Sonntag, 3. Februar 2013

Japan and Remote Control Stations, how Secure will they be to Cyber Attacks?


An fellow blogger had asked me about my opinion about Japan and Security issues that could be a threat arising from the newly planned remote control stations.  Because I think that this is a very interesting question, I would like to post my answer her, perhaps this is a good subject for discussion and and research.  


"This is a very important issue. In my projects where I am responsible for the cyber security, I do not allow remote control rooms outside the plant. This should be a requirement for all safety, non safety and operational I&C systems (all systems within the cyber security Zone model) to not have a network or internet connection to the outside). The reason is, that I see a lot of problems with a remote control or maintenance station unless, it fulfills very specific cyber security requirements. Let me give you a scenario. Usually, remote control stations do not have the same physical security measures’ as the plant has. They are not occupied all the time, so it is very easy to gain access. I do not know what the Japanese plans are, but let me include a picture of a remote control station from the US .

( I can not find that picture to save my life, but it shows a regular family home in the suburbs. This is supposed to disguised the fact, that this was a remote controlled substation)
 
That being said, it is the weakest and easiest access point for intruders or malicious indented people. Even though the Japanese are perhaps planning on using wired connections, they want to have the remote station to be able to control the systems, meaning one way communication via hard wire to the systems, meaning you can control the plant and the I&C systems from outside the plant. And what about hardening? Are they going to close non needed ports and vulnerabilities that could be exploited from a remote station? What if they do not use a hardwired connection, can you come and connect a laptop to the hub and gain access, do a traffic analysis and see packages and assign yourself an IP address and gain access to the network and see other remote stations on the grid? As you see, there are too many questions. I would definitely have strict requirements such as:
  • Physical protection and security at all times
  • Occupation of the station with personal at all times
  • Risk analysis
  • Cyber security requirements (I am unclear on what regulations they would use as a basis)
  • Us hardened systems and perhaps a data diode if necessary for one way data exchange (monitoring purposes)
  • Design safety I&C in that manner that you can send via hard wire commands to ignore all other system interactions and commands and execute the emergency action.
  • Or only allow a connections to the hard wired emergency back up systems
 I mean, they should defiantly be required to do a cyber security not safety but security detailed analysis with different attack way scenarios to get a clear picture of the requirements and controls needed.
 
 Manolya Rowe

28 Kommentare:

  1. Thank you John for your kind words.

    AntwortenLöschen
  2. Hello,

    I frequently visit your site, and I am very impressed by your site’s quality content. I commend you on this, and I wish you further success in your activities.

    My name is Alec Mwali and I work at the marketing department at VPN4ALL ltd.
    VPN4ALL is a personal VPN service that encrypts all your data transmitted over the internet and tunnels your online communications through one of our secure server locations. It changes your visibility to the World IP address and protects you against online snoopers and intruders. All in one click!

    Since your website already caters to the traffic that is also immediately relevant to VPN4ALL services, I wanted to take a moment to reach out regarding an opportunity for us to partner together, whereby you’d be earning commission on sales your referrals make referred through an affiliate link in your website.

    The commission earnings start from 25 percent and go up depending on your performance with our affiliate program, plus you get to receive a,
    •A sign up bonus of $9.95 loaded into your Affiliate account once you sign up with us.
    •Enjoy Recurring commissions on every renewals your referrals make
    •Enjoy our VPN Client by becoming our VPN active member.

    Special offer: The first three orders you refer to us will qualify you for a $5 cash bonus (money deposited into your account on top of your regular commission) + a $10 gift certificate from VPN4ALL ltd to purchase any of our packages.

    To join (or learn more about) our program you may fill out the application here http://affiliate.vpn4all.com/
    If you’re not ready to join the affiliate program right away, I would still love to hear back from you: to see how/if we can still work together. I’m very much looking forward to your reply.

    Best Regards,
    Alec/Affiliate Manager,
    Email: alec.mwali@vpn4all.com
    http://www.vpn4all.com

    AntwortenLöschen
  3. This blog provides the ultimatum information regarding power system safety regulation.
    power system safety regulation

    AntwortenLöschen
  4. Hello,

    My name is Alec and I work for the marketing department at VPN4ALL ltd.
    We provide a VPN service that encrypts all data transmitted over the internet and tunnels online communications through one of our secure server locations. It changes ones visibility to the World IP address and protects a browser against online snoopers and intruders. All in one click!

    I contacted you a few days ago with a partnership proposal in my mind. I didn’t receive your reply and I thought that maybe you had never received my email.

    I wanted to take a moment to reach out regarding an opportunity for us to partner together, whereby you’d be earning commissions on sales your referrals make referred through an affiliate link in your website.
    Or are you new to Affiliate Marketing?

    An Affiliate program is an online referral system, where through an affiliate account in our Affiliate program you can get your own individual “referral link” to promote our products.

    The commission earnings start from 25 percent for each sale and go up depending on your performance with our affiliate program.
    It’s fast, easy and 100% FREE to sign up. To join or learn more about our affiliate program, please visit our affiliate page through this link https://www.vpn4all.com/userportal/guestaffiliates.php

    If you’re not ready to promote our product right away, I would still love to hear back from you: to see how/if we can still work together. I am open for any reciprocal promotion, if you have anything in mind just let me know.
    I’m very much looking forward to your reply.

    Best Regards,
    Alec/marketing department,
    Email: alec.mwali@vpn4all.com
    http://www.vpn4all.com

    AntwortenLöschen
  5. All articles for your safety Nuclear Cyber ​​Security
    It is very valuable and should trouble us would especially like to personally thank you for the high level of the Articles. συστήματα συναγερμού σπιτιών και καταστημάτων

    AntwortenLöschen
  6. If nuclear facilities copied what cyber security procedures NORAD does for its Cheyenne mountain station they can can save a lot of time and re-inventing the wheel.

    James Greenidge
    Queens NY

    AntwortenLöschen
  7. Great Blog!! That was amazing. Your thought processing is wonderful. The way you tell the thing is awesome. You are really a master.
    it security program

    AntwortenLöschen
  8. There is no escaping social networking sites; MySpace, LinkedIn, Facebook and Twitter are not only a great way to keep in touch with loved ones and update others on our day to day activities,but they can also be used by organizations as a way of marketing, building contacts and promoting themselves to a wider audience.
    computer security courses

    AntwortenLöschen
  9. Thank you everybody for your kind comments and words. I will soon post new articles and content, stay tunes and thank you for following.

    AntwortenLöschen
  10. It's not my very first time to visit this blog; I’m visiting this daily and acquire superb info from here day by day.Big Data and Bigger Breaches With Alex Pentland of Monument Capital Group

    AntwortenLöschen
  11. The vital information in this blogs has allured me.freedomcashlenders

    AntwortenLöschen
  12. Thank you so much guys for giving such kind of information. This will assist me a lot.
    advanced loans

    AntwortenLöschen
  13. The blog has increased me in knowledge in a great way. I’ll surely come again here at this source. vehicle insurance

    AntwortenLöschen
  14. Cybercrime on a rise in Japan

    According to a report by the Japan Times, the Japanese Police have been consulted 54,103 times for complaints against cybercrimes during the six month period (from January to June). The report suggests that the number has gone up by 37.3% from what it was during the same period last year.

    If that wasn’t enough to convince you, we don’t know what will. Oh wait, we actually do. According to the Japan Times report, an astounding amount of ¥1.852 million has already been transferred from the bank accounts of victims this year, who aren’t even aware of it. But there’s more. The amount has already surpassed ¥1.406 million, the annual record for last year. http://www.vpnranks.com/best-japan-vpn/

    AntwortenLöschen
  15. This is quite helpful suggestion I will surely apply this into my life, thanks for imparting great knowledge. roof repair Sugar Land TX

    AntwortenLöschen
  16. You create sense out of the foremost complex topics.pay day loans

    AntwortenLöschen
  17. I never ever saw such type of blog in my life; it has incredible things to give knowledge to others. ipv d2

    AntwortenLöschen
  18. I don’t waste my free time that’s why I read the informative things when I got this blog I really enjoyed reading this.online payday loan

    AntwortenLöschen
  19. Thanks for sharing a nice post, looks like good; I will give it a try to utilize in my personal life as well. online payday loans

    AntwortenLöschen
  20. The information you have given in the blog really marvelous and more interesting. niche profit full control bonus

    AntwortenLöschen
  21. Excellent effort to make this blog more wonderful and attractive. life insurance rates

    AntwortenLöschen
  22. I will definitely come back to your site to see more splendid posts like this one. advanced loans

    AntwortenLöschen
  23. I'd like to take the power of thanking you for that specialized guidance I've constantly enjoyed viewing your blog.forklift trainer

    AntwortenLöschen
  24. This post has really made sense as compared to others. Special thanks for this. Medical Malpractice lawyer new York city

    AntwortenLöschen
  25. Hi Dear, have you been certainly visiting this site daily, if that's the case you then will certainly get good knowledge. Vine Vine Skin Care

    AntwortenLöschen
  26. Great details here, better yet to discover out your blog which is fantastic. Nicely done!!! Vine Vine Skin Care

    AntwortenLöschen
  27. I am truly inspired from your write-up and sharing this too with my friends and colleagues. life insurance and antidepressants

    AntwortenLöschen
  28. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value. Im glad to have found this post as its such an interesting one! I am always on the lookout for quality posts and articles so i suppose im lucky to have found this! I hope you will be adding more in the future…
    make money online

    AntwortenLöschen