back to article Air-gapping SCADA systems won't help you, says man who knows

Hoping to keep industrial control systems out of reach of hackers by keeping them air-gapped is a hopeless mission that’s bound for failure, according to a SCADA guru. Isolating SCADA systems as a means of protection has been suggested by some as a defensive tactic after hackers briefly took out elements of the power grid in …

Page:

  1. Chemist

    What !

    " “They were designed to manage regulators and voltage flow and that’s still what they do.”

    voltage flow ! Sigh - it's also the 2nd time I've heard the term this week.

    1. Sir Runcible Spoon

      Re: What !

      Perhaps they just substituted the word Gas (or electricity) for Voltage, either way it definitely looks weird seeing those two words together.

  2. AndrewDu

    "SCADA started off with archaic protocols such as FDDI, Token Ring but “good luck building a network with anything other than TCP/IP now,” Lakhani added."

    Uh, last time I looked, Token Ring was a transport protocol, it can handle TCP/IP traffic just as it can handle any other.

    True, it's expensive and outdated, but goofs like this make me wonder whether anything the guy says can be trusted.

  3. CAPS LOCK

    The ONLY reason Stuxnet worked at Natanz is that the BOFH failed to invest in...

    ... a tub of Plastic Padding (type elastic). A genuine haporth-o-tar situation...

    1. Anonymous Coward
      Anonymous Coward

      Re: The ONLY reason Stuxnet worked at Natanz is that the BOFH failed to invest in...

      Sorry but that's factually incorrect.

      There was a piece of equipment (specifically a Siemens/Simatic "programming panel") which was (unfortunately) allowed to connect to the corporate LAN, where it got infested by a Windows zero day exploit. It was then physically or logically allowed to connect to the automation LAN, where its normal use is programming the automation gear, hence the name. The zero day payload then infested the Siemens Simatic kit on the automation network.

      Gross oversimplification, but the story is widelty documented (Ralph Langner is one of the better ones).

      Where were you suggesting the Plastic Padding should have been applied to be useful in that picture?

  4. Anonymous Coward
    Anonymous Coward

    Said it before, will say it again

    I make SCADA software. There is no way in Hell to get customers to pay me to add a security layer, and I can't afford doing it for free. If I insisted, they'd just get someone else to do it. There are technical problems, sure, but the main one is economical/cultural.

    1. Anonymous Coward
      Anonymous Coward

      Re: Said it before, will say it again

      If that's the case, it looks like government regulation is going to be the only answer for this in the US.

    2. amanfromMars 1 Silver badge

      Said it before, will say it again ..... with PEBKAC rules, ITs Systems Fail Catastrophically

      I make SCADA software. There is no way in Hell to get customers to pay me to add a security layer, and I can't afford doing it for free. If I insisted, they'd just get someone else to do it. There are technical problems, sure, but the main one is economical/cultural...... Anonymous Coward

      So, as was mentioned earlier within an alien solution, we agree, AC, When the Problem is the Lowest Common Denominator Introduce an Upper Divider and AIDivision, is the abiding problem human ..... with Advanced Intelligence AWOL and/or MIA.

      Do you think the deficiency can be supplied artificially via virtually remote anonymous means and autonomous memes?

      The posit here from this source is most certainly it can, and when needs must, it always is provided and a new orderly world order takes over makeovers.

      Impossible to believe that it be humanly possible with Cyber Command and Computer Control of IT and AI? Or presently just too difficult to comprehend and accept SMARTRMedia is sharing and launching?

  5. Fungus Bob

    People always worry about the wrong things

    Hackers? Pah! We don't even have our critical infrastructure hardened against bird shit.

    http://www.theregister.co.uk/2016/03/05/bird_crap_shutters_nuclear_power_plant/

    Or squirrels of doom...

    http://www.cybersquirrel1.com/

  6. Anonymous Coward
    FAIL

    Nuclear centrifuge-busting Stuxnet worm

    “20 years ago, Faizel Lakhani .. created the first SCADA system .. it’s only since the appearance of the nuclear centrifuge-busting Stuxnet worm back in 2010 that anybody has paid serious attention to the security of the technology”

    “Slammer downed one utility's critical SCADA network”

    “FE’s computer SCADA alarm and logging software failed sometime shortly after 14:14 EDT (the last time that a valid alarm came in)”

  7. CommanderGalaxian
    FAIL

    Never seen a SCADA system compromised yet...

    ...without some random technician plugging in a "sheep dipped" USB stick or "clean" laptop absolutely hoaching with malware.

  8. Doctor Syntax Silver badge

    “good luck building a network with anything other than TCP/IP now”

    FTFY

  9. gollux
    Mushroom

    More SBO

    Increasingly, the "Air Gap" is just another "Security By Obscurity" tactic. If it ain't secure offline, it ain't secure. There's always a way of jumping the "Air Gap", and often, the people working with the system assume that the "Air Gapped" system is automatically secure.

    1. Anonymous Coward
      Anonymous Coward

      Re: More SBO

      But by your definition, the only way to be secure is to never use it, which kinda defeats the purpose. After all, SOMEONE has to have the keys...

  10. anonymous boring coward Silver badge

    They use wifi and think they are air-gapped?

    I think they took the term too literally.

  11. Goopy

    This is an ad for the guys biz.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon