
Norsk Hydro ASA Suffers Extensive Cyber Attack - glassworm
https://www.bloomberg.com/news/articles/2019-03-19/hydro-says-victim-of-extensive-cyber-attack-impacting-operations-jtfgz6td
======
pjc50
Aluminium plants are particularly vulnerable because the electrolysis "pots"
_must_ be kept hot, requiring a continuous supply of electricity. Supply
interruptions can be a disaster.

This has hit Venezuela badly:
[https://twitter.com/AKurmanaev/status/1104141813936545793](https://twitter.com/AKurmanaev/status/1104141813936545793)
"Today Venezuela basically crossed off an entire industry. In one day. No more
industrial aluminum production. Just like that. It’s gone."

[https://www.argusmedia.com/en/news/1863707-venezuelas-
fragil...](https://www.argusmedia.com/en/news/1863707-venezuelas-fragile-
power-grid-partially-restored) "State-owned aluminum smelter Venalum's
remaining operational units and state-owned Bauxilum's alumina production
units were destroyed by the blackout and likely will not be repaired for at
least a year, a senior Venalum official said. "The primary aluminum and
alumina sectors are dead for the foreseeable future." "

~~~
duxup
These seems like systems where the impact of disruption is so severe that it
should be effectively offline as much as possible.

Now the power source of course... hard to manage that.

~~~
lb1lf
I think I read once that the last-ditch effort in case of power blackout is
heating the ovens with gravity-fed kerosene burners to keep them from going
titsup.

No source, though.

------
0xDEFC0DE
Good twitter thread on this issue so far:
[https://twitter.com/GossiTheDog/status/1107928490580627456](https://twitter.com/GossiTheDog/status/1107928490580627456)

------
onetimemanytime
>> _A.P. Moller-Maersk A /S, the owner of the world’s biggest container
shipping company, lost about $200 million to $300 million because of a cyber
attack in June_

Very soon we'll be talking real money. How do you price your ransom...we
caused this much damage to Maersk, be smart...

------
DoofusOfDeath
Are there any companies in the business of hardening SCADA systems?

I keep on hearing about the huge vulnerability they pose, which would make me
expect a Y2K-level of focus by the industry.

~~~
bretpiatt
Dragos Inc., I interviewed one of their senior threat hunters on Cyber Talk
Radio (text recap with link to podcast audio)
[https://www.jungledisk.com/blog/2017/06/27/industrial-
cybers...](https://www.jungledisk.com/blog/2017/06/27/industrial-
cybersecurity-ecosystem-dragos-episode-39/)

------
basicplus2
None of this type of equipment should be on the internet.

~~~
newnewpdro
IMHO it was all downhill once VLAN use became the default and viewed as
equally secure as physically disparate networks.

We used to physically isolate security domains across the board. Everything is
virtualized now, which makes it a whole lot less visible when boundaries are
being violated, where it used to be _obvious_.

------
ineedasername
Stocks and commodities markets are moved by this, and someone in the know
could plan and pounce on the situation. I wonder if that's the real motive,
not the potential ransom sought.

------
chrischen
They should make it illegal to pay ransoms.

~~~
magduf
Were the affected systems running Windows? They should make it illegal to run
critical systems on Windows.

~~~
bdamm
Aside from being outdated advice, this is also globally impossible.

Microsoft Windows has got a major lock on the industrial control systems
industry. Almost anything being produced today has a Windows machine in the
workflow doing something critically important, from monitoring fluid flows to
running microchip programmers and test stations.

~~~
magduf
Then people shouldn't be too surprised when stuff like this happens, and they
should just pay the ransom: it's what they accepted by using Windows.

"That's the way it's always been" isn't a valid excuse for continuing to make
something unsafe.

~~~
bdamm
The advice is outdated because it is entirely possible for Windows machines to
be secured well enough for this work. Windows security, like Linux security,
is not a binary state with either a zero for no security or a one for
security.

They did not accept crippling ransomware by using Windows. Nobody does. This
attitude is fatalistic and somewhat juvenile.

They may have implicitly accepted crippling ransomware by not having
sufficient internal security processes.

~~~
olavgg
You are right, but still using an operating system with such large attack
surface like Windows is a worldwide industry problem. No one is saying Linux
is much better either, but there are other solutions like
IncludeOS([http://www.includeos.org/technology.html#security](http://www.includeos.org/technology.html#security))
which has a very low attack surface, if not 100% impossible. I'm not saying
IncludeOS would work in this case, but secure systems has come a loooong way
the recent years.

------
varjag
Windows tax.

