Nuclear power plants finally infected with malware - Tree of Souls - An Avatar Community Forum
Tree of Souls - An Avatar Community Forum
Go Back   Tree of Souls - An Avatar Community Forum » General Forums » General Discussion

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 01-17-2013, 10:58 AM
auroraglacialis's Avatar
Tsulfätu
auroraglacialis can now be called "doctor"
 
Join Date: Apr 2010
Location: Central Europe
Posts: 1,622
Default Nuclear power plants finally infected with malware

Malware infects US power facilities through USB drives - security, U.S. Department of Homeland Security, energy, industry verticals, Exploits / vulnerabilities, U.S. Industrial Control Systems Cyber Emergency Response Team - Security - Techworld
Quote:
Two U.S. power companies reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives[...]
In one case, the industrial control system at a power generation facility was infected with "common and sophisticated malware" apparently through an employee's USB drive[...]
In the second incident, a power company contacted ICS-CERT in early October to report a virus infection in a turbine control system.
Nuclear power plants in the US finally officially caught malware (at least now they detected it and wrote about it). If you think that a little bit of malware is not that much of a problem, check out this very interesting talk from the 28c3: 28c3: SCADA and PLC Vulnerabilities in Correctional Facilities - YouTube
It is about how malware spred by USB sticks (which is what they are talking about) can gain control over SCADA devices, which basically are the electromechanisal instruments that allow computers to control mechanical devices like pumps, valves, turbines and such.

Still not worried? There are theories that such a thing could be responsible for the repeated unexpected shutdown in power plants like this one:
Inspection team headed to Pa. nuclear plant

But of course, nuclear power is safe and all they have to do to make them safer again is the "cleaning of a USB device before each use" - LOL!

And they did not even start to consider it seems that people will do stupid stuff like hooking up their cellphones to a computer to browse facebook (and other sites that can be harmful) on their workstations because they are bored a la Homer Simpson...
__________________
Know your idols: Who said "Hitler killed five million Jews. It is the greatest crime of our time. But the Jews should have offered themselves to the butcher's knife. They should have thrown themselves into the sea from cliffs.". (Solution: "Mahatma" Ghandi)

Stop terraforming Earth (wordpress)

"Humans are storytellers. These stories then can become our reality. Only when we loose ourselves in the stories they have the power to control us. Our culture got lost in the wrong story, a story of death and defeat, of opression and control, of separation and competition. We need a new story!"
Reply With Quote
  #2  
Old 01-17-2013, 06:00 PM
Clarke's Avatar
Karyu
Clarke wants his own Avatar.
 
Join Date: Jul 2011
Location: Scotland, 140 years too early
Posts: 1,330
Default

Quote:
Originally Posted by auroraglacialis View Post
But of course, nuclear power is safe and all they have to do to make them safer again is the "cleaning of a USB device before each use" - LOL!
Urgh, no. All you have to do to make them safe "again" is design the software sanely. To catch this particular case, by signing your software updates - which you should be doing with any sort of mission-critical component anyway.

__________________
Reply With Quote
  #3  
Old 01-17-2013, 08:18 PM
Moco Loco's Avatar
Dandy Lion
Moco Loco is a lion in a low place
 
Join Date: Jun 2011
Location: New Orleans
Posts: 2,912
Send a message via Skype™ to Moco Loco
Default

Haha, great comic for this
__________________

Reply With Quote
  #4  
Old 01-18-2013, 01:08 AM
Human No More's Avatar
Toruk Makto, Admin
Human No More has no status.
 
Join Date: Mar 2010
Location: In a datacentre
Posts: 11,751
Default

Again, scaremongering. Any system is vulnerable. The only one that isn't is one that literally can not be used - perhaps encased in a block of concrete underground. Sure, SCADA systems in general are often extremely vulnerable, but that doesn't affect safety-critical systems, which are not only non-electronic but always fail to a safe state - that is, when running they are *preventing* a shutdown. Even if malware did cause a failure, it'd just be a disruption of the same kind wind experiences every few hours or whenever the wind gets too high

Actually, I can tell you, detecting malware/threats is good - it's when none are detected that I start to wonder about the quality of security policy and monitoring.

As for mobile phone / facebook use, any competent admin can filter devices and sites, so not really.
__________________
...
Reply With Quote
  #5  
Old 01-18-2013, 07:56 AM
Raiden's Avatar
Outlier
Raiden BIOSYNTHETIC LIFEFORM #R41-D3N
 
Join Date: Apr 2010
Posts: 1,072
Default

An den teh v1rusez wur mootatered bye da noocyoolur radiashun an dey becaem in vinsible1!!11!

Safe nuclear power is certainly important, but Clarke and HNM are right; nothing is perfect, and aside from the waste issue, fission is one of the best energy sources we have right now.

Fusion would be much better, but more people need to throw money at it before that can happen. If we could use safe, properly-protected software to control energy sources like these, then we'd be one step closer to solving energy problems worldwide.
__________________
Modern technology owes ecology an apology.

Trouble keeps me running faster

Save the planet from disaster...
Reply With Quote
  #6  
Old 01-18-2013, 02:42 PM
auroraglacialis's Avatar
Tsulfätu
auroraglacialis can now be called "doctor"
 
Join Date: Apr 2010
Location: Central Europe
Posts: 1,622
Default

Yes obviously they are doing somethign wrong with their software if they can be affected like this. Thats the point. And yes - it is better if people detect these things than if they never detect any but there still are some.

Re people visiting infected websites - well I am always surprised under what conditions for example "Skype" still works. And if people use for example their iPhonies to do some weird stuff, infect them with some malware and then try to connect them to their workstations with USB to load some pictures on it as a screensaver (just to name one out of many many infection vectors) - you would have a hard time to keep people from at least trying.

No, systems are not designed to automatically detect malware and then set SCADA devices to a safe state. This only works if the malware for some reason just resets the SCADA device or sets all ports to 0 or something like that. If it does some random weird things to it (opening some valves, closing others, adjusting pump rates,...), then one can only hope that any secondary safety systems are not controlled by infected computers or not by computers at all. Because these will have to detect the malfunction of the main control system and then shut it down. If that happens fast enough, all if fine (sort of) - if not - well... SCADA - Iran Rips-and-Replaces Centrifuges Post-Stuxnet - eWeek Security Watch

The point is that nuclear power as safe or unsafe as the technology in itself may be is still very vulnerable to the people designing and operating it. And this is IMO a very bad risk to take for machinery that can harm many people if operated in a wrong way. If a airplane pilot or even a prison guard does something stupid, it may cost 400 peoples their life or release 400 people from captivity (erm - assuming that this is a bad thing for the moment ). But the bad decisions of people in the small town of Chernobyl still affect millions of lives. This is what really bothers me - not the normal regular planned operation (thats a different and also severe issue because of the waste generated), but what happens if things do not go well, if someone is frustrated and disables the cooling pumps because his wife left him, because he found Allah or because he is about to be fired. What happens if the janitor wants to secretly print a foto of his dog on the high quality printers at work and puts his USB stick in a workstation there that has not only 100 dog photos but also 100 varieties of malware on it that acts without having to be started ... again this is just one hypothetical and possibly avoidable scenario but there are many ways that something malicious can get into the controlling operations of any industrial operation - just the amount of damage that can be done varies considerably. Chemical plants are also a really dangerous thing in that respect as they also can harm many people living nearby, though they have definitely less of a "scare factor" than the invisible contamination from radiation.
If anything then my argument is to not build industrial operations that can harm many people (or larger sections of the environment) if they should go wrong because inevitably they will fail for one reason or another - there is no 100% security one should not build anything that relies on 100% security to be safe.
__________________
Know your idols: Who said "Hitler killed five million Jews. It is the greatest crime of our time. But the Jews should have offered themselves to the butcher's knife. They should have thrown themselves into the sea from cliffs.". (Solution: "Mahatma" Ghandi)

Stop terraforming Earth (wordpress)

"Humans are storytellers. These stories then can become our reality. Only when we loose ourselves in the stories they have the power to control us. Our culture got lost in the wrong story, a story of death and defeat, of opression and control, of separation and competition. We need a new story!"
Reply With Quote
  #7  
Old 01-21-2013, 01:45 AM
Human No More's Avatar
Toruk Makto, Admin
Human No More has no status.
 
Join Date: Mar 2010
Location: In a datacentre
Posts: 11,751
Default

Actually, controlling USB devices is trivial if you throw money at it or have a good build process - or just have software report on connected USB devices so you can isolate the responsible PC and send security over

Skype uses a specific port range and is really not hard to detect; it even requires a return port to be forwarded for it to be used for incoming calls.

Nobody said anything about ' automatically detect malware and then set SCADA devices to a safe state' - you're building straw men again.

Remember, if parameters go out of the safe range, it causes a shutdown; not initiates. If someone turns terrorist and tries to disable pumps, that would just shut it down once the coolant is too low, which is not SCADA-controlled. I have already admitted that yes, some reactors are still in operation that certainly should not be due to age, but that is simply due to underinvestment and the weakness of all other forms of energy generation that do not use oil and gas. Equally, yes, the terrorist would likely cause a localised power outage, but they could do the same at any energy type far more easily.

If someone wants to use a printer and brings in a flash drive, he is not only directly violating policy and at risk of being fired, but if their admin is anywhere near competent, he will have locked down USB access, have reporting software to show any attempted access to removable storage or services like dropbox, and audit logs of actions.

In Iran, the centrifuges were for refinement and not part of a reactor; they also shut down safely even if they did sustain damage - remember, this was a system set up by a literal rogue state run by people still stuck in the 16th century, and yet nothing bad happened even there.

Nothing is provably completely secure, yes, which is exactly why failsafe systems are built in that do not rely on humans.
__________________
...

Last edited by Human No More; 01-21-2013 at 01:57 AM. Reason: ...
Reply With Quote
  #8  
Old 01-21-2013, 02:14 AM
Niri Te's Avatar
Ikran Makto
Niri Te Is studying Na'vi REALLY hard
 
Join Date: Dec 2011
Location: Salt Flat, Hudspeth County, Texas, USA
Posts: 758
Default

Which is WHY I am a firm believer in Nuclear power for the short term, (50 to 75 years), until we can design, test, and put online, something better.


Quote:
Originally Posted by Human No More View Post
Actually, controlling USB devices is trivial if you throw money at it or have a good build process - or just have software report on connected USB devices so you can isolate the responsible PC and send security over

Skype uses a specific port range and is really not hard to detect; it even requires a return port to be forwarded for it to be used for incoming calls.

Nobody said anything about ' automatically detect malware and then set SCADA devices to a safe state' - you're building straw men again.

Remember, if parameters go out of the safe range, it causes a shutdown; not initiates. If someone turns terrorist and tries to disable pumps, that would just shut it down once the coolant is too low, which is not SCADA-controlled. I have already admitted that yes, some reactors are still in operation that certainly should not be due to age, but that is simply due to underinvestment and the weakness of all other forms of energy generation that do not use oil and gas. Equally, yes, the terrorist would likely cause a localised power outage, but they could do the same at any energy type far more easily.

If someone wants to use a printer and brings in a flash drive, he is not only directly violating policy and at risk of being fired, but if their admin is anywhere near competent, he will have locked down USB access, have reporting software to show any attempted access to removable storage or services like dropbox, and audit logs of actions.

In Iran, the centrifuges were for refinement and not part of a reactor; they also shut down safely even if they did sustain damage - remember, this was a system set up by a literal rogue state run by people still stuck in the 16th century, and yet nothing bad happened even there.

Nothing is provably completely secure, yes, which is exactly why failsafe systems are built in that do not rely on humans.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Visit our partner sites:

      pandoraworld.ru



All times are GMT +1. The time now is 08:17 AM.

Based on the Planet Earth theme by Themes by Design


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Content Relevant URLs by vBSEO ©2011, Crawlability, Inc.
All images and clips of Avatar are the exclusive property of 20th Century Fox.