HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Elizabeth M
User Rank
Blogger
Good story on a real problem
Elizabeth M   3/5/2014 6:09:30 AM
NO RATINGS
Very thoughtful story, Rob. The headline really drew me in especially because I sort of had a personal experience with this many years ago (I would say about eight years ago now) when I was with a friend in SF who was a software engineer. We were in a cafe and he had his laptop and he showed me how with a program he could intercept wireless traffic in that cafe and essentially hack into wireless devices. (He didn't do it, but just showed me that he could if he wanted to.) We've come a long way since then but there are still very real threats out there and it's good to focus attention on this problem before it gets out of hand.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/5/2014 7:27:09 AM
NO RATINGS
Good story, Elizabeth. I honestly don't see how we're going to get ahead of this problem. 

Ann R. Thryft
User Rank
Blogger
Re: Good story on a real problem
Ann R. Thryft   3/5/2014 6:17:39 PM
NO RATINGS
Gee thanks, Rob, I didn't sleep so well after reading this. Seriously, though, thanks for the reporting on this important subject. Several years ago I wrote a white paper on security for a very large company in the business and was really horrified at what I learned. That was the year that all those breaches started occurring at credit card processors and lost company laptops with huge customer databases on them. The basic takeaway was, it's usually an inside job.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/5/2014 7:20:06 PM
NO RATINGS
You're right about inside jobs, Ann. Both examples in this story were inside jobs. I just came out of a meeting with automation and control engineers who work with a big automation vendor. They say the plant operators don't believe anyoine would want to attack their networks.

Elizabeth M
User Rank
Blogger
Re: Good story on a real problem
Elizabeth M   3/6/2014 6:59:02 AM
NO RATINGS
Agree with you and Ann here, Rob, about the inside jobs. And I think that this is often the case not just in plants but when other business networks are attacked as well.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/6/2014 9:46:43 AM
NO RATINGS
Inside jobs may be the biggest threat, Elizabeth. I can't even imagine an effective strategy to prevent attacks from inside. 

William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/6/2014 1:32:02 PM
NO RATINGS
Rob, actually, those older PLCs were about as imune as an automation device could be, since they spoke a different language, used a non-standard connection, and required a proprietary terminal to program them, or to change the program. Of course that made living with them a lot harder, but it did make them fairly secure.

The first hacking disaster that I came across was not even intentional: An IT person had connected a controls computer up to the plant eternet network so that they could monitor production testing results. The damage was done when windows stopped a test in mid-sequence to download  a new currency conversion utility. During the time that the test was halted the prototype part being tested melted and almost caught fire. Not the intended result of the connection, but it shows that windows can be our worst enemy.

And for the question of "Why would anyone attack a factory network?", the answer is quite simple. "Because it is there". It seems that many who attack and do damage are simply out to do damage, and they are far less likely to be caught than if they go out shooting people. So they damage things instead. Just simple mindless vandalism is all the motivation that some of them need. Then there is another class that simply hate bill gates and do things to make his company look bad. They are another problem.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/6/2014 3:29:58 PM
NO RATINGS
Thanks William K. Your answer to the question of why someone whoiuld want to crack into a plant network is the right answer.

Elizabeth M
User Rank
Blogger
Re: Good story on a real problem
Elizabeth M   3/10/2014 5:18:22 AM
NO RATINGS
Yes, Rob, I would imagine background checks would help but it's kind of difficult and time consuming to do extensive background checks on every single person hired at a company, although I am sure companies with high security concerns do it. But even then you might miss something, or someone might just become disgruntled and try to sabatoge company or plant information. If I recall I wrote an article on this for another publication years ago, and the point of the article was that because you can't always control people so well you have to really secure your data and systems as best you can, and keep in mind that sometimes threats may come from inside so whatever you can do to secure systems from that, do so, by only giving people access to the systems or info they absolutely need for their jobs. But if someone with high security clearance wants to hack the system, you're right, I can't imagine how they can stop that.

Ann R. Thryft
User Rank
Blogger
Re: Good story on a real problem
Ann R. Thryft   3/6/2014 2:20:58 PM
NO RATINGS
That disbelief sounds like it's about the same from 2005 when I was talking to some experts on the subject for that WP (including high-level mil and ex-FBI guys). I find that kind of ostrich behavior hard to believe, yet it appears to still be widespread. The security pros told me it was due primarily to an unwillingness on the part of management to deal with the whole can of worms and the expenses involved. Of course, the pros would tell them just what they needed to do and point out that the costs would be much higher after a breach than to set up controls to prevent the breach in the first place.

William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/6/2014 9:12:56 PM
NO RATINGS
I had a manager refuse to even consider a proposal for an addition to their fire-suppression system because the cost of the system would come from the profits and make him look bad. This was a week afrer that same system had poured water all over the new parts of the buildings computer network system, which the repairs and replacements cost a whole lot of money. The addition to prevent the damage from ever happening again would have cost much less than 1% of the cost of the damage repairs. But the money was "not an investment in profitability", and so he was not interested. That was a branch of Delphi. He was the manager who cussed at people. (a lot of folks will recognise him from that description).

Ann R. Thryft
User Rank
Blogger
Re: Good story on a real problem
Ann R. Thryft   3/7/2014 3:52:53 PM
NO RATINGS
William, that sounds like a Dilbert pointy-haired boss story, doesn't it?

William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/7/2014 9:24:01 PM
NO RATINGS
Ann, yes it certainly does. And on more than a few occasions I have been ready to accuse Scott Adams of having cameras and bugs in my workplace. The similarity is awsome.

Ann R. Thryft
User Rank
Blogger
Re: Good story on a real problem
Ann R. Thryft   3/10/2014 12:27:24 PM
NO RATINGS
William, I think the vast number of people who think Adams bases his strip on their particular place of work is more than awesome: it's downright scary.

William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/10/2014 10:34:53 PM
NO RATINGS
Ann, the more disconcerting part of how accurate that stip appears is that it appears to be that accurate, meaning that so many of the upper management types fit the model of "the pointy-haired boss". Those folks who claim the sim8ularity can't possibly all be very far off, can they?

Ann R. Thryft
User Rank
Blogger
Re: Good story on a real problem
Ann R. Thryft   3/11/2014 11:58:33 AM
NO RATINGS
Exactly--and that was my point. It's cultural.

William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/5/2014 9:43:42 AM
NO RATINGS
Definitely a real problem here, Elizabeth, and amn interesting tale as well. The problem as stated also mentions a potential solution, unstated, but nobody would like the obvious way to reduce the problem. In the simplest terms, a system that can't hear the outside commands, and does not even speak that language, is rather less likely to be "lead astray." I am not suggesting the same thing as the physical isolation approach, which your article points out is not effective, without even mentioning isolation as a concept. But consider that a large number of the things that open a system to invaders are done for convenience. Memory sticks and RF access, along with internet access, are mostly for the convenience of users, rather than actually vital to the main function of a system. So just like your conclusion, security must be integral and constant.  Making data ports one-way only as a hardware design would make things less convenient, but if they were really one-way, nothing could enter by that path. So separating data gathering and reporting from process cntrol is certainly less efficient, but if it is done in a one-way only hardware scheme it can stop hackers. Of course all code must also include enough security, but that is at least in theory, hackable. I have described one more method of improving security, not a total solution, but a way to block some of the holes.

Elizabeth M
User Rank
Blogger
Re: Good story on a real problem
Elizabeth M   3/6/2014 6:50:19 AM
NO RATINGS
These are all really good points, William K. There are a lot of external devices the use of which can be eliminated to help keep networks more secure, and this can be done quite easily. Sometimes the simplest way to help alleviate a problem is overlooked.

Mydesign
User Rank
Platinum
Security Concerns
Mydesign   3/6/2014 3:53:46 AM
NO RATINGS
1 saves
"Cybersecurity is becoming an increasingly thorny concern for those running automation and control networks. With the proliferation of plant networks matched by the growing Internet of Things and wireless everything, security has become a major issue."

You are right ROB. Security is a major concern especially with self talking and networking devices. I don't think it cannot be address permentlly because hackers are more brilliant than security professionals.

Rob Spiegel
User Rank
Blogger
Re: Security Concerns
Rob Spiegel   3/6/2014 9:42:49 AM
NO RATINGS
Good point, Mydesign. This will be very interesting as it plays out. There's simply no clear answer. 

Mydesign
User Rank
Platinum
Re: Security Concerns
Mydesign   3/7/2014 4:56:49 AM
NO RATINGS
1 saves
"Good point, Mydesign. This will be very interesting as it plays out. There's simply no clear answer. "

You are right Rob, it's like a police and thief game. Security professionals are chasing hackers.



Partner Zone
Latest Analysis
The new draw-it-on-a-napkin is the CAD program. As CAD programs become more ubiquitous and easier to use, they have replaced 2D sketching for early concepting.
These free camps are designed for children ages 10 to 18. Attendees are introduced to 3D CAD software and shown how 3D printers can make their work a reality. Here we check out the stops in California and Utah.
A University of Chicago graduate has invented a compact elliptical trainer that lets people work out at their desk while they work.
Dean Kamen told an audience at MD&M East 2014 that FDA regulators aren't to blame for stalling innovation in the medical device industry. Hear what he had to say.
Battery maker LG Chem Power Inc. plans to offer a new cell chemistry that could serve as the foundation for an affordable electric car with a 200-mile driving range by 2017.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Aug 4 - 8, Introduction to Linux Device Drivers
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: August 12 - 14
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service