HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Blog

10 Cyber Attacks That Wreaked Havoc

View Comments: Oldest First|Newest First|Threaded View
Page 1/3  >  >>
Elizabeth M
User Rank
Blogger
Lessons of history
Elizabeth M   5/14/2014 6:55:44 AM
NO RATINGS
Interesting slideshow, Rob! I bet some in the industry would like to forget about these, but it's good to remember to learn from past mistakes. Stuxnet, for example, really showed organizations that external storage and media can wreak havoc if not properly secured. I didn't even know some of these attacks happened--another good reason to make them more public. I think sometimes it behooves those in the industry to keep this stuff on the down low, but it's far better for the public to be aware of the threats that exist.

Rob Spiegel
User Rank
Blogger
Re: Lessons of history
Rob Spiegel   5/14/2014 7:04:06 AM
NO RATINGS
Elizabeth, this is just a sampling. I didn't include attcks on commercial enterprise for cc numbers such as attacks on Sony, BoA, and Target.

Elizabeth M
User Rank
Blogger
Re: Lessons of history
Elizabeth M   5/14/2014 7:09:55 AM
NO RATINGS
Well that is quite scary, then! I actually like that you included some that may be lesser know.

tekochip
User Rank
Platinum
Re: Lessons of history
tekochip   5/14/2014 10:06:23 AM
NO RATINGS
I think wants really important about that story was that the Stuxnet wormed its way into the PLC code and destroyed the centrifuges making fissionable material.  The attack was very direct and designed to perform a very exacting purpose.  It wasn't just a kid throwing a brick through the window, it was a spy sneaking into the facility and blowing up Iran's nuclear program.

Rob Spiegel
User Rank
Blogger
Re: Lessons of history
Rob Spiegel   5/14/2014 11:03:15 AM
NO RATINGS
Good point Tekochip. Yes, Stuxnet was very sophisticated. Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.


So as it was destroying the centrifuges, the monitors said everything was going just fine.

naperlou
User Rank
Blogger
the dangers of connectedness
naperlou   5/14/2014 12:48:53 PM
NO RATINGS
Rob, we have to ask ourselves a question about whether it is worth the risk to be so fully connected.  There is very little utility to having an industrial or utility control system connected to the Internet.  It is possible, and desirable, to have strong seperation of networks.  I observed issues with this many years before the Internet came live in a situation where we had corporate networks with vendor protocols. 

Rob Spiegel
User Rank
Blogger
Re: the dangers of connectedness
Rob Spiegel   5/14/2014 1:08:03 PM
NO RATINGS
That's a great question, Naperlou. For decades, plants were networked without connectivity to the outside. This didn't change with the internet of things. It changed with connectivity to the ERP system -- folks in the front office wanted to know when an order was completed and shipped so they could invoice it ASAP. And sales folks wanted to know what was going on. That ERP was connected to the internet, which meant the plant was then connected de facto.

William K.
User Rank
Platinum
Re: the dangers of connectedness
William K.   5/14/2014 4:38:14 PM
NO RATINGS
Naperlou, not only the question of is it worth being connected, but also the question of teh value of being compatible. Infections can happen to non-connected networks by means of infected portable data devices. But those non-PC compatible PLC devices would be a bit more challenging to hack, by virtue of not speaking the same language at all. But as soon as a system has parts that can handle the files, hacking becomes possible.

One working solution would be hardware firewalls of the type that would only allow certain commands, such as requests for data, to pass through, with no availability of an option to change that by means of software. Of course, the tradeoff is a lack of flexibility, and needing to change proms in order to change the programming. BUt the benefit would be a hacker-proof wall. The makers of proms and E-Proms would love it, though.

The actual mechanization would be that the instruction from outside would be of the type "send message #1 from the stored messages list, with that list being coded into the hardware memory, not changable from the outside. Sort of like a jukebox- select a record to play was the only option. And it could only play the records installed inside.

Charles Murray
User Rank
Blogger
Re: the dangers of connectedness
Charles Murray   5/14/2014 8:29:02 PM
NO RATINGS
That's a great question, naperlou. It seems like full connectivity has become such an accepted practice of business that many entities (corporations, goverment and utilities) don't bother to ask how important it really is.

lynnbr2
User Rank
Iron
Re: the dangers of connectedness
lynnbr2   5/15/2014 8:32:21 AM
NO RATINGS
Actually, there is currently a great push to connect former "islands of automation" to "network operating centers' in order to perform condition monitoring. Online bearing and gear condition analysis is now offered by SKF, as just one example. The recent Malaysian plane mystery had "pingers" in the Rolls Royce engines that effectively tracked power-on-hours for the vendor of the turbines. Most of theses new services ignore the security aspect of connecting all of these machines via the cloud - IMHO.

Page 1/3  >  >>
Partner Zone
More Blogs
New manufacturing is changing more than just the plant floor. It's changing how manufacturers do business.
Venture capital guru Steve Vassallo looks for companies that think about design, not just technology for technology's sake.
In this TED presentation, Wayne Cotter, a computer engineer turned standup comic, explains why engineers are natural comedians.
IBM's new SyNAPSE chip makes it possible for computers to both memorize and compute simultaneously.
We searched far and wide for the top employers for engineers. These companies were ranked by engineering professionals, engineering students, and engineering instructors and professors. Does your employer make the grade?
Design News Webinar Series
9/10/2014 11:00 a.m. California / 2:00 p.m. New York
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Sep 22 - 26, MCU Software Development – A Step-by-Step Guide (Using a Real Eval Board)
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: September 30 - October 2
Sponsored by Altera
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service