Back when this blog was new (Dec '004) I put up a post called Internet Security, where I discussed the problems of controlling critical infrastructure with the Internet, wireless, or worse yet wireless Internet. George Tenent then head of the CIA said we had a problem. Let me quote a bit to give you the flavor:
What George is saying is that the Inherent Design of the internet is not compatible with infrastructure security. Duh.Well it has started. According to the CIA
What we actually need is less stupidity.
What we need to do is to provide more security for our networked systems. The Internent is not the answer to infrastructure control problems. It is inherently insecure. As a controls engineer I have been arguing this point for at least five years. Well before 9/11.
Wiring up a factory to use the Internet Protocol (IP) for in factory and inter factory control is a stupid idea. Since the IP is well understood using it to destroy a facility would be rather easy. Nothing new to learn except the control settings of the individual factory or company.
Worse is controlling a factory with wireless internet. With that kind of setup you don't have any fire wall between your operations and the outside world. In fact you don't even need to know IP or wireless protocols to cause trouble. All you need is a jammer to bring a factory to its knees. And the jammer need not be on continuously. An intermittent jammer could wreak havoc with sensitive factory processes.
The CIA on Friday admitted that cyberattacks have caused at least one power outage affecting multiple cities outside the United States.Let me tell you that as long as I am designing plants no controls or critical infrastructure will use the Internet protocols or the Internet. Ever. As long as I am designing plants no controls or critical infrastructure will use wireless. Ever. To do is inviting trouble. I will use wires. Coax. Shielded twisted pairs. Fiber. Preferably in conduit except for nodes. All with custom protocols. No easy access, except locally. There is nothing wrong with using encoded data over the internet to report plant operation. There will be no possibility of plant control remotely. Ever.
Alan Paller, director of research at the SANS Institute, said that CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers from North American energy companies and utilities.
Paller said that Donahue presented him with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
To do so would be stupid. I wasn't born yesterday.
Yes. It raises the capital costs and the time required to connect everything together. What is one plant outage worth? What is meeting one extortion demand worth? Once you pay the Danegeld, how do you get rid of the Dane?
Cross Posted at Classical Values