BBC Stuxnet programme (OT)

One stand-out from the programme was the point that the 'air-gap' idea was regarded as a bad joke by the security experts.

Air gaps work provided there is a guard maintaining the air gap. You get shot if you try to access a really secret computer by crossing the air gap.

Nobody has hacked a computer I worked on even though they are publicly accessible and have been for a couple of decades now.

Even the customer had to ask us to recover some data they accidentally lost as it was encrypted and they didn't have the key.

Watch the program to see how it is done. As they explained, an "air-gap" is a good line of defence provided you have very tight control of anything which might go across it.

You need to be able to modify the code in PLCs (for example if you decide to change limits from the current preset range), and it is wise to be able to update firmware (for example to patch vulnerabilities).

This is traditionally done from a windows PC, running code which talks to the PLC. The Stuxnet hack was *very* clever. Someone sneaked the worm on to PCs inside the facility. Then it went and looked for the PLC editing program, and hacked that. Then, when anyone went to modify a PLC, it hacked the PLC firmware, taking great care all along not to be detected. When the PLC was back in service, nothing happened for 13 days, except that the rogue code was recording the parameters displayed on the operators console. After 13 days, it started playing back this "good" data and throwing away the actual data so the operator couldn't see anything wrong, then it wound up or down the speed of the centrifuges, which caused them to break. It knew enough about which PLCs were running centrifuges not to reveal itself by attacking any other PLCs of the same type.

And this is why we don't have PLCs in the final parts of the protection circuits for nuclear power plants, and also things like steam turbines and generators which can't tolerate significant overspeed. In the generating industry, we still remember Uskmouth in 1956. (Lecture on turbine overspeed protection available on request).

I have worked on such systems (if I told you where I would have to shoot you).

:-)

But only using MS Word. And I had no access to USB sockets, or floppy or optical drives. And these networks were not controlling *any* hardware.

This is true. On the other hand, Siemens and other PLC manufacturers now know what is possible, and can try to engineer protection.

And Stuxnet provides lots of types of signature for the AV community to look for.

Rootkits are of course very insidious.

But *not* AGRs. I don't know enough about the "guts" of Sizewell B to make the same statement, but I would be very surprised if their protection was vulnerable to hacking. I don't doubt that you could trip a reactor, perhaps even cause a small release of radioactivity by interfering with fans or dampers, but not cause a significant release.

Its funny how many people think they now about computer security without any idea of access control.

It works but only if you can lock down the hardware well enough. It only takes one tiny chink in the armour and you are stuffed.

Air gaps are another layer of security not the only security. If you have unattended access to a machine or network they have lost and you can hack it! Its just a matter of time.

Time being key, there isn't much point in hacking something if the data is out of date by the time you manage it. This is the basis of encryption, not that it can't be broken but that its not worth expending the time.

The point made in the prog. was that software updates/installs/logfile downloads bridge the gap. Don't rely on it.

And you know that precisely how?

Sensible people : ie obviously not you.

People who understand that Storyville is not about BBC productions at all:

"Storyville is a documentary strand presented by the BBC showcasing the best in international documentaries."

Understand now : or do you want words of one syllable?

You need to stick to the Daily Mail: is that where you got your hate of the BBC from?

Anyone who wants to know who actually made the programme. Surely you understand that the BBC was forced by a Tory government to allow programmes from independents that they would previously have made 'in house'?

Yup. Time we went back to proper BBC productions as of yesteryear. Like Dallas.

Audit trails and others.

"China has denied involvement ..."

um, no

if the device isn't networked, there will be no vulnerabilities than need to be patched

except that is, this process of patching

presumably this patching is there for other reasons, but don't know enough about PLCs to know what that would be

tim

All software has bugs.

Firmware may need to be updated to maintain manufacturer support, even without explicit bugs.

but back in the day you used to try and make sure that you found them all before releasing the product

not on any firmware I ever worked on (in 35 years)

It went out the door embedded inside the product and was never touched again

I appreciate that times have changed and that companies now rely upon making products software updatable (on the, usually, fictional excuse of being able to add features) so that they can ship before it is fully debugged

but I think that these products in Iran predated that trend BICBW

(though as they were updateable, there must be a reason, but I still don't believe we have hit on it)

tim