Wednesday, January 14, 2015

Computer attack wrecks steel mill

Joe emails to point out the large dollar losses that can be inflicted with the click of a mouse:
Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.
I’m referring to the revelation, in a German report released just before Christmas(.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage.
There are other types of plants where the consequences would be equally grave - Plexiglas polymerization in the piping would be a Very Bad Thing Indeed, for example.  Chemical plants might even go boom.

And it doesn't look like the Security Team were asleep at the switch, either.  The plant wasn't exposed to the Internet like a lot of the Power Grid:
The report, issued by Germany’s Federal Office for Information Security (or BSI), indicates the attackers gained access to the steel mill through the plant’s business network, then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attack—sending targeted email that appears to come from a trusted source in order to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware is downloaded to their computer. Once the attackers got a foothold on one system, they were able to explore the company’s networks, eventually compromising a “multitude” of systems, including industrial components on the production network.
My feeling is that the future will see the segmenting of networks into "ordinary business users" and "mission critical" with no connections whatsoever between them - exactly like the DoD unclassified and classified networks.  While this is no panacea, it makes it much, much more difficult to penetrate, and very likely requires physical access.  And a shout out to the retail industry: your Point Of Sale terminals should be separated from the rest of the network in exactly this way to avoid a repeat of the Target credit card breech.


Old NFO said...

Concur... And our 'infrastructure' is y much wide open... as are these 'smart' homes...

Anonymous said...

makes you wonder at the motives of the people doing the hacking. Just practicing for something bigger? Grudge against the company? Bordom? Market competitor? If just being sociopathic and destroying stuff for the fun of it, they need to be put to sleep.

Anonymous said...

It's very possible that things have changed in the intervening years, but POS systems were - and probably are even more so, now - inextricably linked to inventory, ordering, and financial systems within the enterprise. That's the what the designers came up with to, in real time, tie a customer purchase to shelf replenishment, which means subcontractor/supplier build/ship, and costing.

Which works just fine as long as no one gets malicious with it. I suspect we'll start seeing new systems designed with "sally port firewalling" a la INM's old ISS remote access, and resultant growth in intermediate proofing servers.

Much money to be made in IT, methinks, especially once the next couple of big hacks become widely known (as if Target and Home Depot weren't big enough....)

Keads said...

Indeed. Airgapping is the only way to be sure.