New security technology for old plant devices
Like a disease that evolves in the face of antibiotics, cybervillains are gaining in technological proficiency. Plant equipment is made to last decades, so the devices that are vulnerable were designed before cyberhacking was an issue. "The culprit is the march of the technology," Jake Brodsky, chairman of the nonprofit DNP (distributed network protocol) Users Group, told us. "The requirements are moving even though the gear has already been installed. They want new security from the device that was put in 10 years ago."
Plant engineers are accustomed to setting up a system and letting it run unencumbered, but security is a rolling solution that can never be fully fixed, he said.
Another thing that bites us in the butt is project-oriented activity. You have to keep doing security. It's a structural problem that doesn't mesh with engineering. You have to plan for upgrades and updates. And there are times when you just canít pull the equipment from service. You can't afford the downtime to validate what you've done.
The solution is to create security that doesn't need constant improvement. "We're looking for new ways to improve security. The best thing you can do is design it from the start so it doesn't need patches in the first place. That's a huge challenge in the embedded industry."
Destroying the plant with a small radio
The Maroochy Water Services plant attack in Australia is another classic example of security gone haywire. An engineer from one of the utility's vendors was turned down for a job at the plant in early 2000, and he decided to retaliate. On at least 46 occasions, he issued malicious radio commands to the sewage equipment network from his car. The commands caused 200,000 gallons of raw sewage to spill into local parks, rivers, and even the grounds of a Hyatt Regency hotel. Marine life died, the creek turned black, and the stench was unbearable for residents.
The perpetrator used radio gear to hack into the SCADA system and cause wastewater to overflow. It took about 15 times before plant personnel realized they were under attack. "The one who discovered the perpetrator was a policeman who noticed a guy inside the car near the plant with a lot of radio equipment," Brodsky said. "With secure authentication, that breach would not have happened. It would have rejected the perpetrator's commands."
Trust -Ė or the lack of it -Ė will continue to haunt network engineers. "The biggest problem we have is not the evil hacker in his mother's basement. It's the guy you drink coffee with every morning. Authentication is great, but it's hard to stop an unhappy employee from doing damage."