

Modern Oil Rigs Vulnerable to Hackers - TallGuyShort
http://www.foreignpolicy.com/articles/2009/08/25/the_new_threat_to_oil_supplies_hackers

======
sophacles
Oh man, modern SCADA protocols suck, mostly because none of them are modern.
There are hundreds of small proprietary protocols, and a few larger
"standards", such as modbus and DNP3. None of them are very good. Frequently
they are designed to be run over serial lines (rs-232,423,485). The IP layer
for these is mostly just "ecapsulate the whole thing in an IP packet (or
TCP/UDP), and have some bad glue code for the networking". Sometimes there is
no real IP connectivity, but instead it is effectively telnet to a serial port
concentrator. Further, being designed for serial, many of these protocols (the
state machine for the prot itself, not the implementation) can't handle
multiple packet streams at once, opening easy DoS attacks (way less traffic
than "flood the network"). Finally there is no concept of authorization or
authentication, so anyone who can get a command to the right box can send a
"turn off everything" or "change parameters to damaging[1]".

To further complicate matters, these networks are usually cordoned off with
firewalls, but there are all sorts of wierd exceptions, for vendors,
engineers, consultants, etc. These may be through the front door, or via a
cellular modem randomly attached to a device somewhere in the facility. The
final complication is that SCADA networks and systems have lifetimes measured
in decades, that $1B plant better work with no significant downtime if it is
ever to be profitable. Of course with such big stakes, no one ever wants to
change anything once it is working well enough, which does not help (sometimes
with good reason, it will take a year of disassembling to get to that
controller!).

A big human factor I have not discussed yet also exists: The control systems
engineers tend to scoff at computer security folks. They think security is
easy... put up a firewall, sprinkle in some encryption and always have strong
passwords! They flat out deny that there may be real world implications to
some bug that is found, or they say "the firewall will handle that", or "its
unlikely to happen".

In all there is a lot of interesting work to be done here, as these systems
are increasingly hooked to public networks for efficiency and business
reasons, there will be more call for good security. And there are TONS of
these systems, your building's hvac... if it is medium or large it is on a
SCADA loop, power grid, traffic lights, factories, SCADA is a quiet giant, it
is everywhere and no one seems to know it.

[1] It is very much possible to tweak settings in control systems to ruin
products, to run just outside of "safe operating range" and ruin a part in 1
year instead of 10, and other subtle forms of sabotage...

~~~
gaius
_None of them are very good. Frequently they are designed to be run over
serial lines (rs-232,423,485)_

But back then, that's all they had. It's testament to the talent of those old
engineers that their systems _are_ still in use today. How much of my code
will still be running in 40 years, not much I'll wager.

~~~
sophacles
I think I wasn't clear enough. You are absolutely correct in your assessment
of those guys, 30+yrs of live system is a big deal. Its the guys these days
who, despite the tech having moved forward, and problems having been found,
and solutions to those problems being well tested, still insist that modbus is
the way to go in new systems, "just run it over ip, it'll be fine, we can
artificially limit concurrency out" (their method is DoSable in at least 4
ways).

Sometimes "its been done this way for 30 years" doesn't mean "nothing better
has been found", it means "there is a lot of inertia and stubborn-ness".

------
Engine-uity
Oil rigs should hire their own hackers to test their network security to
ensure it is safe. With the rate tecnology improves today once a new program
or engineering concept is applied it's very close to becoming obsolete. This
is companies must constanly try to penitrate their security and improvise hoow
to prevent a hacker from doing the same.

