Maybe the fish tank shouldn't be on the same network as high value assets. That way, vending machines could be accessed by the fish tank but not the mission critical data.
We just installed a new cryo-electron microscope. It was an expensive piece of equipment. It's also very sensitive.
It is not connected to the internet. It is connected to a local network, but that local network is not bridged to the internet in any capacity.
It is hard to imagine that Thermo-Fisher was capable of realizing the security implications of having the controls connected to the internet, but a trans-national pipeline was not.
There's no mention of Superfish in this article, but is it safe to assume that this is where these "security concerns" are rooted? Curious as to what other considerations there may be.
> Either a machine is kept secure/up to date or it's not connected to the internet. If a hospital feels it can't just disconnect the unsafe machines, well then air gap the whole treatment network.
I wonder if it would be feasible to protect them with some dedicated firewall/proxy boxes or plug-in modules which could be cheaply updated (compared to the cost of updating and revalidating the whole machine), supplied by multiple vendors, etc.
Good. Malicious crackers, please destroy as many non-safety-critical water pumps as it takes for people to take security on these systems seriously. It seems most of the industrial controls industry is used to operating on a proprietary network, and when moving to IP their guess at security is "uh, firewall?".
Even non-connected systems can be a problem. Stuxnet was an example. But I think the main point is that owners of those systems think they are protected just by being disconnected.
The current problem with this architecture is the network cannot be used as a security layer. Databases, search engines, etc need ports opened to the public rather than to selected servers.
It's probably the equipment makers obligation to have this kind of internet-wide scan done on their devices. A central agency may not even know what's out there, and it's not really reasonable or efficient to have it be the gas station owners problem. Well it is kind of their problem, but it's really stupid to expect every station owner to solve an internet security problem themselves.
They opt for convenience instead of security... Infrastructure like this should not be able to be controlled remotely... but of course this is common sense.
Wouldn't the alternative be putting everything behind an airgap and foregoing creature comforts to create parallel infrastructure at great cost? Threat actors don't care about your privacy concerns either.
well we're talking about a facility that isn't supposed to be connected to the internet. so there has to be an internal actor. like there was with stuxnet
They aren't 'on the internet'. They are connected via several layers of networks with firewalls etc in between to a system which has direct access to the internet. There often is no practical way around this - data from these networks needs to be shared with business users, other companies, regulators and so on. Data diodes can be applicable in some situations, but I've never worked with a company that uses one. I don't know the details of this situation, but demanding that it be impossible to compromise infrastructure networks is ridiculous. If you throw enough money and resources at it, no network is secure.
Still a bit of an issue. Primarily the reasoning here is that if you compromise one of our systems, we'd prefer to make it as difficult as possible to traverse across our internal network.
Obviously that is mostly handled by access controls, but every little helps.
They could always just keep the "X" unplugged, it is doubtful hackers from Russia go onsite and sabotage things. Maybe this will make companies realize if they can't secure it at least just disconnect it. Everything doesn't have to be online.
I sadly suspect if a large corporation with a very small ethics department or a state actor wanted to subvert these networks, they would have very little trouble doing so. Another comment mentioned Stuxnet which proves that point rather well.
Fortunately, these plants I am talking about are food plants (yoghurt, pudding, and such), so the risk of some foreign government wanting to shut down that plant is rather low. ;-)
And the risk of becoming infected by drive-by malware is contained by not letting these machines talk to the Internet.
(There is one connection to the regular corporate network, which does have Internet access, to tell the ERP system how much of each ingredient is left so the Purchasing department will order new ingredients on time. But in my benevolent imagination that connection is one teeeny-tiny hole through a humongous firewall.)
Maybe they didn't feel safe wiring the mechanism that physically opens the doors up to a network. If you can't access that system via the network then you definitely can't exploit it. It's the old "the only secure system is a disconnected one" mantra.
They can focus all their efforts protecting the other end.
reply