Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New York City Pushes Plan To Prevent Cyberattacks On Elevators, Boilers

timothy posted more than 2 years ago | from the what-about-egg-poachers-and-escalators? dept.

Security 171

coondoggie writes "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems and decided to disrupt them, imperiling the lives of hundreds of thousands of residents relying on them. Think it could never happen? Think again. 'You could increase the speed of how elevators go up or down,' says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority, which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems for the boilers, they could raise the heat levels for municipal boilers, causing them to explode." Maybe Bruce Schneier could run a new movie-scenario contest about ways this could play out.

cancel ×

171 comments

Sorry! There are no comments related to the filter you selected.

DUMB (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39959261)

These systems shouldn't be network accessible anyway.
!!!

Re:DUMB (5, Insightful)

spazdor (902907) | more than 2 years ago | (#39959507)

And even if they are, why on earth would they have software-configurable speeds or pressures that can range outside of safe parameters? The safety limits should be hard-coded.

Re:DUMB (5, Informative)

crashumbc (1221174) | more than 2 years ago | (#39959603)

They aren't the writer is a idiot. Boiler's have MULTIPLE safeties that will just them down locally.

Not to mention mechanically pressure release devices, at worst they would vent boiler water onto the boiler room floor...

Re:DUMB (4, Interesting)

tqk (413719) | more than 2 years ago | (#39959705)

They aren't the writer is a idiot. Boiler's have MULTIPLE safeties that will just [shut] them down locally.

Not to mention [mechanical] pressure release devices; at worst they would vent boiler water onto the boiler room floor...

We hope. Far too many geeks just assume what's drop dead obvious to them is drop dead obvious to users/regular mortals. You guys should know by now that's not true.

Then, add in moronic management. !@#$ generally wants to happen if it can. See Murphy's Law.

Re:DUMB (0)

Anonymous Coward | more than 2 years ago | (#39959801)

If what he is saying is true, then these things are time bombs waiting for a software fault. If you can consider it with malice then it is just as likely through incompetence.

Re:DUMB (1)

Anonymous Coward | more than 2 years ago | (#39959939)

I actually worked in the industry for years, it's law they have to have safeties, both mechanical and electrical... Same way you can't buy a hot water heater with out a release...

Re:DUMB (0)

Anonymous Coward | more than 2 years ago | (#39959943)

That's why there are building codes, building inspectors, plan reviews, professional plumbers and the requirement for a professional engineer to sign off the plans. See, in the real world, where we build real things, we have these systems. In your programming world, you make shit up to comply with made up requirements, and get shitty software as a result.

Re:DUMB (3, Insightful)

Darinbob (1142669) | more than 2 years ago | (#39960093)

I hope users/regular mortals are not installing boilers instead of professionals.

Re:DUMB (2)

solidraven (1633185) | more than 2 years ago | (#39959629)

Hard-coded isn't enough. Critical safety operations should NEVER be given to software. Remember what happened with the Therac-25 machines?

Re:DUMB (1)

Darinbob (1142669) | more than 2 years ago | (#39960141)

Users find ways to get around safety features too. Such as a machine requiring two users to push two buttons that are far apart in order to turn on the machine, but then it turns out someone figures out that they can just put a weight on one of the buttons and operate it with only one person.

Software can also be used to add safety. Same machine as above may be asking several times during operation "ask the patient's name" and so forth, all so that info can be cross referenced and operation shut down if things don't seem right (ie manually entered ID doesn't match the ID on the badge).

Re:DUMB (0)

Anonymous Coward | more than 2 years ago | (#39959739)

Better still boilers should come with manual pop-off valves when pressure hits a threshold, the valve opens up and the steam escapes. No explosion.
Sounds like someone is trying to be alarmist so more freedoms can be taken away - to protect the children of course.

Re:DUMB (0)

Anonymous Coward | more than 2 years ago | (#39959861)

author is an idiot.
He would be better off worrying about the radium in his pocket watch.
or all that Radon filling up his basement.

Re:DUMB (0)

Anonymous Coward | more than 2 years ago | (#39959911)

Most boilers are programmed using PLCs. There is no real "hard-coding", if you can get remote access you can change pretty much anything you want. The best security method would be isolated networks and leave the PLC key switch in "RUN" mode and not "remote" mode so edits cannot be made unless you have physical access. However, its really inconvenient for maintenance to have to physically flip a switch every time you need to look at the boiler program, so 99% of people leave the switch in remote mode.

Re:DUMB (1)

g0tai (625459) | more than 2 years ago | (#39960133)

They may be network accessible for monitoring or remote fault reporting purposes - Building Management Systems (commonly known as BEMS) can link to all kinds of things (Heating/cooling/etc, lighting, door security)

Re:DUMB (2)

RalphTheWonderLlama (927434) | more than 2 years ago | (#39960211)

Yeah! Go the Battlestar Galactica route and un-network all of this stuff!

Offline? (3, Insightful)

Nkwe (604125) | more than 2 years ago | (#39959277)

Maybe these systems should be on isolated networks.

Read only settings (0)

betterunixthanunix (980855) | more than 2 years ago | (#39959311)

That, and perhaps someone can explain what, if any, need there is for an elevator's speed to change after it has been calibrated?

Re:Read only settings (4, Funny)

h4rr4r (612664) | more than 2 years ago | (#39959351)

How else would the turbo button work?

Re:Read only settings (1)

i_ate_god (899684) | more than 2 years ago | (#39959405)

because the speed will probably have to be calibrated again after a period of time.

Re:Read only settings (1)

Dr_Barnowl (709838) | more than 2 years ago | (#39959455)

Ok, so why do you need to do that over a network?

I mean, if the elevator speed is inaccurate, then that means the sensors in the elevator that determine it's speed are inaccurate, so you have to bring new sensors on site anyway, so you can calibrate it onsite.

Re:Read only settings (1)

Anonymous Coward | more than 2 years ago | (#39960053)

Perhaps compliance with new regulations? A service company could theoretically roll an update out accross a country or state without having to visit each elevator.

Re:Read only settings (4, Insightful)

denobug (753200) | more than 2 years ago | (#39960297)

Perhaps compliance with new regulations? A service company could theoretically roll an update out accross a country or state without having to visit each elevator.

No you do that ON-SITE. This is not web services or video games. You have someone there locally to confirm it is working in real life when making parameter changes like this.

Re:Read only settings (1)

betterunixthanunix (980855) | more than 2 years ago | (#39959591)

Is that common though? It seems to me that once the speed of a elevator is calibrated, it should not need to change -- the calibration should be for the building itself, which should not frequently change. Sensors may malfunction and necessitate a recalibration, but if that still does not explain why the settings would need to be changed by the control system's software.

express mode is faster as they don't stop at each (1)

Joe_Dragon (2206452) | more than 2 years ago | (#39960303)

express mode is faster as they don't stop at each each floor.

Also there is a slow maintenance mode that also is in place.

most elevator have manual maintenance controls on top of the cab.

Re:Read only settings (0)

tqk (413719) | more than 2 years ago | (#39959767)

That, and perhaps someone can explain what, if any, need there is for an elevator's speed to change after it has been calibrated?

Stress testing the system? On a holiday when no civilians are around, speed it up and see if anything breaks. If not, then running at civilian speed should be safe.

Don't you people feed your programs bad data to find out what happens when they encounter it?!?

Re:Read only settings (1)

Bigby (659157) | more than 2 years ago | (#39960089)

Emergency use? Maybe paramedics...

Re:Offline? (3, Insightful)

cpu6502 (1960974) | more than 2 years ago | (#39959349)

They probably are. This guy is just trying to sell fear for personal gain (money or power). Ben Franklin was right when he said the greatest danger are those in power who are filled with avarice or ambition.

Re:Offline? (1)

c0lo (1497653) | more than 2 years ago | (#39959427)

They probably are. This guy is just trying to sell fear for personal gain (money or power). Ben Franklin was right when he said the greatest danger are those in power who are filled with avarice or ambition.

(pro)active stupidity in power is even worse.

Re:Offline? (1)

cpu6502 (1960974) | more than 2 years ago | (#39959691)

Democrat Congressman to Pentagon general: "I am concerned that if we put too many tanks on the island might..... tip over." - Yep. Stupidity in a leader is dangerous.

Re:Offline? (1)

c0lo (1497653) | more than 2 years ago | (#39960041)

Democrat Congressman to Pentagon general: "I am concerned that if we put too many tanks on the island might..... tip over." - Yep. Stupidity in a leader is dangerous.

(anecdotes aside... active stupidity is dangerous because makes the actions unpredictable. Avarice and ambitions show at least a pattern).

Re:Offline? (1)

RalphTheWonderLlama (927434) | more than 2 years ago | (#39960251)

Lol i saw the video. That's pretty bad but they later said the guy was off his meds at the time. I forgot what he had.

Movie scenario (1)

Anonymous Coward | more than 2 years ago | (#39959283)

Maybe they could run a movie scenario about how scare-mongering about trivial threats diverts attention and resources from real problems.

Re:Movie scenario (1)

Anonymous Coward | more than 2 years ago | (#39959367)

It's been done. The movie was called Wag the Dog.

Re:Movie scenario (1)

Anonymous Coward | more than 2 years ago | (#39959475)

Perhaps they can make one without a stupid title, so that I might actually be interested in watching it.

Re:Movie scenario (0)

Anonymous Coward | more than 2 years ago | (#39959565)

Maybe they could run a movie scenario about how scare-mongering about trivial threats diverts attention and resources from real problems.

It's been done. The movie was called Wag the Dog.

Perhaps they can make one without a stupid title, so that I might actually be interested in watching it.

Inform myself? No time for that, Dancing with the Stars is on!

The scream you just heard was America dying.

Re:Movie scenario (1)

Anonymous Coward | more than 2 years ago | (#39959913)

Maybe they could run a movie scenario about how scare-mongering about trivial threats diverts attention and resources from real problems.

It's been done. The movie was called Wag the Dog.

Perhaps they can make one without a stupid title, so that I might actually be interested in watching it.

Inform myself? No time for that, Dancing with the Stars is on!

The scream you just heard was America dying.

Quite the opposite. It was tomorrow's America rising from the mutation vats at McDonald's.

Re:Movie scenario (1)

Anonymous Coward | more than 2 years ago | (#39959713)

I know right, Se7en, Goodfellas, Dog Day Afternoon, and The Princess Bride are all so horrible. Good thing you gave them all a miss.

Does this guy even know anything about this? (5, Insightful)

h4rr4r (612664) | more than 2 years ago | (#39959293)

Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

Re:Does this guy even know anything about this? (0)

couchslug (175151) | more than 2 years ago | (#39959347)

"If the "evil-doers" are welding those shut you have other problems"

No shit. As long as "evil-doers" prefer a keyboard to a pipe wrench it's easier to defend against them.

A baddie with mechanical experience and perfectly legal hand tools could go walkabout and cause massive (literally) destruction.

I'll not put thoughts into idle heads, but "wrecking" (the very old Soviet term for it) could make quite a mess.

So much hype over hackers (1)

Anonymous Coward | more than 2 years ago | (#39959417)

A baddie with mechanical experience and perfectly legal hand tools could go walkabout and cause massive (literally) destruction.

But that require access. Just try to get into any big bilding without a security guard on your ass.

This article was written by someone who watches way too much TV. YOu can't take down anything with jsut a keyboard. Anonymous has proven that. If they could have cause a problem of this magnitude, they would have in their protests but the best they can do is vandalize websites and get stolen data.

Hackers can't do any real damage.

Re:So much hype over hackers (4, Insightful)

Dr_Barnowl (709838) | more than 2 years ago | (#39959485)

Just try to get into any big bilding without a security guard on your ass.

Get a boilerman's uniform. Wave your visitors pass. If the guard insists on accompanying you, look busy until he goes to pinch a loaf.

Half the reason Kevin Mitnick was notorious was not because he was a stone cold hacker - he was a good social engineer.

Re:So much hype over hackers (2)

WankersRevenge (452399) | more than 2 years ago | (#39959733)

good point .. but my real concern ... how the hell did the expression 'pinch a loaf' get coined?

Re:So much hype over hackers (0)

Anonymous Coward | more than 2 years ago | (#39959895)

nice try, FBI.

this seems like a great way to launder money to companies you promised under the table. imagine up some crazy threat, and imaginary enemy, and pay a company to "build you a widget".

Re:So much hype over hackers (1)

Darinbob (1142669) | more than 2 years ago | (#39960169)

Once you've got the uniform and have bypassed the guard, then you can just sabotage the boiler without hacking any software.

Re:So much hype over hackers (2)

X0563511 (793323) | more than 2 years ago | (#39959505)

Kevin Mitnick might disagree. [amazon.com] Replace curiosity with malice... the techniques still work.

Re:So much hype over hackers (0)

Anonymous Coward | more than 2 years ago | (#39959735)

How does that counter the statement, though? Kevin Mitnick didn't cause massive damage.

Re:So much hype over hackers (1)

X0563511 (793323) | more than 2 years ago | (#39959853)

Apparently you only looked at my first sentence and jumped to reply. Go back and read my whole post, please.

Re:So much hype over hackers (1)

AK Marc (707885) | more than 2 years ago | (#39959665)

I had my name on the guest register and a verified appointment and still couldn't get into "30 Rock" until the employee in that building came down and escorted me up. I don't think a maintenance guy unknown to security would have been able to make it in, even with proper forged documents.

Re:So much hype over hackers (1)

tqk (413719) | more than 2 years ago | (#39959863)

But that [requires] access. Just try to get into any big [building] without a security guard on your ass.

How about an airport? I've seen multiple stories attesting to the fact that passengers are scrutinized enormously, while catering staff and baggage handlers are challenged once at beginning of shift, then given free reign and left alone.

Re:So much hype over hackers (1)

tqk (413719) | more than 2 years ago | (#39959881)

s/reign/rein/

Re:So much hype over hackers (1)

SwedishPenguin (1035756) | more than 2 years ago | (#39960143)

Probably aren't many security guards patrolling boiler rooms of residential buildings. Luckily, we generally use district heating in apartment buildings over here and that includes mine so no need to worry about that.

Re:Does this guy even know anything about this? (1)

dfenstrate (202098) | more than 2 years ago | (#39959359)

You beat me to the punch. Likewise, many of these other systems will have hardwired safety systems that limit the danger they present.

I still think this equipment should be on isolated networks, but it's harder for me to get overly excited about ICS vulnerabilities.

Re:Does this guy even know anything about this? (2)

sunderland56 (621843) | more than 2 years ago | (#39959365)

Elevators also have speed controls, and cannot go faster than a certain designed-in speed because of mechanical reasons, not CPU controlled ones.

Besides, most elevators (and most boilers) in NYC predate the internet. On the elevators that are more modern, the average New Yorker would greatly appreciate it if you could speed them up somehow.....

Re:Does this guy even know anything about this? (1)

trout007 (975317) | more than 2 years ago | (#39959437)

Exactly. The speed of the elevator will be limited to the motor power. Now you could do something dangerous like waiting until 5 seconds after the door opens and then drop the elevator 10 feet. I don't know about the particular designs to know if there is a mechanical interrupt when the doors are open.

Re:Does this guy even know anything about this? (4, Funny)

cyberchondriac (456626) | more than 2 years ago | (#39959559)

Elevators also have speed controls, and cannot go faster than a certain designed-in speed because of mechanical reasons, not CPU controlled ones.

Aw crap, there goes my idea for a poor man's space elevator.

Re:Does this guy even know anything about this? (1)

cptdondo (59460) | more than 2 years ago | (#39959379)

I'm a bit baffled by this also. If all of the City's boilers and elevators are on the same network, and someone could successfully hack into it, they could possibly do some minor amount of damage. But really.... Elevators only hold a few people. And how many buildings actually have boilers? Don't most modern buildings use heat pumps? I don't know of any building that still uses steam, and those that do would be unlikely to have sophisticated networked controls.

You'd get much more bang for the buck by bombing Grand Central at rush hour... And much simpler.

Seems like someone has been watching too many 80s B movies.

Re:Does this guy even know anything about this? (0)

Anonymous Coward | more than 2 years ago | (#39959689)

What I would be wondering about is not so much the elevator speed settings (while those may need to be recalibrated or what not - i've heard some require 7th degree derivative equations to ensure a smooth ride so probably NOT a simple thing to adjust) but operation.

Doors not opening, cars stopping between floors, cars locked at a static position in the shaft (top of the shaft, bottom of the shaft, etc), changing the wait times between floors, and so on. Especially if an attacker can alter the administrative codes.

This, of course, is why we have stairs, but those only work for people outside of elevators.

Re:Does this guy even know anything about this? (2)

crashumbc (1221174) | more than 2 years ago | (#39959693)

. And how many buildings actually have boilers? Don't most modern buildings use heat pumps? I don't know of any building that still uses steam, and those that do would be unlikely to have sophisticated networked controls.

NO buildings of any size uses heat pumps, they are very inefficient...

Pretty much every large building has a boiler or more likely several.

as far as steam I'm not sure how many systems new systems are being installed but any older building that's been keep up has had its control systems modernized. Example the Empire State Building's system is completely computer controlled (its steam)

Re:Does this guy even know anything about this? (1)

RalphTheWonderLlama (927434) | more than 2 years ago | (#39960277)

Universities often still use steam

Re:Does this guy even know anything about this? (1)

tqk (413719) | more than 2 years ago | (#39960065)

Seems like someone has been watching too many 80s B movies.

Nah. Al Quaida's just lost so many of their leaders via drone strikes, they're outsourcing strategy and planning to the net. Smiple. [sic] Funny they'd come here. :-?

Re:Does this guy even know anything about this? (1)

RalphTheWonderLlama (927434) | more than 2 years ago | (#39960293)

Your smiley face question mark just blew my mind.

Re:Does this guy even know anything about this? (1)

macs4all (973270) | more than 2 years ago | (#39959395)

Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

Exactly what I was thinking.

Same thing with the elevators. Other than the dynamic braking that goes on, elevators pretty much operate at full-tilt anyway, and I am quite sure that there is a hard software/hardware limiter that sets an upper limit on the ascent/descent speed, as well as the maximum accel/decel rate.

Any elevator engineers/techs care to weigh in on this?

Re:Does this guy even know anything about this? (1)

DaMattster (977781) | more than 2 years ago | (#39959513)

Boilers have release valves for a reason. Even if you could turn the heat all the way up the safety release valves would let go. You would have to weld those shut to explode a boiler. If the "evil-doers" are welding those shut you have other problems

Also, elevators have safety systems that deploy brakes automatically when an accelerometer detects a sudden acceleration well oustide of normal operating parameters.

Re:Does this guy even know anything about this? (2)

spikestabber (644578) | more than 2 years ago | (#39959639)

This "Accelerometer" is mechanical. If the elevator completely lost power and the hoist motor brakes for some reason failed to engage (rare as they're supposed to fail closed), the emergency brakes on the car itself would trigger.

Re:Does this guy even know anything about this? (0)

Anonymous Coward | more than 2 years ago | (#39959797)

Yeah. I worked in a skyscraper in Chicago for about a decade. During that time, one or another elevator would break down approximately annually, and the result every single time was that people were stuck between floors for a few minutes, even the time that flooding made the entire building lose power. Elevator safety systems are highly reliable; even if you could mess with it via software, you would only inconvenience a few people on their way to a meeting.

Isn't that a huge flaw (0)

Anonymous Coward | more than 2 years ago | (#39959303)

Isn't it a huge flaw that a boiler could be configured in any way shape or form to get so hot that they explode? We have multiple redundant systems on water heaters to ensure that they are operating in a safe temperature range.

hmmm (3, Insightful)

Anonymous Coward | more than 2 years ago | (#39959305)

"business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority (NYCHA)"

So a housing authority needs a full office for Information systems and in that office it needs a business analyst (because that is part of information systems)?

Sound like a bureaucrat that needs to justify the job his dad got him.

Re:hmmm (0)

Sarten-X (1102295) | more than 2 years ago | (#39959333)

A housing authority housing (probably... too lazy to look up numbers) thousands of families, and probably tracking financial information on them all, across several hundred separate locations? No, they don't need an IS department at all. They can use Excel, right?

Re:hmmm (1)

c0lo (1497653) | more than 2 years ago | (#39959491)

A housing authority housing (probably... too lazy to look up numbers) thousands of families, and probably tracking financial information on them all, across several hundred separate locations? No, they don't need an IS department at all. They can use Excel, right?

Do they need an IS service dept that resorts in connecting these utilities to the net? What for?

These types of attack have never happened, but in the age of ever-mounting cyber exploits, NYCHA, which is responsible for over a thousand buildings in the city, wants to take every precaution, though it could get expensive

. Ah, I see... that explains [despair.com] (works even better if you are not on a consulting position, but a permanent hire).

Movies eh? (2)

decipher_saint (72686) | more than 2 years ago | (#39959375)

In a World where up isn't always the direction you're headed and going down will kill you, A hero will rise...

TERRORVATOR

*break*

Ted Buttson wasn't exactly the best elevator repairman "Y'know normally the buttons don't do this" (empty elevator drops from sight, crashes). In fact you could say he was the worst elevator repairman "Why do they build these things with all these extra bolts?" (elevator doors fall in), but sometimes it doesn't matter who you are if you're on the right floor at the right time "H-hey! I think these guys wanna do something BAD to this elevator!". Coming this summer from the same studio that brought you predictable comedy before comes "TED: Going Down" (close up shot of actor making faces with sexy music playing)

[NOT YET RATED]

Re:Movies eh? (1)

Sunshinerat (1114191) | more than 2 years ago | (#39959509)

This has been done before... http://www.imdb.com/title/tt0087622/ [imdb.com]

Re:Movies eh? (2)

decipher_saint (72686) | more than 2 years ago | (#39959541)

Ah, but this would be the American version, with dames, car chases, terrorists, plenty of one-liners and explosions!

IN (unconvincing) 3D!!

Re:Movies eh? (0)

Anonymous Coward | more than 2 years ago | (#39959843)

I saw this trailer in my head. It is indistinguishable from any other trailer. What you need is a hot girl for Ted to ogle as he walks into an elevator shaft. That will put it over the top!

Derp, meet Herp (4, Insightful)

girlintraining (1395911) | more than 2 years ago | (#39959377)

"Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems."

Some people would have to take the stairs and others would take cold showers. A truly terrifying prospect. Elevators and hot water are conveniences; People don't die from the lack of them.

Re:Derp, meet Herp (1)

DaMattster (977781) | more than 2 years ago | (#39959527)

Sounds like attempts to whip up a fear storm and get more funds allocated towards anti-terrorism. I get sick of the fear storms!

Re:Derp, meet Herp (1)

Sunshinerat (1114191) | more than 2 years ago | (#39959529)

And the best part is that all the elevators and boilers will be reconfigured back to normal the next day and the world keeps on spinning like nothing happened.

industrial boilers blow up real good. (-1)

swschrad (312009) | more than 2 years ago | (#39959659)

even a 50-gallon water heater, if it blows, can disassemble your average house.

now imagine what a stock-standard boring 200 HP heating boiler can do. your typical hospital or college campus, assuming they have anything this small, will usually have at least three of 'em in a row, and in places where below-zero is common, will have more.

there will be something on the order of 300 of these things in a city of 50,000 anywhere north of Des Moines.

Re:industrial boilers blow up real good. (0)

Anonymous Coward | more than 2 years ago | (#39960149)

Those usually have physical fail-safe devices. You know, the kind that you can't disable remotely.
Things that existed long before computers became prevalent are usually pretty safe. Of course, there are some dangerous things that are computer controlled and may have lethal effects if they don't operate properly, but usually because of some design error. If you want an example, read about the Therac-25 radiation therapy machine.

Re:Derp, meet Herp (1)

AK Marc (707885) | more than 2 years ago | (#39959717)

It sounds like you don't know what a boiler is. Think of downing the boilers in the middle of a bad winter, timed to coincide with a snow storm to hamper emergency response. It's not just hot water, but also heat. If 100 buildings with 10+ floors were suddenly without heat or elevators in the middle of a cold winter storm, don't you think that is a little more inconvenient than just cold showers?

Re:Derp, meet Herp (2)

PPH (736903) | more than 2 years ago | (#39960161)

Think of downing the boilers in the middle of a bad winter, timed to coincide with a snow storm to hamper emergency response.

OK, I'm thinking of it. I'm thinking of it for a week long outage.

Welcome to PSE [pse.com] service territory.

Re:Derp, meet Herp (0)

Anonymous Coward | more than 2 years ago | (#39959859)

Yes, but if you're getting public assistance housing, then you wouldn't be getting what someone else didn't paid for.

I had to chuckle when it sounded like public assistance housing would be a terrorist target. The housing costs the country money, so destroying it, and having people get housing elsewhere, would potentially stop a drain on our economy.

Re:Derp, meet Herp (0)

Anonymous Coward | more than 2 years ago | (#39960005)

I don't think a major high rise can function effectively without stairs. People don't die, but lots of money would be lost.

Re:Derp, meet Herp (1)

Bigby (659157) | more than 2 years ago | (#39960123)

Emergency response time would increase SIGNIFICANTLY. People would die.

WHAT SAY WE LET IT HAPPEN FIRST THEN DECIDE (1)

Anonymous Coward | more than 2 years ago | (#39959493)

No point going all TSA when nothing has happened and nothing likely will. If you are peddling your "cyber protection plan" to NYC, well, good luck !! There are plenty of protection rackets going on, and you won't get your little pecker in the door, that's for sure !!

Le Sigh (1)

thejynxed (831517) | more than 2 years ago | (#39959563)

Why go through all of that bother?

NYC's water supplies are completely unprotected. I think your imagination can come up with the rest.

Just jumping on the "Cyberwarfare" bandwagon (2)

Dr_Barnowl (709838) | more than 2 years ago | (#39959571)

Cyberwarfare means money. As most of the preceding posters have identified, most of the perceived threat is total horseshit. But because computers are full of magic smoke and fairies, muggles presume that a computer hooked up to a machine is a terrible threat. Haven't you seen the famous historical documentary, "Terminator" ???

It's just like the TSA - because there hasn't been a compumatronically induced apocalypse, we're doing a good job, right? Hell yeah, line up another raft of Cyberwarfare Funding Bills, and we need some more staff to hotswap the drives in our pr0n^W evidence storage RAID array.

Re:Just jumping on the "Cyberwarfare" bandwagon (0)

Anonymous Coward | more than 2 years ago | (#39959677)

This does sound like more dubious DHS grant-speak, although I'm sure they would never reference an out-of-date source like Terminator: this CIO has the very latest threat information from 24.

Re:Just jumping on the "Cyberwarfare" bandwagon (0)

Anonymous Coward | more than 2 years ago | (#39959757)

I agree. This isn't a war on terrorism, it's a war on the internet. It is a war on the FREE internet. People free to easily communicate and speak their mind in mass scares governments more than any threat of a boiler blowing up.

Imagine no articles like this (1)

swschrad (312009) | more than 2 years ago | (#39959635)

because they didn't let certified idiots connect industrial controls to the Wacky Wacky Webbiepoo.

this is real simple. turn off the interconnects, and toss those boxes in the trash.

we knew enough when modems ran at 100 baud to not connect critical systems to an outside influence.

Fear mongering.... (1)

Anonymous Coward | more than 2 years ago | (#39959715)

First of all, elevators have _separate_ mechanical only devices that attach to the cars brakes with a fly wheel design that has springs that will cause the flywheel to physically lock the wheel and cause the separate wire it is attached to, to detach or "yank" on the brakes on the car and immediately stop the elevator. So, even if you could cause the motor to bring the elevator to free fall speeds via hacked electronics, the elevator will not free fall to the bottom...

Second, all boilers and hot water tanks have industry mandated TMP (temperature and pressure) valves that prevent explosions in the case of an electrical malfunction. Have you never seen any of these bleeder valves on the tanks in your home? Do you think that massive boilers that could do serious damage are somehow magically devoid of these safety devices?

Clearly, the only way for any terrorist to attack these systems in anything more than a denial of service fashion, would be to physically visit the device in question and damage it. The real way to prevent these attacks is detection (alarm systems), and to get the caretakers/maintenance people responsible for the systems to do regular maintenance and checks to ensure that they haven't been tampered with. ie: elevator maintenance needs to regularly inspect the elevator mechanics on a regular basis (they do by law) that is behind locked (special pick resistant) doors, and the super/maintenance/plumber needs to periodically check the bleeder values for unobstructed operations, which I am sure is always mandatory in large important installations.

Really though, the problem would be more about lazy maintenance personel not doing there jobs, and not the electronics that control these systems. This guy needs to stop watching myth busters...

IHSL (1)

Bomazi (1875554) | more than 2 years ago | (#39959729)

It is not possible to cause a properly designed elevator to crash or trap its occupants by a remote command, for the simple reason that the system only accepts a small set of safe commands. A command to change an operating parameter (like a speed, delay, etc...) is rejected if out of bounds. A command to stop will result in the elevator moving to the next floor, opening its doors and then shut down, i.e. going to a fail-safe state. There is no "crash and burn" command. So even if someone gets unauthorized access to the control network, the worse they can do is play pranks, reduce performance or deny service.

Complete lack of standards. A moral void... (0)

Anonymous Coward | more than 2 years ago | (#39959811)

It is unacceptable to lie to people. It is disgusting to prey on the fear of people. I'd go so far as to say if you wrile people by fabricating outright lies in the hopes of inducing fear in order to generate revenue, well, you're a lower piece of scum than even someone in, say, the marketing business.

So here we have yet another worthless Slashdot piece of excrement (some call them articles or stories) with (a) fabricated lies created to (b) induce fear and outrage in people, in the hope of (c) generating revenue. Congratulations, you've just created the Trifecta of Shameless Stupidity.

On topic: Boilers have mechanical overpressure valves to blow off excess steam. Elevators have mechanical over-speed devices which, using a simple set of calibrated weights, cause a brake to be thrown on the car. This typically destroys a section of the railing on which the car rides, but the upside is, no dead people!

I know it's tiring to hear this, but this place has become an embarrassment....

Re:Complete lack of standards. A moral void... (0)

Anonymous Coward | more than 2 years ago | (#39960197)

The article wasn't written by Slashdot. It was posted here to point out the fear mongering. This was obvious and you totally missed it.

Great Priority List (0)

Anonymous Coward | more than 2 years ago | (#39959817)

I guess having meetings about cyber attacks is far sexier than allocating police resources to arrest burglars and get people their things back.

Boilers and elevators have mechanical safeties (1)

metoc (224422) | more than 2 years ago | (#39959847)

Most boiler and elevator design predates electronic/computerized controls so they have mechanical safeties.

Thumbs up to everyone who said networking them to the Internet is a DUMB idea.

Boolers ? or Tea pots ? (0)

Anonymous Coward | more than 2 years ago | (#39959989)

then maybe the HTTP 418 answer will be of some use then

Fear-mongering for fun & profit (2)

quarkscat (697644) | more than 2 years ago | (#39960011)

Fear-mongering for fun & profit seems to be the new & improved USA business model, especially for governments at every level. Afraid of terrorists? Obviously, they are everywhere, and can strike at any time. Be afraid. Surrender all your rights & liberties, and (especially) your money to the government. The "war on terror" will save you, even from yourself. The DHS has spent over $1 Trillion fighting "terrorism" since its' founding. Is life without any risks whatsoever really living? And can one even prove that the benefit outweighs the cost, when success is only proven with a negative result? And the only positive results, aka real terrorism, for the past 25 years have been government promulgated?

The "war on terror" is a black hole the USA throws money into, without actually making anyone safer. In fact, just the opposite is the case. Vastly increased sovereign debt threatens those very government programs & infrastructure that do help to keep us safe, healthy, and happy. Our infrastructure, like bridges, public health system, national power grid, water purification plants all suffer from competition with the "war on terror". OMG, man-made carbon dioxide is threatening us with global warming -- quick, let's ship all our industries overseas. OMG, there are religious fundamentalists half a world away that hate us for our freedoms -- quick, let's spend $4.5 Trillion in 10 years on perpetual warfare against these people. Surely they will not hate us any more if we drop money-bombs on them along with bloody expensive military ordinance, including their wedding parties and funerals. OMG, someone smuggled the equivalent of an M-80 firecracker in their pants onto a USA-bound plane -- quick, let's spend $250 Billion on terahertz-wave body scanners and place them everywhere, not just airports. Before we surrender more of our individual rights & liberties or more blood & treasure, let's get the answer to "Who benefits, and why?"

The truth is, if you feel personally at risk of bodily harm due to acts of terrorism, go out and buy even 1 lottery ticket because the odds against you winning are only 1 in 175 Million, while an act of terrorism (a real act of terrorism not fabricated by government) is closer to 1 in 1,000 Million. Feeling "lucky" -- buy that lottery ticket. Ignore things like auto accidents with uninsured drunken drivers, or getting struck by lightening four weekends in a row when you go play golf.

Industrial Control Systems have no business with internet access to operational processes, rather than merely an alarm or data monitoring channel, in any case.

We need a cyberwarfare defense organization (1)

goodmanj (234846) | more than 2 years ago | (#39960179)

We definitely need to train an elite corps of cyberwarfare personnel to deal with this sort of threat. I propose dividing the corps up into three tactical teams:

Alpha Team will carry out recon and patrol duties, identifying computer systems responsible for controlling potentially dangerous hardware systems.
Bravo Team is responsible for extraction and isolation. Their mission is to walk up to these machines and unplug them from the Internet.
Charlie Team is the counterinsertion team. They will be equipped with Mk 47 Hot Glue Guns. They will fill all available USB and network jacks on these computers with hot glue.

That's it. Screw high tech cybersecurity, system patches, and all that bullshit. Just unplug 'em and permanently destroy all I/O paths to the outside world.

Re:We need a cyberwarfare defense organization (0)

Anonymous Coward | more than 2 years ago | (#39960309)

The reactor is going critical! We need to insert the override fob into the USB port, but someone filled it with hot glue!

Brilliant.

Captcha: Disarmed.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>