Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Industrial Control Software Easily Hackable

Soulskill posted about 2 years ago | from the raise-your-hand-if-you-are-surprised dept.

Security 194

jfruh writes "CoDeSys, a piece of software running on industrial control systems from hundreds of vendors, has been revealed to be easily hackable by security researchers, giving rise to a scenario where computer hacking could cross the line into the physical world. Worse, many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea."

cancel ×

194 comments

Sorry! There are no comments related to the filter you selected.

Enter Kaspersky (1, Informative)

Anonymous Coward | about 2 years ago | (#41793027)

Kaspersky says they'll come up with a new OS specifically designed to protect industrial control systems from hacking and sabotage.

http://www.pcmag.com/article2/0,2817,2411052,00.asp

Re:Enter Kaspersky (1)

Anonymous Coward | about 2 years ago | (#41793325)

They also said they'd come up with an exploit-proof operating system so their credibility is more than just a little suspect.

http://it.slashdot.org/story/12/10/19/2254209/kasperskys-exploit-proof-os-leaves-security-experts-skeptical

Re:Enter Kaspersky (2)

Johnny O (22313) | about 2 years ago | (#41794121)

??? they cant pick a live Linux CD?

Re:Enter Kaspersky (2)

gweihir (88907) | about 2 years ago | (#41794055)

Talk is cheap. My guess: They cannot do it, but enough people will believe them. Once the OS is in place, they cannot migrate away anymore.

Re:Enter Kaspersky (3, Interesting)

Interfacer (560564) | about 2 years ago | (#41794815)

Speaking as the system administrator for a large DCS system: the OS will be no good without a complete redesign of the application level software. The problem is not really the OS, but the fact that in order to make everything work together 'automagically', there are hardcoded service accounts, and much of the app executables (which are often executed with system permissions) are writable because the entire installation folder is writable. And of course, the controllers that do perform all control actions use a protocol whose only real claim to security is obscurity.

And from what I can tell, the system I manage is fundamentally no different in that regard from DCS or SCADA systems from other vendors. While it is true that a secure-by-design would be a good place to start, the main problem atm is that the application architecture is hopelessly insecure.

Re:Enter Kaspersky (1)

bbelt16ag (744938) | about 2 years ago | (#41794949)

so.. please tell me you don't put this on the net do ya? You make sure there is physical security around those systems too? this seems likes ripe pick-ens for any hacker foreign or domestic?

Not such a bad idea... (5, Funny)

jmerlin (1010641) | about 2 years ago | (#41793041)

Worse, many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea.

Now you're just being paranoid. Instead, you should develop an artificially intelligent system to defeat would-be attackers and malicious software. That sounds like the best idea.

- Skynet

Re:Not such a bad idea... (2, Funny)

Anonymous Coward | about 2 years ago | (#41793629)

Way ahead of you.

-Colosus

Re:Not such a bad idea... (1)

Anonymous Coward | about 2 years ago | (#41794137)

Re:Not such a bad idea... (1)

stanlyb (1839382) | about 2 years ago | (#41793831)

I have better idea. Why don't we just make not better, but NORMAL software, with NORMAL developers, not the bunch of idiots that are thinking they have anything common with "developing" anything at all???

Re:Not such a bad idea... (0)

Anonymous Coward | about 2 years ago | (#41793931)

Woosh!

Re:Not such a bad idea... (1)

Capitaine (2026730) | about 2 years ago | (#41795013)

Security is not in requirement specification, why would they implement it ?

"- Boss, I got an idea. We could implement two-factor authentication, full AES encryption of network data and D-H key exchange in our industrial software. Nerds will love it. It would cost x k$ (with x > 0).
- Hum, no. And gtfo of here."

Re:Not such a bad idea... (0)

Anonymous Coward | about 2 years ago | (#41794265)

Or you could ask congress to pass laws, hire more police, judges, and special national security agents.

The choice ? More machines, or more people under your control?

Re:Not such a bad idea... (1)

greg_barton (5551) | about 2 years ago | (#41794407)

Instead, you should develop an artificially intelligent system to defeat would-be attackers and malicious software.

Yes, you should. [redlambda.com]

(Disclaimer: I work for Skynet.)

Yup (5, Informative)

50000BTU_barbecue (588132) | about 2 years ago | (#41793043)

Having recently switched fields from high-end telecom gear to industrial machinery, I can confirm this. The industry works with what hardware they know. I last worked in the field two decades ago, and now I see the same Cutler-Hammer contacts, the same Schadow switches, the same Schroff and Rittal metal works, the same Panduit wire ducts, the same Oriental motor drives, the same Allen Bradley PLCs... Oops, that PLC now has an ethernet port? The PLC looks the same as before, a grey box covered in screw terminals, but apparently it must have changed from a 6809 running GRAFCET to some sort of modern porous monstrosity needlessly running a 64 bit OS with so much unverifiable code.

It's not necessary.

Re:Yup (0)

Anonymous Coward | about 2 years ago | (#41793393)

But the thing is, the old stuff you're talking to is INSECURE to begin with. Not designed with any security in mind. Verifiable code doesn't fix holes within the whole system design- period. All it does is ensure it does what it was designed to do- and NOTHING more. What if you design in the component in question and you don't account for someone issuing a remote command they're not supposed to? Verifiable code doesn't protect you from that problem.

It's supposed to be airgapped, I know. How many properly airgapped systems do YOU know about?

Now, these Windows based components...the ones of the discussion; they're designed with "modern" development and ease of HMI development in mind- the PLC's still the same beastie, it just exposes MODBUS over IP or similar. The stuff that this article's talking to...it's the HMI parts that're typically what's running on Windows.

Security doesn't come from just verifiability. It comes from thinking things through- from start to finish as a system design. The moment you bemoaned verifiability, you lost- because you're little different than any of the other people in the SCADA space. How do you prevent unauthorized users from issuing commands? How do you ensure that there's not a man in the middle munging your PLC's data return, causing you to do wrong things in your design? If you can't answer those things and talk to them in a conversation like this, you're no better than the rest with their heads in the sand.

Re:Yup (1)

stanlyb (1839382) | about 2 years ago | (#41793841)

The hardware is insecure, yes, that's true, but the Intel machine controlling this old hardware...i wonder what is the excuse there? They use the latest VS2010, .NET, MOP.net, you say whatever NET, and it is still sooo entirely insecure, that i....i simply have no words.

What's Your Point ? (0)

Anonymous Coward | about 2 years ago | (#41795183)

We all know the PLCs themselves are insecure as hell. That does not mean you have to expose that insecurity to an intranet or (god beware) the internet. Hook all those shitty little controllers to Linux or BSD machines. Then set up a Virtual Private Network using IPSEC on Linux/BSD. If you need Windows-based control GUIs, hook them into the secure VPN, too. Don't connect the Windows crapola to the intranet. I am not sure you know this, but proper secure VPNs are secured against man in the middle. Of course, you must physically protect all the hardware and the cabling between PLC and Linux boxes. The cables between the Linux machines are secure courtesy of the secure VPN.

Certainly you have to interface to the guys in R&D, sales, marketing and so on. They might want to describe custom chemical mixtures by means of an Excel file and that information has to be somehow communicated to the PLCs. DO NOT bring the Excel shit into the secure VPN. At least not in the "microsoft way" by starting an Excel process to parse (and execute if it contains macros) the file. Instead, use the xlsx format, unpack the ZIP and then parse the xml files to get the bespoke chemical mixture parameters, That can be done on the Linux machines, no Macrosuck software required at all.

All the tools are there, all the experts are there; they are just ignored/not hired by the MBA CRAP.

Plus (0)

Anonymous Coward | about 2 years ago | (#41795201)

..don't forget to check the sanity of the Excel file. All parameters should be bounds-checked and in many cases you need to do more complicated checks to ensure your plant does not "accidentally" make explosives because the idiots in sales have fucked up or their computer have been hacked. But that knowledge should firmly exist in your company or you are 100% screwed.

Re:Yup (0)

Anonymous Coward | about 2 years ago | (#41793405)

Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.
And now, so do industrial control systems.

Hooray.

Re:Yup (4, Interesting)

hjf (703092) | about 2 years ago | (#41793713)

I like to compare the problem in this industry to Powerpoint presentations. If you ever attend a university lecture, you'll see the professor, who is an engineer, doctor, master's, Ph.D or whatever. He has 5 degrees, hundreds of certifications, and thousands of hours of experience in the field or in front of a class. Yet, he cannot be bothered to invest a few hours of his time in learning *GOOD* powerpoint skills. And don't even get me started on "getting your computer hooked up to the projector".

In the automation industry it's the same thing. A very clever engineer, real genius sometimes, comes up with mechanisms you wouldn't even dream of, and designs a machine as big as a building, that works perfectly. The problem is, it's the same guy who programs the PLC, and he likes to do it in Ladder diagram (which has its advantages. I do ladder and i admit it has the benefit that you can "see" the program, and not get losts in semicolons and braces). But, like a rookie programmer, he disables security, releases in debug mode, uses default passwords, and many other "bad practices" that could be easily solvable if he bothered to spend a few hours to learn to think as a software guy. Sure, disabling your firewall isn't harmful if you're testing for a few minutes. But "i can't find the problem so the only workaround i found was to disable the firewall" is pretty much what happens with these guys.

Re:Yup (1)

Anonymous Coward | about 2 years ago | (#41793809)

It's insanity to build 1000 identical machines with different passwords. Customers expect to get similar machines, and having different passwords only invites utter chaos.

Customers also expect electricians to be able to look at PLC logic, and know passwords on machines that they might look at once every two years. To expect different passwords is idiotic at best.

What needs improved are network level firewalls, which the IT department needs to do. Instead, IT people ask things like, "Can't you migrate that HMI to Windows 7 from NT4?" not realizing that it is impossible, and would would utterly break it, shutting down production for unknown amounts of time.

I know that Slashdot is very IT-centric, but it's a network (and USB key) restriction problem, not a problem with operation-level equipment.

Re:Yup (2)

hjf (703092) | about 2 years ago | (#41794063)

So why do they have passwords if the password is always 1234 and even the janitor knows it?

Re:Yup (1)

Bacon Bits (926911) | about 2 years ago | (#41794563)

The same reason they put locks on the glass doors of convenience stores. To keep out inquisitive idiots.

Re:Yup (0)

ancienthart (924862) | about 2 years ago | (#41794405)

Posting to remove a mistaken moderation. :(

So You Are Saying (0)

Anonymous Coward | about 2 years ago | (#41795213)

..electricians are too stupid to look up passwords in a little red book ?

Re:Yup (1)

Anonymous Coward | about 2 years ago | (#41794079)

I work in this industry too, and I assure you I've never met another person in my field who knew anythimg about computer security, let alone thought it was important. When I point out obvious security precautions like putting a firewall between the industrial network and the corporate network, it's like I'm speaking Greek. Nobody knows or cares. I once worked with a contractor PLC programmer that brought a home wireless router and plugged it into the customer's industrial network with no password just for the convenience of geting online with the PLC wirelessly. It's so frustrating. We're screwing ourselves so badly. There's nothing I can do except wait for a major catastrophe to wake up the industry and make them change their ways. I hope I'm wrong.

Re:Yup (3, Insightful)

inasity_rules (1110095) | about 2 years ago | (#41794941)

On the other hand when the SI password protects the PLC so another SI can't get in and fix the system(because the first SI is now out of business), now we can get in and do it without re-engineering the whole system. Sometimes low security has benefits.

90% of the security we implement is air gap. Once someone has physical access to the control panel, you've lost anyway, they could start swapping wires and pulling relays if they wanted. If the system must be on a network, we put it on physically separate network, with at most one SCADA PC on both(because the client demanded it). Still, you can set up a nice secure(ish) system, and two weeks later the client's IT department has screwed it up completely.

The major catastrophe you're waiting for is actually surprisingly unlikely. Sure a malicious person could cause a lot of damage, but from what I have seen people are more interested in stealing stuff than blowing it up. Why go to all the effort of destroying the mill on the goldmine when you could go to all the effort of smuggling gold out? They'd rather get on the internet to check their facebook, and once they realise the control PC is not on the internet they don't care anymore.

No Need For Physically Separate Networks (0)

Anonymous Coward | about 2 years ago | (#41795225)

Only the PLC crap and their legacy Windows crap need to be physically separate. Linux and BSD can happily route secure traffic over insecure networks, including the internet. It is called IPSEC.

http://en.wikipedia.org/wiki/IPsec

All the tools are out there, they are free except for the expertise to set them up properly.

Regarding your argument that "passwords will be forgotten" - that is insane bullcrap. If a company cannot maintain a list of their passwords in a fucking little book, their plant should be forcibly shut down by the government.

Re:No Need For Physically Separate Networks (1)

inasity_rules (1110095) | about a year ago | (#41795537)

"Passwords will be forgotten". I don't recall saying that. Perhaps let me spell it out for you AC. The password may never have been given in the first place. A common despicable tactic by some less scrupulous vendors and SIs.

As for "Linux will fix it", we know about that, and sometimes use it. However, there are other very good reasons for having your control network physically separate apart from security. Network load and response times spring to mind. But then Slashdot's default "throw linux at it and your problems will magically go away" response is hardly surprising.

Re:Yup (1)

shentino (1139071) | about a year ago | (#41795521)

It can also prevent people named Terry Childs from taking your network hostage.

The most important security, is watching the watchers. Can the top boss still get into the system?

Re:Yup (1)

bbelt16ag (744938) | about 2 years ago | (#41794959)

then i would suspect we owned by any and all hackers in the world. so once they take it all down and kill millions of people, since they dont got generators to protect the power grid, . will they learn from this lesson? will the Gov. peeps haul their ass up to congress and make em fix it or will they get a slap on the wrist like the finance peeps?

Re:Yup (0)

Anonymous Coward | about 2 years ago | (#41795293)

It doesn't take a few hours to start thinking like a software guy. It's illusion of simplicity.

Re:Yup (1)

fph il quozientatore (971015) | about a year ago | (#41795447)

If you ever attend a university lecture, you'll see the professor, who is an engineer, doctor, master's, Ph.D or whatever. He has 5 degrees, hundreds of certifications, and thousands of hours of experience in the field or in front of a class. Yet, he cannot be bothered to invest a few hours of his time in learning *GOOD* powerpoint skills. And don't even get me started on "getting your computer hooked up to the projector".

Not in mathematics. Almost everyone uses Latex (often, the beamer package for slides); the most old-style people use the good ol' blackboard or hand-written transparencies. If you show up at a conference with a ppt file, you look immediately like a rube.

Re:Yup (0)

Anonymous Coward | about 2 years ago | (#41793715)

"to some sort of"

So, you don't know. So you can't say,

"It's not necessary"

You could be right, but that would be by accident, not by information.

Re:Yup (1)

thegarbz (1787294) | about 2 years ago | (#41795035)

The industry works with what hardware they know.

No. The industry works with what hardware they TRUST. The problem is that trust is built up on a per company basis. After many years of experience with one vendor that vendor ends up on a list of preferred suppliers for any product they manufacture.

This is really good and really bad. By finding the good vendors you end up with a reliable and consistent equipment base which all your techs can be trained to work on and the next new project won't introduce uncertainty in the way of equipment requiring new training, new maintenance etc.

However it all comes unstuck if you have too much goodwill towards a company that you won't boot them off the preferred vendor list. We the end users aren't experts and few of us known what goes on inside the equipment. But the end users need to have the balls to say to a vendor that they'll end up on the banned vendor list if they do something we don't like.

From the article (0)

Anonymous Coward | about 2 years ago | (#41793095)

PLC = programmable logic controller

The CoDeSys runtime allows PLCs to load and execute so-called ladder logic files that were created using the CoDeSys development toolkit on a regular computer. These files contain instructions that affect the processes controlled by the PLCs.

According to the Digital Bond report [digitalbond.com] , the CoDeSys runtime opens a TCP (Transmission Control Protocol) listening service that provides access to a command-line interface without the need for authentication.

One of those PLCs was running Linux on an x86 processor while another was running Windows CE on an ARM processor.

"We are aware of this security issue," Edwin Schwellinger, support manager at 3S-Smart Software, said Friday via email. "A patch is under development but not released. We are working with high pressure on these issues."

The vulnerability is only exploitable by an attacker who already has access to the network where the PLC runtime operates, Schwellinger said. Runtime systems should not be accessible from the Internet unless additional protection is in place, he said.

While Kaspersky's claiming... (1)

Anonymous Coward | about 2 years ago | (#41793123)

...that they'll come up with something, the REAL solution has NOTHING to do with what they're talking to.

The OS isn't just the problem. It's the SCADA applications themselves as well. Something I've pointed out on several occasions to industry and even to people at NIST on the subject- in fact, quite a few researcher's have pointed this out over the last decade now. (And, all of a sudden, it's a "problem" now...sigh...)

Kaspersky's solution WON'T fix things like they're claiming- it's just more snake oil in a field FILLED with it.

They're more worried about having to change out things and the expenses of these deeply flawed designs they've cobbled together to manage the system components of things. The solution is to START OVER with honest security in mind instead of all of the half-assed solutions including authenticated DNP3 and the like.

Old (0)

Anonymous Coward | about 2 years ago | (#41793143)

Old news is old

Yea (0)

Anonymous Coward | about 2 years ago | (#41793207)

Just got a memo on "Enabling proactive facilitation of clowd services with our industrial controls offerings."

Re:Yea (0)

Anonymous Coward | about 2 years ago | (#41793859)

I can't work out if you're Chinese and saying "crowd services" or American and saying "cloud services".

Re:Yea (3, Funny)

ColdWetDog (752185) | about 2 years ago | (#41794237)

Actually works better if you read it as 'clown' services.

Re:Yea (0)

Anonymous Coward | about 2 years ago | (#41794785)

That's the clowd clown. It plays with your data so much it likes to share it.

Stuxnet (0)

Anonymous Coward | about 2 years ago | (#41793231)

The operators of the Iranian centrifuges thank these researchers for the warning.

Simple solution (2)

Anonymous Coward | about 2 years ago | (#41793245)

Make the first episode of BSG Season 1 [amazon.com] required viewing for "intro to computers" class.

This is a mouse, this is a keyboard, this is why you don't jack your global defense grid into a wifi hotspot.

Re:Simple solution (1)

Opportunist (166417) | about 2 years ago | (#41793387)

The last part will be censored. Of course, only for graphic display of violence and gruesome death.

Professionalization of software (1)

Anonymous Coward | about 2 years ago | (#41793317)

At what point will software engineering be professionalized like the other branches of engineering?

Surely there are well established guidelines for securing software at this point.

1) Create a professional society for software engineers (the SPSE, let's say) with the power to grant and revoke certificates. Assemble a blue-ribbon committee and give them 6 months to come up with membership requirements
2) Have the SPSE adopt existing standards regarding security, stability, and whatever other categories are needed
3) Amend the existing construction/operating permitting mechanisms by adding a requirement to use certified software engineers

Voila, now whenever you build a factory, hospital, or other civil engineering structure that is already heavily regulated, you will be required to use certified gear, and that certified gear must now be built to a minimum industry standard.

Other industries can then piggy-back on your new standards: the codes for banks can be rewritten, and miscellaneous unregulated industries and companies can write the requirement into their contracts.

Re:Professionalization of software (1, Interesting)

Opportunist (166417) | about 2 years ago | (#41793411)

A nice idea in theory, but you're dealing with security. A field that reinvents itself every 3-6 months.

Judging from the average "standardized" guideline, the moment the final draft is getting its last changes it will be outdated by about 2 generations. So you now have the choice, either be accurate and give attention to detail and be about 3-4 years behind the attackers, or be vague and spotty and have everything pass because they can somehow fudge it.

We're not talking about approving technology where your "enemy" is physics and bugs in programs that wait for you and has no chance to strike until you employ your technology, because only then flaws in your programming or your physics will manifest. Your enemy is a human attacker who will strike today, given a chance, and who doesn't care that you need a few more years to get through approval.

Re:Professionalization of software (0)

Anonymous Coward | about 2 years ago | (#41793641)

Fuzzy guidelines are better than no guidelines. And existing engineering societies have some fuzzy regs that, together, get you most of the way there:

- Require that engineers stay abreast of changes in their field
- Require x hours per year of training for certified engineers to help achieve that
- All decisions an engineer signs off on must be defensible to a jury of peers.

Together, this avoids the need to re-write detailed regs every 6 months, and puts the burden of that change on the individual engineers. And those areas of the field that are simply informed judgement calls - the art part of software design - are still covered.

Re:Professionalization of software (1)

Opportunist (166417) | about 2 years ago | (#41794831)

I like your ideas. Who's going to pay for it, though? And please don't say the engineer. Looking around in my field, even my paycheck would hardly allow me to actually stay on top of the development in security.

Re:Just an Iranian terrorist attack (2)

Billly Gates (198444) | about 2 years ago | (#41794191)

Sadly no one will listen until something bad happens.

If you told someone pre-2009 about the need for financial regulations and the upcoming collapse people would call you a communist and a liberal! Peter Schiff did jsut that and was laughed at before he earned fame when the Great Financial Collapse hit.

Same is true with nuclear powerplants after fukashima, airport security after 9-11, and same after the space shuttle Challenger exploded, IE 6 security after code red. Money talks and shit walks. Only when deemed necessary does something change.

Right now sadly we might be without power or worse another nuclear powerplant meltdown here in the US caused by Iran before anything gets done. Not unions or professional software orgnaizations or even licensing.

People hate change and especially MBA PHBs who never have heard of a single internet security attack on a PLC piece of equipment. If you can't do it MR. Slashdotter reading this then someone else will since it is never a problem.... therefore it is perfectly secure etc.

I mean they hated upgrading browsers too until IE 6 was shown a risk and they still love XP despite it. Why? Money. Until it becomes a liability and laws come into effect and PHBs shit their pants the problem will nto be solved

Re:Just an Iranian terrorist attack (3, Insightful)

Opportunist (166417) | about 2 years ago | (#41794843)

Necessity is the mother of invention. That, or an article in the business newspaper your boss reads.

My solution to that problem was simply to subscribe to the same magazines my boss reads, peruse them for articles supporting my case and getting him to read it. Not only will he listen to them more than to you, he'll also think that you read "relevant" magazines and start listening to you, at least from time to time.

I know it's silly. hey, it's management!

Re:Just an Iranian terrorist attack (1)

bbelt16ag (744938) | about 2 years ago | (#41794967)

isn't this why we have think tanks though? people who think up the worst possible scenario? then they find a way to fix it? you could even make it like a Reddit for professionals, who can post ideas and up vote them? en-mass idea generator... ?

may need unions as well so the coders can stand (2)

Joe_Dragon (2206452) | about 2 years ago | (#41793451)

may need unions as well so the coders can stand up to the PHB's and say that...

That time table is to tight

We need more staff and the 80 hour weeks are just makeing us make more errors.

We can't cut QA

You can't hire people who can't pass the certified test but have BA/BS while passing over people who have passed the test but don't have a BA/BS.

No I will not add this new stuff to the code this late in the roll out hell we still have some big bugs in the code base to work out.

No will not use that POS best buy special as the system that will run the PLS hell it's PSU is a very poor one per this review of it.

Re:may need unions as well so the coders can stand (-1)

Anonymous Coward | about 2 years ago | (#41793523)

Socialist assholes. Vote for Obama already but your vote will be wasted. Fact of the matter is, Haji in Mumbai works better, cheaper, and faster than you. Automation and the internet has leveled many playing fields, just because you and your ilk helped move that along doesn't mean you're immune. Viva la capitalism. Unions my ass.

Oh Really ? (0)

Anonymous Coward | about a year ago | (#41795513)

Haji has a crap education, while John got a proper one from an American or European university. But I agree we don't need unions - see what they did to GM. We need to switch jobs if we don't like a boss or a company. If you need to work more than 40hours per week on a regular basis, there is something wrong and you need to switch. So simple.

And no, John is not the self-trained idiot who calls himself "C# programmer". He got a BS or an MS in Computer Science, he loves what he does and he researches things he is interested in thoroughly. He is an "Expert" or "Meister", whatever you like to call it. Not a monkey trained by himself or a Monkey School.

Re:Professionalization of software (0)

Anonymous Coward | about 2 years ago | (#41793497)

Keep deluding yourself. Did professional engineers prevent the Challenger Disaster? No? What possesses you to think that mere "professional" licensing will prevent issues?

Re: the Challenger Disaster? (3, Informative)

dgharmon (2564621) | about 2 years ago | (#41793657)

"Did professional engineers prevent the Challenger Disaster?"

No, nor did they cause it, what did cause the disaster was political interference, such as the decision to manufacture the solid booster rockets in another state, necessitating them being made from segments bonded together with O-rings .. ref [wikipedia.org]

Re:Professionalization of software (3, Informative)

Anonymous Coward | about 2 years ago | (#41793699)

"Did professional engineers prevent the Challenger Disaster?"

No, they did not. They tried like hell to prevent it, they were quite certain there was going to be an issue, because they knew the seals failed with lower temperatures, and seals had failed at temperatures not as extreme as on that day, so they were pretty certain there would be a problem and tried to stop the lunch. Sadly, it was not the engineers who were ultimately responsible for that launch, but folks more worried about bad PR.

So, what was your point?

the PHB's over redid there issues. (1)

Joe_Dragon (2206452) | about 2 years ago | (#41793975)

the PHB's over redid there issues.

Hmmm, Whatabout the PHBs ? (0)

Anonymous Coward | about a year ago | (#41795491)

You The Engineer will be between a rock and a hard place because the PHBs will demand lots on insane ("need excel run a marketing-supplied macro to control process") things while the "SPSE" will later get you for violating some insane rules ("all machines must run virus scanners").

Better leave it as it is; wait and see until a refinery blows up spectacularly ( I am banking on the Iranians to do that as revenge). Or better, let them test the efficacy of a reactor containment vessel after cyber attack.

Our politicians and leader are corrupt ignorants who are 100% capable of manipulating the sheeple, but they don't have and don't want a clue about technology. That is all "geek stuff" and they want to play angry birds instead of learning anything "hard". Compare that to the Chinese Politbureau, which is stuffed full with engineers and they apparently manage to kill the "social science" turkey that is the western world leadership - one cheap excavator, one cheap telephone at a time.

Industrial machinery is easily hackable if... (1)

couchslug (175151) | about 2 years ago | (#41793355)

...you have physical access and hand tools. The ease of access in-place isn't a problem.

Controlling access itself is the problem.

tell that to the PHB who said we can save my remot (1)

Joe_Dragon (2206452) | about 2 years ago | (#41793455)

tell that to the PHB who said we can save by remoteing control to some offsite place.
 

Re:Industrial machinery is easily hackable if... (0)

Anonymous Coward | about 2 years ago | (#41793779)

You know CouchSlug, everyone else hooks up their systems to the internet and has no security problems whatsoever. I never heard of any security issues with any of them. The only one who seems to be unable to do so securely is you! Should I hire someone else?

- Sincerely, your PHB Boss

Speaking of hacks... (-1, Offtopic)

93 Escort Wagon (326346) | about 2 years ago | (#41793381)

Okay, this is almost certainly a bug rather than a hack. But right now I seem to have unlimited mod points here on Slashdot. It tells me I have 15 of them - but, no matter how much moderation I do, after each one I have "14 points left". Then when I go to a new page, I still have 15.

What's funny is I am unable to find a good way to contact the Slashdot powers-that-be to report this.

Good thing this isn't particularly important...

Re:Speaking of hacks... (0)

Anonymous Coward | about 2 years ago | (#41793471)

I'd mod you off-topic, but seeing as you're in slashdot-superuser mode you'd just remove it.

Re:Speaking of hacks... (0)

Anonymous Coward | about 2 years ago | (#41793515)

Same thing has happened to my account. I just thought they loved me.

Re:Speaking of hacks... (0)

Anonymous Coward | about 2 years ago | (#41794197)

Not just you - I'm god here too now.

Re:Speaking of hacks... (1)

ColdWetDog (752185) | about 2 years ago | (#41794249)

Well then, the Gods Must Be Crazy.

(Actually is happened to me earlier this week. I think it's Obama's fault.)

Re:Speaking of hacks... (0)

Anonymous Coward | about 2 years ago | (#41794693)

Did you accidentially log in to the Microsoft account?

Easily hackable? (1)

manu0601 (2221348) | about 2 years ago | (#41793383)

What we have here is a TCP port that let you have an unauthenticated shell access. In other words, this an easy to find backdoor. It is so easily exploitable that I am not sure it even deserve the term "hack".

Re:Easily hackable? (1)

godrik (1287354) | about 2 years ago | (#41793837)

Nobody will ever think of doing "telnet nuclearbomb.gov 1337". That would be too simple!

Naaah (0)

Anonymous Coward | about a year ago | (#41795527)

You are over-simplifying it. The Great General Curtis LeMad (or was it LeMay ?) ordered all the nuke locks to be set to "1111111", to ensure a Quick Armageddon Capability. He essentially gave a fuck about technology and relied 100% on "command authorization by voice".

Industrial Manufacturing is changing (1, Offtopic)

hypnobuddha (2743161) | about 2 years ago | (#41793563)

With the emergence of 3D Printers, rapid prototyping and the domestication/democratization of manufacturing, I don't think it's going to do so much harm. Manufacturing is undergoing a revolution. Many parts (and even burritos... Google that up to see what I mean) will be "printed out" at home. People won't give toys and dishes for Christmas, they'll gift the blueprints and some resins instead. Heavy Duty Industrial will remain somewhat the same, but not manufacturing as we think of it now.

Re:Industrial Manufacturing is changing (1)

hypnobuddha (2743161) | about 2 years ago | (#41793577)

Using Slashdot's mobile app (which is excellent btw) but I wasn't aware I needed HTML for simple paragraph breaks.
You'll just have to imagine them ;-)

"...unneccessarily connected to the Internet" (0)

Anonymous Coward | about 2 years ago | (#41793651)

"many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea."
Someone is finally getting it. These systems are __not__ designed to be secure. It would cause too many problems, make things needlessly complex, as well as much less robust.
The one good thing is, the languages these things use are quite esoteric - the example given, CoDeSys, is programmed in a block diagram language. It is NOT easily understood, and if somebody uses custom blocks (as my company does) you stand even less a chance of figuring out what it does.
CAN it be done? Well, of course. There is Stuxnet. We have learned, though, that Stuxnet was created just for one brand of SCADA system, running one brand of PLC, and using one particular type of variable-speed drive.
And, yes, we do have customers who utilize "air-gap" security. Very successfully, too.

Licensing. It's all about licensing. (5, Interesting)

Anonymous Coward | about 2 years ago | (#41793745)

I was doing some electrical work at an oil refinery up north in Canada about 5 years ago. I wasn't specifically attached to their control systems or PLCs, though since the electrical was intertwined with a bunch of the automation I naturally knew all the guys who were taking care of that portion of the project since we were required to collaborate together.

On one particular day, I entered the facility as usual and was heading to an unfinished section to check out some conduit. On my way there I noticed a CAT5 cable stretched across a walkway, disappearing into a stairwell. This was so incredibly absurd and suspicious that I just had to see what the hell was going on, even though something in my head told me I didn't want to know. I traced the cable back to the management office where it was plugged into one of the network switches. Okay, weird- follow it back in the opposite direction, all away across the plant- after about 80 meters there was a hub/repeater dangling over a walkway rail plugged into the wall and another CAT5 cable stretching off into the oblivion. Following the second extension cable led me to a set of PLCs and a group of the control guys throwing vulgar insults at an Allen Bradley PLC unit.

Turns out the PLC was a "new" model. Instead of handling the licensing through a floppy disk (!) like all the old units did, this one used some sort of a proprietary activation scheme that had to run over the friggin' internet before the PLC would actually do anything. The CAT5 cable I'd traced about 180 meters across the plant going back into the office internet connection was setup to allow this process to complete, since they had apparently failed to do it earlier when the system was OOTB but not yet hooked up.

They eventually got it all working, but it took them about 5 hours of fiddling to get the damned thing working properly.

Shit like that is the reason why things are hooked up to the internet, sometimes improperly. I know there's certain requirements for remote monitoring and such, and that should all be done over an isolated, encrypted VPN- but then you've got licensing bullshit like this that expects to phone home to a random server on the internet with little or no fire walling in-between. There's no reason for it otherwise- apart from the PLC guys wanting to make sure you're licensed and all paid up, god forbid anyone should buy a second hand PLC and reprogram it to do something useful again.

-AC

why no dongles? (1)

Joe_Dragon (2206452) | about 2 years ago | (#41793995)

That seams like a good way and they can be hard to copy as well.

Re:why no dongles? (1)

Billly Gates (198444) | about 2 years ago | (#41794159)

Because God forbid someone would sell them used and deny megacorp profits!

This way everyone is forced to buy new only as if you used a dongle then someone could sell them. Can you imagine how much the car companies would love to make buying used cars illegal?

Re:why no dongles? (0)

Anonymous Coward | about 2 years ago | (#41795329)

"seams"?

Re:Licensing. It's all about licensing. (0)

Anonymous Coward | about 2 years ago | (#41794479)

The PLC doesn't need the activation license. The development software, in this case RSLogix, does. That resides on a computer, probably a laptop. Maybe someone was providing remote support.

Re:Licensing. It's all about licensing. (2, Insightful)

Anonymous Coward | about 2 years ago | (#41794519)

The only 1-time internet activation required on Allen Bradley equipment is the computer software (RSLogix 500/5000) to program the PLCs, AB PLCs don't need to be activated ever. (new or old).

As a PLC/PAC guy I am a HUGE fan of Ethernet/IP. It is the best fucking thing ever and people on this thread have no clue about the security of this technology. Try difficult (servos) programing with DeviceNET, Its a fucking joke and a waste of time, old technology. We have to have access to 100's of PLCs on our network to 1 computer for data accusation for the scale weights, which gets emailed to our QA people. Its impracticable any other way.

Steps to make Ethernet/IP secure (Allen Bradley in particular)... reminder I am an AC
1) keep the physical key-switch on the PLC in RUN MODE. No virus/program can write to the PLC when it is in this mode (Excluding global tags/variables, so intelligent programming is required).
2)Firewall, limiting the Ethernet location accessible to the Network we only have 2 ports accessible in our entire plant (outside of the plant floor). Everyone else is denied. And lock those computers down to hardcore.
3) keep it on a separate subnet (more for speed then security)

The only thing that scares me is Remote IO over Ethernet/IP (Flexlogix)... because it takes A FULL MINUTE to acquire/connect an IP address at startup before all the moving objects get set to their default positions. and that's a more safety then security issue.

Re:Licensing. It's all about licensing. (1)

inasity_rules (1110095) | about 2 years ago | (#41795019)

I have found DeviceNET a pleasure to work with. Omron do it extremely well, and it is very easy to use. It is also sufficiently fast for most applications. My biggest hassle was connecting a Toshiba PLC to an Omron SliceIO system. Once it was working though, it worked exceptionally well. I'd much rather work with DeviceNET than ethercat or any of the other systems.

Re:Licensing. It's all about licensing. (0)

Anonymous Coward | about 2 years ago | (#41795165)

I have to ask. Why not just courrier flash drives and put this needless step to rest. If you are a high profile target you have to assume that the entire world has their own IT dept with their own objectives. PLCs that control large scale operations can cause damage to both the employees physically as well as the company as a whole. Just courrier out an encrypted usb drive and make sure you hand out in person the operation instructions at the training sessions that consern those instructions.

It always seemed to me that connecting anything that is really this important (Security, Monetary, etc) systems to the internet at *anytime* is a kin to having a top secret meeting at the local Starbucks during a morning rush. We can move a small box across the globe in just over 24hrs, why not just spring for it?

Re:Licensing. It's all about licensing. (0)

Anonymous Coward | about 2 years ago | (#41795343)

"data accusation"? I hope you don't write that way in work emails.

It's more about lack of knowledge (5, Informative)

WebCowboy (196209) | about 2 years ago | (#41794733)

The CAT5 cable I'd traced about 180 meters across the plant going back into the office internet connection was setup to allow this process to complete, since they had apparently failed to do it earlier when the system was OOTB but not yet hooked up.

Assuming it was all Rockwell/Allen+Bradley gear then it was undoubtedly the FactoryTalk Activation system they were struggling with, and they were undoubtedly unqualified to be doing the work they were assigned to do (disclosure: I am a former Rockwell Automation employee so I have familiarity with the subject, but apart from that I do not speak on behalf of any employer past or present here).

First and foremost, Allen+Bradley(AB) PLCs don't need activations, so the licensing really isn't relevant to this story. AB makes a crap-pile of profit on that hardware the moment they've sold you the box--activation makes no sense. What DOES need to be activated (and is what creates profit for the Rockwell Software division) is the RSLogix programming software, without which the PLC is as useful as a doorstop. So unless they were completely clueless they'd have just taken their laptop into the office and activated their software then come back, rather than break all sorts of IT, security and safety rules stringing out 180m of CAT5 and a spare switch to get internet. The same goes for their drives--the drive units don't need activating but DriveTools software on the programming laptop may have.

That said, there may have been an industrial PC like a VersaView or third-party unit running the Rockwell HMI software and was bolted into the cabinet with un-activated software for some reason, but Rockwell/AB have thought of that...

The legacy licensing system used utility software called "EVMove" and relied on "master disks" (towards the end you could set up a USB flash drive) and in the field this was a royal pain in the ass--floppies and their drives are far too sensitive for such an environment, and USB memory sticks are terrible to manage and secure. Thus the development of the FactoryTalk Activation internet service-based scheme. Though it requires the internet the end system does not need to be connected to activate. The easy "wizard" way sends a "host ID" (the ethernet MAC address or some such number) from the end device to Rockwell via the internet. However, you can actually write down the mac address, or generate the hostID file on the target machine, then go to an internet-connected computer and type the hostID into a secure web form or upload the hostID file. The website then generates a license file that you can save to removable media or a laptop/portable machine to take over to the target machine physically, thus preserving the air gap (and making the method more similar to the old EVMove floppy method).

I do agree that licensing/DRM/activation is a big problem that costs end users millions of dollars globally (above and beyond the actual purchase cost of the products). It adds complication and downtime and confusion and contributes exactly zero value to its users. One might argue about its value to the vendor as well--FactoryTalk activation and many other similar schemes are just as trivial to circumvent as CoDeSys' ladder logic runtime for hackers, and adds the burden of extra support costs from the honest users it keeps honest. But the problem in industrial automation is bigger than that. The problem is that the world in general moves faster than industrial control systems can keep up, and the people who have "experience" honed their skills in the mid 1990s or earlier and haven't kept up. In the meantime, PHBs of the world in management and government demand of them far more than they are capable of delivering.

It used to be that refineries/factories/etc were content with paper chart recorders where operators and plant managers could peruse them if something came up to troubleshoot. Then came data recorders where you could plug in a serial cable or transfer via floppy to a computer for more detailed analysis. It was enticing to have that ability, but that is where control systems' suitability ended, whilst requirements kept getting more demanding. As hard-wired operator boards gave way to computer driven HMIs these industrial controllers became more and more networked and intertwined with PCs. Standalone data loggers and paper chart recorders were suplanted by "process historians" -- centralised data logging systems. With that came the demand for data retention, off-site backup and "real time information" which meant that these historian servers, with full read access (and sometimes write access) to control system networks had to have some path out to corporate networks, which usually have internet accessibility in some fashion. Thus the air gap closes.

It is easy to say "just unplug it from the internet" but the real situation is much more complex. Nowadays, government regualtions mandate the collection, retention and submission of data from many industrial processes so it can be disclosed on demand in the event of an incident. Simply "unplugging" an industrial network in many if not most cases can be considered braking the law! In order to provide sufficient perimiter security and still allow for the collection and off-site retention of his data these facilities have to spend considerable time and money thoroughly developing their IT infrastructure as well as their policies and procedures, and NOBODY from vendors or regulators have provided anything CLOSE to sufficient guidance to those techs and engineers working with 20-year-old knowledge.

The requirement for an "air gap" is impractical at best and impossible at worst--the ultimate solution is to drag the automation industry into the same decade as the rest of IT, and to mandate coverage of industrail IT/networking un the curriculum for engineers and technologists in the field. The scenario described in the parent post sounds absurd, but I've seen both "senior" guys who haven't been able to keep pace and newbies alike do the same kind of silly things.

Re:It's more about lack of knowledge (2)

inasity_rules (1110095) | about 2 years ago | (#41794971)

You are correct sir. We have never had to connect any PLC to the internet, and we deal with almost all manufacturers. Rockwell's horrible licensing scheme is why we don't use them so much. Other PLC manufacturers give SIs their software cheaply because that sells lots of hardware that way. Not Rockwell. I suppose it is better than Toshiba's "free" software (which I think was last updated in the 90s), but come on, don't Rockwell want to sell hardware? Even the evil Siemens practically fell over themselves trying to sell us their software, with demo versions and SI discounts. And the software from other manufacturers normally lasts more than a year before bombing out. Rockwell are near impossible to deal with for a small SI.

We normally try to get around the security issue (when an air gap is unpractical) by having a separate control network with one PC on both networks. This isn't the best of solutions, but it is probably the most practical we've come up with.

no need for internet connectivity (2)

npridgeon (784063) | about 2 years ago | (#41793867)

I've said it before, and I'll say it again: What possible reason could industry have to put controls networks on the internet? I can understand putting some type of reporting on the internet, so the bigwigs can keep track of up to the minute production. *disclaimer: I am an industrial electrician. I work on industrial controls in a sawmill. The day a production foreman asks us to give him control of machinery over the internet is the day I find a new industry.

Re:no need for internet connectivity (2)

thebigmacd (545973) | about 2 years ago | (#41793943)

This is very common in the HVAC industry. Customers want to be able to check on their building on their smart phone at home over the weekend. Even without that requirement, the systems get put on the local intranet with everything else because the customer will not provide a separate network nor allow us to add our own. Very few of our customers put HVAC controls on separate VLANs with no access to the Internet.

Re:no need for internet connectivity (2)

Jimbookis (517778) | about 2 years ago | (#41794041)

Yah well I have solution... make them (the managers) utterly aware of the situation and risks in writing so they can't disavow any knowledge when it goes haywire. As an aside the engineer in me says if you want to monitor the state of a HVAC or any control system, keep the control and internet connected networks separate and using a data diode (http://en.wikipedia.org/wiki/Unidirectional_network) spit out some self contained UDP data with system state information but not allowing any control signals of any kind back into that more secure network.

Re:no need for internet connectivity (1)

Billly Gates (198444) | about 2 years ago | (#41794847)

In writing? Jim Books? Everyone else has them accessible on their ipads and iphones and I never hear about any security problem. The only one who has a problem doing this securely over the internet is you! If you are not capable of doing the job do I need to find someone who will do it securely? As a PHB I need up to date information in a modern way like everyone else.

Sincerely your PHB

In a more serious note we need to wait for a terrorist attack like what Iran is planning and a possible nuclear power plant meltdown. Only then will the phbs be convinced it is a bad practice and laws against this will take place sadly. When money talks shit walks and it always wins everytime until proven it is a bad idea later.

Re:no need for internet connectivity (1)

murder_face (2574275) | about 2 years ago | (#41794231)

I have seen this first hand with HVAC. I worked on a Walmart in Orange County California and the HVAC guys were having some problems with the EMS controls, instead of just being able to make the adjustments themselves they had to call Bentonville Arkansas and ask the guys there to make a few minor adjustments.

Re:no need for internet connectivity (3, Insightful)

gman003 (1693318) | about 2 years ago | (#41794547)

My father works in an industry that uses a lot of PLCs and such. This is what he's told me:

Quite often, even though the PLCs run on their own locked-down OS, the console to manage it is just a standard Windows desktop. Kind of logical - it's just to display what's going on, maybe issue manual commands, but it doesn't "run" the system. And they're *designed* to be connected only to the LAN, not have any physical connection to the Internet. But quite often, he comes into an installation site and sees that they've plugged that desktop into the Internet, just because it had a port for it (or so the techs monitoring it 24/7 can relieve the boredom, against all procedure). So they end up connected to the internet just because the off-the-shelf desktop the blinking-lights-display runs on has an Ethernet port.

He's also told me pretty much everyone keeps the default password. Three fucking characters.

Would it terrify you to know that many of the sites he works at are power plants, both coal and nuclear? He doesn't touch the "functional" parts, but it still says bad things about their approach to security.

Re:no need for internet connectivity (2)

inasity_rules (1110095) | about 2 years ago | (#41794985)

Ask him about the horror of OPC and DCOM. As a result of those two abominations most people just disable all security and add "Everyone" to all the lists in order to just get the damn thing working in a reasonable amount of time.

Car analogies are passe so here is a sex analogy. (2)

WebCowboy (196209) | about 2 years ago | (#41794807)

Preaching that automation systems be kept off the internet is like preaching abstinance until marriage to teens. It sounds like the lgical solution to all the problems but it is unreasonalbe to ever expect it to happen, so the best course of action is to educate on how to do it safely and responsibly.

Ther are many valid reasons that automation systems are connected to the internet in some fashion (though they never need direct internet access). Some of those reasons relate to not braking the law.

In industries like oil and gas, regulators require data to be collected 24/7/365 on all critical aspects of an operation. If an environmental or safety incedent were to happen and such data was not available for scruitiny it could lead to the permanent closure of that operation in extreme cases. Lack of due diligence in such matters can mean huge monetary fines and even jail time for wilful violations.

As such, in those operations a "process historian" server is standard equipment. These are central data logging servers that have essentally full read-only access to the industrila control system, and even some limited write access too (say, to assert a bit in a PLC to confirm it has received data, or to reset a totaliser or set a new batch number). Becasue of how vital the data is, there has to be some way to get the data off-site for archival and reporting purposes, and because of the volume of data and the immediacy that is demanded removable media is not an option. Thus these systems end up with some means of corporate network access. This does NOT mean the need "direct internet" access, but very commonly it means tunnelling through public/internet infrastructure via VPN (the "condom" if you will). Though technological measures can be taken to make this route into the plant impeneratable, it is complex enough to set up that people make mistakes and thus you end up with "holes in the condom".

The other use for outside conenctivity relates to support from off-site engineers, vendors and operators. A control system can be set up to report critical alarm conditions to smartphones, email inboxes and the like automatically with much more rapidness than a human operator at the board can do. The more rapid response to a critical incident the less likelihood for loss of revenue, damage to equipment, and injury or death of workers (again, in the case of "sour sites"--thouse that deal with natural gas containing deadly H2S, rapid response is vital to evacuate the facility and surrounding area and some of these are required by law).

So "preaching abstinence" in the complete absence of "sex education" is a bad idea. It is ineffective to say "disconenct from the internet" and not say how you can manage network security safely and responsibly, because at some point these people will be pressured into doing it and need to be able to "say no" if they aren't ready, and to know when and why it is "the right time", becasue if you DO use that internet connection responsibly it can actually be a great experience ;-)

Soon pinball games will have WIFI and PC's dirvein (0)

Anonymous Coward | about 2 years ago | (#41794013)

Soon pinball games will have WIFI and PC's driving them.

Just think of the fun some can do by hacking one and they better not put windows on the pc's. At least lunix is safer but they still need to update the OS so hackers can use a hole to get into the system and better be a good watch dog system so some can lock a coil on and maybe start a fire.

No shit (0)

Anonymous Coward | about 2 years ago | (#41794147)

And an "air gap" is not exactly the answer because that will fail in a lot of cases too.

Good luck

Slight plug here, and I told you so. (1)

bytesex (112972) | about 2 years ago | (#41794905)

We've been saying this for years, but then again - our company makes data diodes.

Different worlds between Office and SCADA environm (0)

Anonymous Coward | about 2 years ago | (#41795075)

The industrial world with PLC's and SCADA equipment is totally different then what we hav ein our offices.
That is often hard to believe, but the industial world is still 10 years behind on IT. And with a good reason.
Current systems simply do guarantee the responce time needed for a lot of process control situations.
Imagin what would happen if your pressure control value would suddenly deside that it is time for a virus scan, of then it wants to reboot because microsoft has issues a bugfix for the office environment that is nowhere found on the pc, but still it has the checkbox 'reboot' marked in the installer.
Every update is a nightmare for these environments because it needs to be checked and checked again befor it can be taken into production. When it;s into production it cannot be changed so fast as more processes are 24/7 running. There are even chemical processes that take days to startup. No late night server reboots for these guys.
This mixture makes it very hard to evolve the overall IT environment as they need systems without bugs and we are all so very used to live with buggy software.
 

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>