Pipes and Bytes

There is another security threat that has being brewing for a long time now. This time is about the computers that control Industrial Processes and Utilities.

In the last few years the trend was to move all these dedicated systems to Windows based system. Windows have a lot of advantages, mainly related to the fact that applications are easier and cheaper to develop than any of the alternative. The availability of inexpensive hardware and thousands of developers, make the platform very competitive. The infrastructure afforded by the Internet bring the additional bonus that all these processes can be managed remotely with very little additional investment, a big incentive for companies to move their connectivity to a Wide Area Network situation.

The problem with this state of affairs (Windows system connected to the internet controlling vital equipment) is security. Although Microsoft have made progress improving the security of their OS’s, you don’t have to search very hard to find a staggering number of security holes still open. Moreover, keeping a Windows system secure requires a lot of vigilance and a proactive approach, not always a concern that has high priority for the operating companies. In many instances, management may not even be aware of the magnitude of the problem.

Because of the criticality of some pieces of equipment, the issue is one of national security. Sabotage by terrorist groups or enemy states would acquire a whole new meaning when somebody has the power to shut-down a significant portion of a country’s electric grid or water supply.

As it is usually the case with widely interconnected systems, the weakest link can be exploited by hackers to gain access to the system, thus, no matter how strong the protection of the important nodes is, failure to protect every possible node could bring the whole system down.

The problem certainly caught the attention of security experts and practitioners since at least a decade ago. Here some references to the problems from the SANS Institute reading room.

The ideas being floated around the concept of bug ridden smart-meters for the distribution grid will add another spin to this issue.

 

 

Advertisements

One Response to Pipes and Bytes

  1. Pingback: Not so quietly… « CryptoBlog – Data Security and Information Theory

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: