This is happening in the US, too. Remember the rule: we’re all using the same infrastructure, so we can either keep it insecure so we—and everyone else—can use it to spy, or we can secure it so that no one can use it to spy.
Entries Tagged "infrastructure"
Page 5 of 10
New paper: “Green Lights Forever: Analyzing the Security of Traffic Infrastructure,” Branden Ghena, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman.
Abstract: The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leverage these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment in coordination with authorities. Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage. We make recommendations on how to improve existing systems and discuss the lessons learned for embedded systems security in general.
This is a crazy overreaction:
A 19-year-old man was caught on camera urinating in a reservoir that holds Portland’s drinking water Wednesday, according to city officials.
Now the city must drain 38 million gallons of water from Reservoir 5 at Mount Tabor Park in southeast Portland.
I understand the natural human disgust reaction, but do these people actually think that their normal drinking water is any more pure? That a single human is that much worse than all the normal birds and other animals? A few ounces distributed amongst 38 million gallons is negligible.
EDITED TO ADD (5/14): They didn’t flush the reservoir after all, but they did move the water.
On April 1, I announced the Sixth Mostly-Annual Movie-Plot Threat Contest:
For this year’s contest, I want a cyberwar movie-plot threat. (For those who don’t know, a movie-plot threat is a scare story that would make a great movie plot, but is much too specific to build security policy around.) Not the Chinese attacking our power grid or shutting off 911 emergency services—people are already scaring our legislators with that sort of stuff. I want something good, something no one has thought of before.
It’s November 2015 and the United Nations Climate Change Conference (UNCCC) is underway in Amsterdam, Netherlands. Over the past year, ocean level rise has done permanent damage to critical infrastructure in Maldives, killing off tourism and sending the economy into freefall. The Small Island Developing States are demanding immediate relief from the Green Climate Fund, but action has been blocked. Conspiracy theories flourish. For months, the rhetoric between developed and developing countries has escalated to veiled and not-so-veiled threats. One person in elites of the Small Island Developing States sees an opportunity to force action.
He’s Sayyid Abdullah bin Yahya, an Indonesian engineer and construction magnate with interests in Bahrain, Bangladesh, and Maldives, all directly threatened by recent sea level rise. Bin Yahya’s firm installed industrial control systems on several flood control projects, including in the Maldives, but these projects are all stalled and unfinished for lack of financing. He also has a deep, abiding enmity against Holland and the Dutch people, rooted in the 1947 Rawagede massacre that killed his grandfather and father. Like many Muslims, he declared that he was personally insulted by Queen Beatrix’s gift to the people of Indonesia on the 50th anniversary of the massacre—a Friesian cow. “Very rude. That’s part of the Dutch soul, this rudeness”, he said at the time. Also like many Muslims, he became enraged and radicalized in 2005 when the Dutch newspaper Jyllands-Posten published cartoons of the Prophet.
Of all the EU nations, Holland is most vulnerable to rising sea levels. It has spent billions on extensive barriers and flood controls, including the massive Oosterscheldekering storm surge barrier, designed and built in the 80s to protect against a 10,000-year storm surge. While it was only used 24 times between 1986 and 2010, in the last two years the gates have been closed 46 times.
As the UNCCC conference began in November 2015, the Oosterscheldekering was closed yet again to hold off the surge of an early winter storm. Even against low expectations, the first day’s meetings went very poorly. A radicalized and enraged delegation from the Small Island Developing States (SIDS) presented an ultimatum, leading to denunciations and walkouts. “What can they do—start a war?” asked the Dutch Minister of Infrastructure and the Environment in an unguarded moment. There was talk of canceling the rest of the conference.
Overnight, there are a series of news stories in China, South America, and United States reporting malfunctions of dams that resulted in flash floods and death of tens or hundreds people in several cases. Web sites associated with the damns were all defaced with the text of the SIDS ultimatum. In the morning, all over Holland there were reports of malfunctions of control equipment associated with flood monitoring and control systems. The winter storm was peaking that day with an expected surge of 7 meters (22 feet), larger than the Great Flood of 1953. With the Oosterscheldekering working normally, this is no worry. But at 10:43am, the storm gates unexpectedly open.
Microsoft Word claims it’s 501 words, but I’m letting that go.
Congratulations, Russell Thomas. Your box of fabulous prizes will be on its way to you soon.
History: The First Movie-Plot Threat Contest rules and winner. The Second Movie-Plot Threat Contest rules, semifinalists, and winner. The Third Movie-Plot Threat Contest rules, semifinalists, and winner. The Fourth Movie-Plot Threat Contest rules and winner. The Fifth Movie-Plot Threat Contest rules, semifinalists, and winner.
A otherwise uninteresting article on Internet threats to public infrastructure contains this paragraph:
At a closed-door briefing, the senators were shown how a power company employee could derail the New York City electrical grid by clicking on an e-mail attachment sent by a hacker, and how an attack during a heat wave could have a cascading impact that would lead to deaths and cost the nation billions of dollars.
Why isn’t the obvious solution to this to take those critical electrical grid computers off the public Internet?
Alan T. Murray and Tony H. Grubesic, “Critical Infrastructure Protection: The Vulnerability Conundrum,” Telematics & Informatics, 29 (February 2012): 5665 (full article behind paywall).
Abstract: Critical infrastructure and key resources (CIKR) refer to a broad array of assets which are essential to the everyday functionality of social, economic, political and cultural systems in the United States. The interruption of CIKR poses significant threats to the continuity of these systems and can result in property damage, human casualties and significant economic losses. In recent years, efforts to both identify and mitigate systemic vulnerabilities through federal, state, local and private infrastructure protection plans have improved the readiness of the United States for disruptive events and terrorist threats. However, strategies that focus on worst-case vulnerability reduction, while potentially effective, do not necessarily ensure the best allocation of protective resources. This vulnerability conundrum presents a significant challenge to advanced disaster planning efforts. The purpose of this paper is to highlight the conundrum in the context of CIKR.
A hack against a SCADA system controlling a water pump in Illinois destroyed the pump.
We know absolutely nothing here about the attack or the attacker’s motivations. Was it on purpose? An accident? A fluke?
EDITED TO ADD (12/1): Despite all sorts of allegations that the Russians hacked the water pump, it turns out that it was all a misunderstanding:
Within a week of the report’s release, DHS bluntly contradicted the memo, saying that it could find no evidence that a hack occurred. In truth, the water pump simply burned out, as pumps are wont to do, and a government-funded intelligence center incorrectly linked the failure to an internet connection from a Russian IP address months earlier.
The end of the article makes the most important point, I think:
Joe Weiss says he’s shocked that a report like this was put out without any of the information in it being investigated and corroborated first.
“If you can’t trust the information coming from a fusion center, what is the purpose of having the fusion center sending anything out? That’s common sense,” he said. “When you read what’s in that [report] that is a really, really scary letter. How could DHS not have put something out saying they got this [information but] it’s preliminary?”
Asked if the fusion center is investigating how information that was uncorroborated and was based on false assumptions got into a distributed report, spokeswoman Bond said an investigation of that sort is the responsibility of DHS and the other agencies who compiled the report. The center’s focus, she said, was on how Weiss received a copy of the report that he should never have received.
“We’re very concerned about the leak of controlled information,” Bond said. “Our internal review is looking at how did this information get passed along, confidential or controlled information, get disseminated and put into the hands of users that are not approved to receive that information. That’s number one.”
Notice that the problem isn’t that a non-existent threat was over hyped in a report circulated in secret, but that the report became public. Never mind that if the report hadn’t become public, the report would have never been revealed as erroneous. How many other reports like this are being used to justify policies that are as erroneous as the data that supports them?
Mason Rice, Robert Miller, and Sujeet Shenoi (2011), “May the US Government Monitor Private Critical Infrastructure Assets to Combat Foreign Cyberspace Threats?” International Journal of Critical Infrastructure Protection, 4 (April 2011): 3–13.
Abstract: The government “owns” the entire US airspace–it can install radar systems, enforce no-fly zones and interdict hostile aircraft. Since the critical infrastructure and the associated cyberspace are just as vital to national security, could the US government protect major assets–including privately-owned assets–by positioning sensors and defensive systems? This paper discusses the legal issues related to the government’s deployment of sensors in privately owned assets to gain broad situational awareness of foreign threats. This paper does not necessarily advocate pervasive government monitoring of the critical infrastructure; rather, it attempts to analyze the legal principles that would permit or preclude various forms of monitoring.
Sidebar photo of Bruce Schneier by Joe MacInnis.