Sonntag, 3. Februar 2013

Japan and Remote Control Stations, how Secure will they be to Cyber Attacks?

An fellow blogger had asked me about my opinion about Japan and Security issues that could be a threat arising from the newly planned remote control stations.  Because I think that this is a very interesting question, I would like to post my answer her, perhaps this is a good subject for discussion and and research.  

"This is a very important issue. In my projects where I am responsible for the cyber security, I do not allow remote control rooms outside the plant. This should be a requirement for all safety, non safety and operational I&C systems (all systems within the cyber security Zone model) to not have a network or internet connection to the outside). The reason is, that I see a lot of problems with a remote control or maintenance station unless, it fulfills very specific cyber security requirements. Let me give you a scenario. Usually, remote control stations do not have the same physical security measures’ as the plant has. They are not occupied all the time, so it is very easy to gain access. I do not know what the Japanese plans are, but let me include a picture of a remote control station from the US .

( I can not find that picture to save my life, but it shows a regular family home in the suburbs. This is supposed to disguised the fact, that this was a remote controlled substation)
That being said, it is the weakest and easiest access point for intruders or malicious indented people. Even though the Japanese are perhaps planning on using wired connections, they want to have the remote station to be able to control the systems, meaning one way communication via hard wire to the systems, meaning you can control the plant and the I&C systems from outside the plant. And what about hardening? Are they going to close non needed ports and vulnerabilities that could be exploited from a remote station? What if they do not use a hardwired connection, can you come and connect a laptop to the hub and gain access, do a traffic analysis and see packages and assign yourself an IP address and gain access to the network and see other remote stations on the grid? As you see, there are too many questions. I would definitely have strict requirements such as:
  • Physical protection and security at all times
  • Occupation of the station with personal at all times
  • Risk analysis
  • Cyber security requirements (I am unclear on what regulations they would use as a basis)
  • Us hardened systems and perhaps a data diode if necessary for one way data exchange (monitoring purposes)
  • Design safety I&C in that manner that you can send via hard wire commands to ignore all other system interactions and commands and execute the emergency action.
  • Or only allow a connections to the hard wired emergency back up systems
 I mean, they should defiantly be required to do a cyber security not safety but security detailed analysis with different attack way scenarios to get a clear picture of the requirements and controls needed.
 Manolya Rowe

Introduction to Nuclear Cyber Security

The development of nuclear energy accompanied the invention of the computers, which brought about a development that we would call the Third Industrial Revolutio. This development generated a complex of economic, political, social effects that is in some cases like in the case of power plant safety, considered national security. In this content, power plants belong to the ICS category.  Industrial control system (ICS) is a vague term to describe several types of control systems used in industrial production such as in electric, gas or water plants, as well as supervisory control and data acquisition (SCADA) systems, distributed control systems [use fully qualified domain names (FQDN) ](DCS), and other control systems (Wikipedia, 2011). All of these are defined as critical infrastructures and are considered national security objects. These infrastructures need to be protected for cyber incidents, which is defined by the NIST as: “an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability (CIA) of an information system or the information the system processes, stores, or transmits (FIBS PUB, 2006).[2] These threads might be intentional melisouse ? attacks or unintentional by caused by untrained or careless employees. In addition modern networking and communication technologies used to improve also create new cyber vulnerabilities. Care must be exercised in the selection, implementation, and operation of cyber-vulnerable ICS technologies.