http://www.bbc.co.uk/news/technology-15817335
Seems like it's only a matter of time before we see someone injured or dead from a hacking attack I think, because no matter how big you build the mousetrap, there's always a bigger mouse.
Established Member
http://www.bbc.co.uk/news/technology-15817335
Seems like it's only a matter of time before we see someone injured or dead from a hacking attack I think, because no matter how big you build the mousetrap, there's always a bigger mouse.
Order of Kilopi
Why do we even have embedded controls in water pumps?
Et tu BAUT? Quantum mutatus ab illo.
Order of Kilopi
and why is any of it hooked to the internet?Originally Posted by Ara Pacis
Order of Kilopi
The water treatment plant is operated by a control system. The controls aren't embedded in the pumps.
For remote control of the system.
Order of Kilopi
If you think that's bad, wait until you read this article...
http://arstechnica.com/business/news...-from-afar.ars
Now HERE is something that really shouldn't be really shouldn't be connected to the net.Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems.
SCADA systems are used for pretty much everything that requires motors and monitoring&control of larger plants those days. If they're online, they are all vulnerable.
Order of Kilopi
Does no one have private networks any more?
Order of Kilopi
Apparently, the reason the prison systems were available online was so that they could push remote updates.
I remember when I was working at a company making pumps for water treatment plants. Their own SCADA system was on a computer full of notes and signs saying "DO NOT CONNECT THIS TO ANY NETWORK UNDER ANY CIRCUMSTANCES!!1!".
Order of Kilopi
This is the second SCADA attack I've read about, so I presume there have been many more that I haven't. As long as the CDC and the ICBM networks are isolated I won't worry too much. Surely no-one's that stupid.
Order of Kilopi
Sure. US nuclear plants do, for one.
It is possible to protect networks against a cyber attack, just not with a three-letter password.
Established Member
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein
Order of Kilopi
Apparently, the Department of Homeland Security and the FBI say there's no evidence the plant was damaged by a cyber attack.
Order of Kilopi
I don't want to be a luddite, but not everything has to be connected to everything else. Can't we have private networks that aren't connected to the internet? Can't we have human and/or electro-optical systems as links that prevent anyone from controlling machinery more remotely than a few miles away? It would seem logical to me... and that's probably the point of the hax0rz.
Et tu BAUT? Quantum mutatus ab illo.
Order of Kilopi
Sure we can.
We can also have staff standing by on-site, at all sites, at all time, in case a valve has to be turned.
Will you be the one paying their salaries?
As with everything else it's an economic decision, weighing risk against cost.
In some cases, risk is assessed to be at a level where it's natural to have four physically separate networks in the same building, a friend of mine worked a place like that, and as his work required access to three of them, he had three pc's at his desk.
In other cases risk is assessed to be less, or cost is weighted higher.
Last edited by HenrikOlsen; 2011-Nov-27 at 10:03 AM.
__________________________________________________
Reductionist and proud of it.
Being ignorant is not so much a shame, as being unwilling to learn. Benjamin Franklin
Chase after the truth like all hell and you'll free yourself, even though you never touch its coat tails. Clarence Darrow
A person who won't read has no advantage over one who can't read. Mark Twain
Order of Kilopi
I read some time ago about attempts to open
sluice gates at some dam in the US. Why is a
dam on the internet I thought, surely having
people on site is the safest thing with the
risks involved.
Bit of a luddite I am. First hearing of
hacking in the eighties I thought if Banks
want to connect to the public telephone
system with modems they cannot complain
if electronic break-ins happen.
Order of Kilopi
Exactly, and I wonder how much they factor into it. It's not just the salary, it's peace of mind of the stakeholders and their valuation of stocks or bonds, as well as the costs of anti-hacking efforts. Don't get me wrong, I agree it's an economic decision, it's just that like many other times in the past people don't realize the value of prevention until something goes wrong and people get hurt or die. If hax0rz can get into water plants, will they eventually be able to allow contaminants in and will that result in a bloom of parasites like what happened in Milwaukee a few years ago? Of course, having people on site is dangerous too, but in a different kind of way, like the time a disgruntled worker intentionally contaminated a batch of baby formula.
Et tu BAUT? Quantum mutatus ab illo.
Posting Permissions
Reply With Quote