mentioned nuclear power stations being "on the internet". How do you make that jump from whats in the article ?
Weasel
 
Posts: 188
Joined: Wed Jul 08, 2015 10:44 am

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby Screw » Tue Apr 04, 2017 2:30 pm

We are forked! Our power grids are interwebby connected, our communications are interwebby connected, our lives are interwebby connected. Even the street lights are interwebby connected! Our councils are interwebby connected, our Govt. Depts. are interwebby connected.

Yup! We're forked!
Screw
 
Posts: 1254
Joined: Tue May 13, 2014 3:52 pm

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby roygbiv » Tue Apr 04, 2017 3:08 pm

mmm, I had a look at the CIVIL NUCLEAR CYBER SECURITY STRATEGY which was referred to in the article. It states commitments to be made by UK civil nuclear supply chain will and HM Govt. So anyone who has anything with nuclear power in UK has to comply with this new regulation/red tape. That would be a huge sector as nuclear power provides18% of UKs supply. Sounds dreadful if the standard is low but if the standard is very high then just maybe it is good.

I would expect there not to be an ethernet cable connecting the main monitoring system of the power plant directly to the ADSL link, but years ago I had a tour around a nuke power station and observed all the signs about photography. But, when the chap was not looking I took a few pics :o . Therefore, the security could do better.
Needless to say any improvement in security in such a sensitive industry especially against the internet's low-life must be welcomed.
User avatar
roygbiv
 
Posts: 165
Joined: Wed May 21, 2014 9:28 pm

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby Logan Savage » Tue Apr 04, 2017 3:10 pm

Weasel wrote:I read the article, nothing mentioned nuclear power stations being "on the internet". How do you make that jump from whats in the article ?
Well, the sub heading was "Intelligence agencies fear that computer hackers are trying to bypass nuclear power station security measures." The first sentence contained the phrase "increased threats to electronic security systems." And finally about halfway down it says "Government officials have warned that terrorists, foreign spies and "hacktivists" are looking to exploit "vulnerabilities" in the nuclear industry's internet defences." Are we reading the same article? I'm on TOR so I get the overseas version.
"Capitalism has defeated communism. It is now well on its way to defeating democracy"
(David C. Korten, When Corporations Rule the World)
User avatar
Logan Savage
 
Posts: 510
Joined: Sat Jul 05, 2014 10:41 am

Re: WTF? A nuclear plant on the Net? (4 Apr, 2017)

Postby Weasel » Wed Apr 05, 2017 7:38 am

Logan Savage wrote:
Weasel wrote:I read the article, nothing mentioned nuclear power stations being "on the internet". How do you make that jump from whats in the article ?
Well, the sub heading was "Intelligence agencies fear that computer hackers are trying to bypass nuclear power station security measures." The first sentence contained the phrase "increased threats to electronic security systems." And finally about halfway down it says "Government officials have warned that terrorists, foreign spies and "hacktivists" are looking to exploit "vulnerabilities" in the nuclear industry's internet defences." Are we reading the same article? I'm on TOR so I get the overseas version.


TOR, so now you're on an NSA watch list :-)

None of those things say - "Nuclear power plant control systems are connected to the internet". Nuclear industry is a very broad term, it could mean that office workers that work in that field somewhere might be a target. Seems a bit alarmist to me :p
Weasel
 
Posts: 188
Joined: Wed Jul 08, 2015 10:44 am

Next

Return to Today's column

Who is online

Users browsing this forum: Bing [Bot] and 2 guests

cron