"a remarkable number of attempted attacks on our system"
I've seen this requoted in a few places, but nowhere seemed to give a timeframe for the 'thousands' of attempted attacks.
Was there one?
A UK government minister has warned that cyber-terrorists were attempting to take out the national grid. Security Minister Lord West of Spithead also said that state-sponsored hackers are attempting to infiltrate corporate networks to steal commercial secrets. Much of this could have been said at any time over the last four or …
Ever look at a firewall log and you'll see misc bots trying it on. Over and over and over again. I don't take it personally though, I'm not very interesting. And they're mostly looking for unpatched windows boxes using a modem anyway.
Anyway, why is anything important connected to the internet anyway? I'm pretty sure that the power grid, military and other places would want their own dedicated wires. I mean we have two offices and they have a dedicated line between them via the exchanges.
Of course they dont have a timeframe.
The attacks are to show how the government needs to lock down the internet to protect us from terrorists/pedos/drugdealers/whoever... So they need to create panic and knocking out the power for a few days is the perfect way for our government to show how we need them to protect us from.. err. them (they are the real terrorists afterall)
Do they do tinfoil hats in kevlar yet?
are these systems even on the net. There must be enough of them (With water, power, banking, govenment data systems) to have some sort of national critical systems LAN. Limited conection to any other network/teh internets (If any at all) etc.
I can see how it may be difficult to stop any computors being on this network and any other one, but you would be able to stop companys putting there net servers on them, and a few PC's conected to both wouldent be to much of a problem as you could quickly trace any issues, and anything realy bad, like a DDoS attack or trying to pwn the network would quickly fall apart due to the limited bandwidth.
With the emphasis on 'simple'. Therefore one has to ask - Who told him to say these words he doesn't really understand? And what new and exciting National Security policy is it spin for?
Perhaps they are going to make electricity secret so that the cost can be excluded from the inflation figures and people who query their bills from EDF ("London 2012 sustainability partner", it says here) can be locked up.
Paris - whether the lights are on or not.
A huge number of attacks on our [insert target here] over the past [insert timeframe], by [insert attackers here].
[N.B. Note to user, after using above mentioned scare tactic line, feel free to make up any old crap thereafter for whatever purposes you need. Please use the trusted media outlets list to spread as much panic and fear as possible within the public. Also please note that it is not always guarnteed to work so please feel free to resort to a traditional sex scandal to get your name in the mainstream.]
They are not open to public networks, but from the article it seems they all now exist on an interconnected system of their own. The risk of attack on these systems still remains a largely physical threat as opposed to completely remote intrusions.
Rest of the article is a bit thin on details in regards to SCADA systems themselves though?
from a combination of:
i) it is cheaper to employ a tech droog to use a web-based management console than it is to put him in a van on the road and have him drive all over the place
ii) this is good for PROFIT, especially when combined with not bothering [see i)] to spend money on secure configuration(s)
iii) especially, contempt for the risks arising from external threats bearing on the vulnerabilities of the selected technology so these are not properly understood, correctly mitigated [see ii)] and accounted for
No security breach is ever an accident - not a single one
On security matters. It is recognized that US installations in the UK have been eavesdropping on UK business and stealing commercial secrets for decades. A bit awkward for West to describe the picture in the round then, but it's not the first time he's had to confront that little problem.
Ahhh the old 'Fire Sale Attack' scam... Looks like the ministers have been watching Die Hard 4.0 and thought hey... that sounds like a good way to scare the public into paying more taxes...
Paris - Because if she was in Die Hard 4.0 we would have all watched it.
Given that most of the el-reg's readerships knows a thing about defending a system from a cycber attack, that means that they also know howto commit a cyber attack and that therefore any IT tech with even a smidge of knowledge shall be taken into 'protective custody' to protect the children.
If they should complain about their treatment , then they will be 'shot while escaping'
<<digging a deep dark hole to hide in
In 1986, some classified documents about naval spending cuts that Captain West had taken home with him were dropped while he was walking his dog. He was charged and reprimanded by the Royal navy. The documents were found by a freelance journalist (Yeah right!). He managed to do this without the use of CDs or thumb drives and without involving trains or taxis, what a brilliant mind! No wonder his services are sought by other brilliant minds such as Brown Trousers.
I think they are comming for me.......
Every woman that prayeth or prophesieth with her head uncovered dishonoureth her head: for that is even all one as if she were shaven.
You don't have to understand it. It doesn't have to make sense. It is for the good of the Children, the People, the Country and the Queen so you must do it - cause God says so and so does Gordon Brown/GW Bush/Tony Blair/etc...
This will be your only explanation. There will be no further warnings before you are summarily executed. Have a blessed day.
Sounds like some manager's been reading the IPS logs again. There have been "thousands of attacks" on my servers in the last few weeks. Except that most of them weren't "attacks" at all, just things you'd want your IPS or firewall to block because it's of no use to you.
People with only a little knowledge of networks could work themselves into a lather if they were to take a look at how many denies crop up per minute on most large corporate firewalls, but imagine how much they could wind up somebody with no knowledge at all.
There was some civil servant (or maybe she was "a government advisor") on the radio last year trying to whip up a little FUD by claiming that terrorists could take over everything electronic because it's all connected to the internet. One thing she mentioned was traffic lights, which kind of amused me because the one large scale traffic light system I have worked with is not connected to the internet at all, not even indirectly. A lot of politicians and the like make the mistake of assuming that (a) TCP/IP = internet and (b) internet = vulnerable.
The main lesson to be learned is that if there is no need to connect your sensitive system to the wibbly wobbly web then don't do it.
Then how about some actual practical precautions, to avoid the near-catastrophic loss of electricity (over half a million homes, businesses, hospitals, GCHQ, etc) which would have occurred in and around Gloucester last year if the floods had been an inch or two higher at Walham control centre, floods which as it was left over 300,000 people without drinking water and needed an already-overstretched armed forces to be called in to distribute bottled water and build a "temporary" dam around the control centre?
Have we (they?) all already forgotten the Carlisle floods in January 2005, where over 60,000 homes were without power? http://www.cumbriafire.gov.uk/about/incidents/floods/story.asp
'Course a much bigger risk than cybernightmares now the UK utilities are all in foreign hands is that when the next gas shortage arrives e.g. because the Russians aren't our friends any more, the foreign-owned gas and electricity companies will be keeping "our" gas imports for their own domestic use in Germany, Spain, wherever - after all, it's a free market now, and if there's not enough gas supply to match demand, where's it going to go?
Tell Sid, he used to own it.
The National Grid is NOT a single centralised point-of-attack anyhow! How can anyone HOPE to bring down power stations that have yet to even SEE a digital computer, let alone have one controlling it? Through the fucking internet? Grow a BRAIN!
Power stations are NOT all neatly networked to each other via hi-tech computery bullshit. Most of them are more than 50 years old. They DON'T have any common point of communication with one another.
Get a fucking grip of reality: we're being shafted, scammed and spoken to like we were dribbling imbeciles.
Stop it. It's laughable.
"I mean we have two offices and they have a dedicated line between them via the exchanges."
So not very secure then...even if it's a true static LL/PL it'd only take an hour tops to locate the right pair sets in a nearby distribution point and install the appropriate sniffers or splitters.
"I do believe that SCADA systems use a highly proprietary command system that costs many millions to buy."
Not quite...I've worked on a number of small and medium scale SCADA systems for a lot less! The big issue is that if there is a PC somewhere in the SCADA system that is somehow connected t'internet then once a CyberTerrorist gets control of the PC, they will have access to the SCADA network via what's already on the PC - no SCADA experience necessary.
"How can anyone HOPE to bring down power stations that have yet to even SEE a digital computer...They DON'T have any common point of communication with one another."
Obviously not been escorted around any power plants recently - most of them use computerised monitoring systems - which is where SCADA comes in. I'm reliably informed that all UK primary (and many reserve) power plants have communications links into the NationalGrid NCC so that the boffins @ NCC can intelligently route power to where it's needed - or to tell the bod's @ Drax to throw a few more eco protestors onto the fire when the ad breaks come on!
Mine's the one with the MI5 tracker/bug in the pocket along with the ticket for a free 42 day stay at one her Maj's finest cop shops!
Greg, did you see the BBC "Britain From Above" episode featuring the National Grid control centre (shown 10 Aug?), or does your TV only get Sky programmes?
Does the expression "single point of failure" mean anything?  Do you have a clue about the UK electricity generation and distribution business - the "more than 50 years old" comment says you don't... name three power stations that are over 50 years old and still operating, why don't you? One would be a good start.
It is laughable, but the joke's on you, you're the one that needs to "grow a BRAIN"!
 Afaik the featured control centre is NOT a single point of failure as it has a backup site elsewhere... but the basic point is the same, a lot of these places (power stations, control and switching centres across the country) are directly or indirectly communicating with each other and a loss of communication or of control, whilst unlikely, would not be good for the UK.
No it's a line that goes from our office to the exchange (leased line) then from that exchange to the other exchange, (I would suppose fiber backbone between local exchanges but I don't know as I wasn't involved in the process directly) then from that exchange to our other office (leased line).
No internet involved. It would of been easier if both offices were on the same exchange mind you.
I do know quite a bit about the engineering of these stations (I have recently been in the control rooms of the first two) and I assure you they are not controlled from a central point and cannot be subverted in the manner you believe.
All are over 50,
Do you believe everything you see on TV?
I wonder if a leading defence contractor has a new product aimed at protecting the national grid etc, after all Lord West is in the right position to know that...
No doubt the dirty terrs (possibly with towels on their heads and long scraggly beards) would attempt to disguise themselves as squirrels (removing towels from heads and donning squirrel suits), then infiltrate the national grid, blowing it up.
You laugh - but it's been done already!
If the dirty terrs were super clever, they'd dress up as red squirrels, as everyone loves them.
Muhhhaaaaa, all your nuts are belong to us!
Many years ago in the late 1980's a defence establishment I worked at had a policy of not connecting its systems to the internet - for obvious reasons.
Evidentally what has happened, is that goverment organisations, national infrastructure projects have conciously decided to use the internet to link its systems together to save costs, they could have developed their own network without any access to the internet at all. Security would be far greater.
So these organisations have sacrificed security for money, with the risk that hackers could bring down power generating capacity in the UK.
Which plonker made this decision?
some little sailor boy is now making comments on the security of highly complex computer system, go back to pushing your toy dinghy about.
Where does this country get them, it is no wonder we are a laughing stock across the globe.
All these systems should be under constant review, designed to be connected to the internet and wherever a connection does exist, access rigorously monitored, it really is that simple, anchors away.
It is odd, government spending money on a surveillance system that will just be turned against them, and some navy drip bleating on about how the main services are vulnerable (though note he doesn't say why). We just have morons running this country, absolutely pathetic.