I got quite a sense of whiplash just in the first page of the article. It is an article from Japan Times, with a leading photo from California, over a byline from Toronto, about an attack on equipment from a French firm in a site in Saudi Arabia.
...just in case you forgot that the internet is international.
Why are systems like this connected to the internet?
As far as I can see, any safety monitoring system should be air-gapped, or, if remote control is absolutely needed, be connected via a robust physical interface, i.e a thick cable.
There is no good reason for any of these devices to have a public IP address. Physical access should be the only attack vector available when it comes to industrial sabotage.
> Why are systems like this connected to the internet?
Probably a variety of reasons. Here's one.
There was something I saw on my local PBS station that was about security and the electrical grid. They talked to some manager of a major power plant who had a phoneapp that could monitor that plant over the internet and pretty much completely control it.
They talked about how this app came about. The manager decided it would be convenient so he could keep up on things when he was away at conferences and such. There were no security experts involved in writing this thing, or in analyzing what the risks were of adding outside internet access to the LANs that control systems were on. It was all as casual as you or I might make a phone app that can turn on our garage lights.
The thought that there might be some danger in the control systems being directly accessible from the internet simply did not occur to anyone.
If I'm not mistaken, there is no mention in the article that the system was actually connected to the Internet.
The Stuxnet attack (which as another commenter said was the real "watershed" event) managed to infect the target system even if it was air-gapped, by infecting the PC of someone that eventually connected to the private network of the target onsite.
It's the IT folks who tell everybody you should connect everything to the Internet, because that makes everything so easy.
It's the embedded folks, who tell that it is not made for this.
It's the manager folks, who demand that it be connected, because the IT folks told that it's is easy and innovative while the embedded folks are so old school.
The internet is becoming the de facto way to connect anything. There's increasing automation, communication, and so forth between all these systems, and the internet is the way that's coordinated. But unfortunately the people taking these systems online don't always do so with the proper eye toward security rigor that is deserved. Sometimes that's down to a lack of expertise. Sometimes it's due to lack of resources or spending. Sometimes it's just because management folks refuse to listen to the professionals they've hired. In any event, it's a common problem even at the best of places. At organizations that lack a deep bench of current era IT/software talent (which is actually most organizations) it's very easy to make these mistakes.
If you want to see how to do it right, look at slot machines. There is a crazy amount of oversight on those devices. In comparison, voting machines and our industrial infrastructure is just a huge game of grab-ass. Whatever goes, goes, until something bad happens and then people slowly learn one lesson.
Why are systems like this connected to the internet?
Because there are some things that need to be safe; some things that need to be connected to other things; and some things that need to be on the internet.
Internet <-> Website <-> Stock control system <-> Stock inbound station <-> Conveyor control system <-> Emergency stop monitoring system
It's possible to make such a system safe, of course. But a company making a web browser has their defences tested and their security spending validated by unceasing attack. The same resources might be hard to get in an industrial automation company if the higher-ups think "there hasn't been an attack, and they already have a firewall, a VPN and a virus scanner, whatever those are"
Because all kinds of companies are pushing for the Industrial Internet of Things, since that enables new subscription-type business models for sectors that used to sell big expensive machines ~once per customer.
It is usually a result of a fight between control system engineers and IT people. The IT people see an ethernet cable and think that they should control it and in order to do that they connect the two networks. There are ways to do it safely, like placing a database in a DMZ that the PLCs write to and have computers on the other side read from the database without ever connecting to the PLCs, but that requires expertise and a security mindset.
> There is no good reason for any of these devices to have a public IP address.
That's a bold statement to make for someone who, I'm assuming, has absolutely no idea what these systems are or what the company wants to do with them.
Security policy is super easy when you don't actually have to get anything done.
yup, they should NOT be connecting them, but because everyone is going cloud and remote service support.... they got to let "people" in.
Also the PLC administrators refuse to let proper network and systems admins go near their shit. They think their stuff is better left alone from the "geeks".
So, a virus-based cyber attack on the computer system of a Saudi Arabian industrial operation, supposedly by Iran.
If "watershed" mean fundamentally new, this isn't a watershed event since this event was proceed by the Stuxnet attack on Iran, by many accounted committed by the US and Israel.
Still, it seems to reinforce the general situation that the gloves are off between nation states, every cyber avenue of attack that can be pursued, will be pursued - a war of all against all. Since not only are cyber attacks cheap, they offer endless plausible deniability.
"Watershed moments" are those that cause everyone to take something seriously instead of beliving it couldn't happen to them. It's about people's reactions.
"The malware, which FireEye has dubbed Triton, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes."
This sounds incorrect ... Wasn't there (at least):
One of my relatives is a safety engineer at a plant.
Remotely he can connect to a read only console, if there are any changes he has to call someone on the inside to make them.
I don’t know how robust that read only aspect is, but it seems like a good middle ground if faithfully implemented.
[+] [-] dwyerm|8 years ago|reply
...just in case you forgot that the internet is international.
[+] [-] Hasz|8 years ago|reply
As far as I can see, any safety monitoring system should be air-gapped, or, if remote control is absolutely needed, be connected via a robust physical interface, i.e a thick cable.
There is no good reason for any of these devices to have a public IP address. Physical access should be the only attack vector available when it comes to industrial sabotage.
[+] [-] tzs|8 years ago|reply
Probably a variety of reasons. Here's one.
There was something I saw on my local PBS station that was about security and the electrical grid. They talked to some manager of a major power plant who had a phone app that could monitor that plant over the internet and pretty much completely control it.
They talked about how this app came about. The manager decided it would be convenient so he could keep up on things when he was away at conferences and such. There were no security experts involved in writing this thing, or in analyzing what the risks were of adding outside internet access to the LANs that control systems were on. It was all as casual as you or I might make a phone app that can turn on our garage lights.
The thought that there might be some danger in the control systems being directly accessible from the internet simply did not occur to anyone.
[+] [-] Kurtz79|8 years ago|reply
The Stuxnet attack (which as another commenter said was the real "watershed" event) managed to infect the target system even if it was air-gapped, by infecting the PC of someone that eventually connected to the private network of the target onsite.
https://en.wikipedia.org/wiki/Stuxnet#Windows_infection
[+] [-] PinguTS|8 years ago|reply
It's the embedded folks, who tell that it is not made for this.
It's the manager folks, who demand that it be connected, because the IT folks told that it's is easy and innovative while the embedded folks are so old school.
[+] [-] InclinedPlane|8 years ago|reply
If you want to see how to do it right, look at slot machines. There is a crazy amount of oversight on those devices. In comparison, voting machines and our industrial infrastructure is just a huge game of grab-ass. Whatever goes, goes, until something bad happens and then people slowly learn one lesson.
[+] [-] michaelt|8 years ago|reply
Consider an automated warehouse: https://www.youtube.com/watch?v=dAXdeqcHBp4
Internet <-> Website <-> Stock control system <-> Stock inbound station <-> Conveyor control system <-> Emergency stop monitoring system
It's possible to make such a system safe, of course. But a company making a web browser has their defences tested and their security spending validated by unceasing attack. The same resources might be hard to get in an industrial automation company if the higher-ups think "there hasn't been an attack, and they already have a firewall, a VPN and a virus scanner, whatever those are"
[+] [-] adrianN|8 years ago|reply
https://en.wikipedia.org/wiki/Internet_of_things#Manufacturi...
[+] [-] nsnick|8 years ago|reply
[+] [-] ggggtez|8 years ago|reply
[+] [-] AnIdiotOnTheNet|8 years ago|reply
That's a bold statement to make for someone who, I'm assuming, has absolutely no idea what these systems are or what the company wants to do with them.
Security policy is super easy when you don't actually have to get anything done.
[+] [-] phkahler|8 years ago|reply
For convenience. In business they call it "cost".
[+] [-] senectus1|8 years ago|reply
Also the PLC administrators refuse to let proper network and systems admins go near their shit. They think their stuff is better left alone from the "geeks".
[+] [-] joe_the_user|8 years ago|reply
If "watershed" mean fundamentally new, this isn't a watershed event since this event was proceed by the Stuxnet attack on Iran, by many accounted committed by the US and Israel.
Still, it seems to reinforce the general situation that the gloves are off between nation states, every cyber avenue of attack that can be pursued, will be pursued - a war of all against all. Since not only are cyber attacks cheap, they offer endless plausible deniability.
[+] [-] willvarfar|8 years ago|reply
[+] [-] Dylan16807|8 years ago|reply
[+] [-] DyslexicAtheist|8 years ago|reply
This sounds incorrect ... Wasn't there (at least):
Naming it Triton is unfortunate since there has been a malware from 2004 with the same name[¹] that is totally unrelated.[¹] https://www.pandasecurity.com/cyprus/homeusers/security-info...
[+] [-] cordite|8 years ago|reply
I don’t know how robust that read only aspect is, but it seems like a good middle ground if faithfully implemented.