Sonntag, 3. Februar 2013

Japan and Remote Control Stations, how Secure will they be to Cyber Attacks?


An fellow blogger had asked me about my opinion about Japan and Security issues that could be a threat arising from the newly planned remote control stations.  Because I think that this is a very interesting question, I would like to post my answer her, perhaps this is a good subject for discussion and and research.  


"This is a very important issue. In my projects where I am responsible for the cyber security, I do not allow remote control rooms outside the plant. This should be a requirement for all safety, non safety and operational I&C systems (all systems within the cyber security Zone model) to not have a network or internet connection to the outside). The reason is, that I see a lot of problems with a remote control or maintenance station unless, it fulfills very specific cyber security requirements. Let me give you a scenario. Usually, remote control stations do not have the same physical security measures’ as the plant has. They are not occupied all the time, so it is very easy to gain access. I do not know what the Japanese plans are, but let me include a picture of a remote control station from the US .

( I can not find that picture to save my life, but it shows a regular family home in the suburbs. This is supposed to disguised the fact, that this was a remote controlled substation)
 
That being said, it is the weakest and easiest access point for intruders or malicious indented people. Even though the Japanese are perhaps planning on using wired connections, they want to have the remote station to be able to control the systems, meaning one way communication via hard wire to the systems, meaning you can control the plant and the I&C systems from outside the plant. And what about hardening? Are they going to close non needed ports and vulnerabilities that could be exploited from a remote station? What if they do not use a hardwired connection, can you come and connect a laptop to the hub and gain access, do a traffic analysis and see packages and assign yourself an IP address and gain access to the network and see other remote stations on the grid? As you see, there are too many questions. I would definitely have strict requirements such as:
  • Physical protection and security at all times
  • Occupation of the station with personal at all times
  • Risk analysis
  • Cyber security requirements (I am unclear on what regulations they would use as a basis)
  • Us hardened systems and perhaps a data diode if necessary for one way data exchange (monitoring purposes)
  • Design safety I&C in that manner that you can send via hard wire commands to ignore all other system interactions and commands and execute the emergency action.
  • Or only allow a connections to the hard wired emergency back up systems
 I mean, they should defiantly be required to do a cyber security not safety but security detailed analysis with different attack way scenarios to get a clear picture of the requirements and controls needed.
 
 Manolya Rowe

Kommentare:

  1. This is an excellent Post and I have never come across such mindblowing ideas. Thanks for focusing on the topic in a great way.
    Bodyguard Services

    AntwortenLöschen
  2. Security is the one of the best thing which always give you a sense of Ultra security and protection against the internal as well as external factor
    home security service
    home security solution

    AntwortenLöschen
  3. Hello,

    I frequently visit your site, and I am very impressed by your site’s quality content. I commend you on this, and I wish you further success in your activities.

    My name is Alec Mwali and I work at the marketing department at VPN4ALL ltd.
    VPN4ALL is a personal VPN service that encrypts all your data transmitted over the internet and tunnels your online communications through one of our secure server locations. It changes your visibility to the World IP address and protects you against online snoopers and intruders. All in one click!

    Since your website already caters to the traffic that is also immediately relevant to VPN4ALL services, I wanted to take a moment to reach out regarding an opportunity for us to partner together, whereby you’d be earning commission on sales your referrals make referred through an affiliate link in your website.

    The commission earnings start from 25 percent and go up depending on your performance with our affiliate program, plus you get to receive a,
    •A sign up bonus of $9.95 loaded into your Affiliate account once you sign up with us.
    •Enjoy Recurring commissions on every renewals your referrals make
    •Enjoy our VPN Client by becoming our VPN active member.

    Special offer: The first three orders you refer to us will qualify you for a $5 cash bonus (money deposited into your account on top of your regular commission) + a $10 gift certificate from VPN4ALL ltd to purchase any of our packages.

    To join (or learn more about) our program you may fill out the application here http://affiliate.vpn4all.com/
    If you’re not ready to join the affiliate program right away, I would still love to hear back from you: to see how/if we can still work together. I’m very much looking forward to your reply.

    Best Regards,
    Alec/Affiliate Manager,
    Email: alec.mwali@vpn4all.com
    http://www.vpn4all.com

    AntwortenLöschen
  4. This blog provides the ultimatum information regarding power system safety regulation.
    power system safety regulation

    AntwortenLöschen
  5. Hello,

    My name is Alec and I work for the marketing department at VPN4ALL ltd.
    We provide a VPN service that encrypts all data transmitted over the internet and tunnels online communications through one of our secure server locations. It changes ones visibility to the World IP address and protects a browser against online snoopers and intruders. All in one click!

    I contacted you a few days ago with a partnership proposal in my mind. I didn’t receive your reply and I thought that maybe you had never received my email.

    I wanted to take a moment to reach out regarding an opportunity for us to partner together, whereby you’d be earning commissions on sales your referrals make referred through an affiliate link in your website.
    Or are you new to Affiliate Marketing?

    An Affiliate program is an online referral system, where through an affiliate account in our Affiliate program you can get your own individual “referral link” to promote our products.

    The commission earnings start from 25 percent for each sale and go up depending on your performance with our affiliate program.
    It’s fast, easy and 100% FREE to sign up. To join or learn more about our affiliate program, please visit our affiliate page through this link https://www.vpn4all.com/userportal/guestaffiliates.php

    If you’re not ready to promote our product right away, I would still love to hear back from you: to see how/if we can still work together. I am open for any reciprocal promotion, if you have anything in mind just let me know.
    I’m very much looking forward to your reply.

    Best Regards,
    Alec/marketing department,
    Email: alec.mwali@vpn4all.com
    http://www.vpn4all.com

    AntwortenLöschen
  6. All articles for your safety Nuclear Cyber ​​Security
    It is very valuable and should trouble us would especially like to personally thank you for the high level of the Articles. συστήματα συναγερμού σπιτιών και καταστημάτων

    AntwortenLöschen
  7. If nuclear facilities copied what cyber security procedures NORAD does for its Cheyenne mountain station they can can save a lot of time and re-inventing the wheel.

    James Greenidge
    Queens NY

    AntwortenLöschen
  8. Great Blog!! That was amazing. Your thought processing is wonderful. The way you tell the thing is awesome. You are really a master.
    it security program

    AntwortenLöschen
  9. Nice,
    Thanks for your greatful informations, working in, ASIAN AFFAIRS MAGAZINE.
    URDUTAHZEEB.
    Try to post best informations like this always

    Nuclear options: Threats and proliferation

    AntwortenLöschen
  10. There is no escaping social networking sites; MySpace, LinkedIn, Facebook and Twitter are not only a great way to keep in touch with loved ones and update others on our day to day activities,but they can also be used by organizations as a way of marketing, building contacts and promoting themselves to a wider audience.
    computer security courses

    AntwortenLöschen
  11. Thank you everybody for your kind comments and words. I will soon post new articles and content, stay tunes and thank you for following.

    AntwortenLöschen