not on the LAN, no need to worry
I believe that's what the Iranians thought too - the easiest way into a LAN network is <deleted> too many to list actually.
General Electric (GE) has pushed out an update to its industrial control systems following the discovery of vulnerabilities that create a way for hackers to steal SCADA system passwords. Potential exploits based on the vulnerabilities could be abused to cause process flow disruptions in power stations, utility providers and …
Ever since 1999 everyone has known the greatest weakness of power stations is their absurd inability to stop flying motorcycles entering and blowing up the external security booths.
Further to that we also learnt that nmap is installed on the most important machine in the building and that tool alone is enough to cut the power to an entire city block.
I think they're regardless of the situation if they dont resolve the above issues.
Infect machines on the networks of suppliers near to the facility.
Wait till it infects their whole network.
Wait till someone plugs in a device that's going to be plugged into the centrifuge control network.
Device plugged into centrifuge control network.
Boom
The "Pro tip" "No system is really air gapped."
Off by one/buffer truncation error? The film readers may want to look for is "Zero Days".
http://www.zerodaysfilm.com/
Anyone seen a review/preview?
For those who may be unaware of (or have forgotten about, deliberately or otherwise - hey, it's ages ago, right?) Stuxnet, here's a ten minute non-geeky video on Stuxnet from my preferred source on the Stuxnet subject:
https://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon
Stuxnet was only the first. Probably won't be the last.
"It can be found on the BBC iPlayer website"
For readers whose UI to iPlayer is as bad as my set top box's, they'll have to search for Storyville (under whose banner this item went out), because searching for Zero Day, with or without the s, doesn't find it. The Web interface does find it, if I click on "show all results". Marvellous what you can (and can't) do with a computer these days, innit.
"A spokeswoman for GE Digital played down the vulnerabilities, which she said can't be exploited remotely. Only a local hacker in a plant or facility would have been in a position to run an attack, she said, adding that there had been no signs of exploitation."
I realise she can only say what the company tells her, and being a spokeswoman, she isn't going to say "Sorry, our security is crap. We'll fix it ASAP", but while it's likely that their software does not expose the bug to the outside world, saying it cannot be exploited assumes that the machine running it is sufficiently airgapped (or otherwise protected). All it would need is for some custom written malware to get on to the machine (such as Stuxnet) or for someone to enable access via a remote command/desktop system (Microsoft Remote Desktop, SSH or VNC for instance), as any company looking to outsource support may well do.
"saying it cannot be exploited assumes that the machine running it is sufficiently airgapped (or otherwise protected)."
I did a little (indirect) work for GE a while back, on their SCADA system in fact [adding a feature that used the analysis software from the company I was doing work for at the time], and their SCADA system ran on Windows. WINDOWS. Yeah, THERE's your security problem!
Other than that it seemed to be to be a pretty good SCADA system, so just have them tighten it up a bit more and we should be ok, right? THAT and port it to *LINUX* or *BSD*.
When there's a choice between an easy option (Windows and a few zero days) and other harder riskier options (be they Linux or be they something altogether different, e.g. getting some reliable on-site people), why would anyone *not* choose the easy option?
"That assumes that it was bug in the OS and not in the SCADA software."
No it doesn't. It is known from analysis (which perhaps you haven't read) that Stuxnet used multiple bugs, in the OS *and* elsewhere. Would it have been as easy without the bugs in the OS? Seems unlikely.
Of course there are no exploits in industrial systems. A number of steal plants have managed to have their emergency shutdown systems activated in such a way that results in their core furnaces ending up as a giant block of steel and the emergency shutdown systems broken in such a way as that was the only safe way to shut down is purely a coincidence. Nothing to see here, no industrial sabotage or hacking going on here, just move along.
Although it's a good few years since I worked on systems operating machinery via PLCs etc. I doubt much has improved in terms of security.
There would sometimes be air-gapped assumption / initial config.
However in these cases there would usually be insistent whining from someone important that they needed to get some info off the control system from their machine, and drearily inevitable security reduction be it allowing USB device to be plugged into a machine so data could be copied to the USB device, linking control machines to high up bods local network, allowing remote access to control network machine(s) etc.
More typically the approach would be the scary, it's all inside our building with restricted access so it's safe, no worries.
a/c for obvious reasons
Used to be a GE employee.
There used to be enforced air gaps in their systems, then someone high up decided that IoT looked good and that they should interconnect everything that could be interconnected.
2015 was a year of management telling all SW engineers that they had to sort out security and connect everything (even legacy stuff), but no extra fleshy resource was allowed and the normal development had to go on unaffected! More of it was successfully modified than you would expect and I suspect that it was all sorted by mid-2016. However, you then have to get it into all the nooks and crannies of the customers systems, and many of them have no idea what they have embedded in their systems.