Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say

"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

At some point...

[toonces33]

They just ought to sever all internet connections in and out of Russia.

Re:

[SharpFang]

If the Russians could skip air-gap inside secure US facilities, you think air gap around their borders will be of any use?

Re: At some point...

[Type44Q]

Tell me about it; the Russians have been doing this to us (and us to them, and everyone to everyone else) for so long that I'm sick of it; obviously implementing proper security isn't the way to go about this anymore.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[polar red]

the banks have that money, and the "democracy" by the balls.

Re:

[butchersong]

Russian proxy always equals Russian hackers. Everyone knows that.

Unpossible!

[amicusNYCL]

I don't believe it. Deep state. Carter Page. Witch hunt.

It's probably best to just end all investigations towards anything related to Russia.

Re:

[Rockoon]

Doent pass the smell test.

Hackers reached the point whee they could throw switches... but apparently didn't throw any switches. Bullshit.

Re:

[Opportunist]

Just because I can bring down the internet doesn't mean I do it right away. Timing is everything when you're doing a hack.

You know you're joking

[rsilvergun]

and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki. What I find especially odd is most of his supporters are old enough to have been cold warrior types. It'd be one thing if Putin wasn't ex-KGB. There wasn't much in Russia to fear (they were pretty blasted out by WWII) but their KGB seemed to know damn well what they were doing.

Re:You know you're joking

[sjbe]

and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki.

That's because he is down to more or less just his psycho base supporters. An alarmingly large group but they support him no matter how crazy he gets. He could start a nuclear war and they would cheer him on the whole way and probably try to find some way to blame Obama or Clinton for it.

What I find especially odd is most of his supporters are old enough to have been cold warrior types.

His supporters are not that old as a general proposition. He has too many of them for that to be the case though certainly a fair number of them are older. Heck I'm old enough to have been around during the later decades of the cold war and the people that really lived through the middle of it are drawing social security now. Trumps supporters are more diverse than just old people.

Re:

[drinkypoo]

You say that to comfort yourself and mentally reinforce your moral superiority, but if Trump's base alone gets him to 45%, that should scare the shit out of you.

It is both true, and shit-scaring.

Re:

[cascadingstylesheet]

What I find especially odd is most of his supporters are old enough to have been cold warrior types. It'd be one thing if Putin wasn't ex-KGB. There wasn't much in Russia to fear (they were pretty blasted out by WWII) but their KGB seemed to know damn well what they were doing.

What I find odd is that the old white leaders of the Dems today were all giving Russia big wet sloppy kisses while Putin was still KGB and while Russia literally was a communist dictatorship with gulags and everything.

Re:

[rtb61]

My mind baulks at how anyone can control anything across an true air gapped network. Unless the people controlling it are fucking morons and left wireless gear in there. Also doesn't matter what the fuck the attack, air gapped is meant to be gapped, nothing goes onto it that hasn't been scanned, you only plug in clean computer without wireless anything, all applications checked, all data checked. Work hard enough to create a proper airgapped network nothing gets on, the only way something gets on is down to

Re:

[amicusNYCL]

Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki.

I know. I don't know if everything is to be blamed on Russia or not, but I know one of their goals is to divide the US. If people can watch a president talk all tough on Twitter, then show up and fold like a cowardly wet paper towel, sell out our country, and talk about how strong our greatest adversary is, and still like the president, then I'm inclined to believe that Russia's machine is doing its job.

It'd be one thing if Putin wasn't ex-KGB.

"There is no such thing as a former KGB man." - Vladimir Vladimirovich Putin, responding to Prime Minis

Re: You know you're joking

[dave420]

That the way Trump wishes to do it is indistinguishable from someone who is compromised and being used. That's the scary part.

US/Russia relations

[sjbe]

What are you so afraid of?

If you have to ask that question then you know fuck-all about US/Russia relations over the last 80 years.

What is so terrifying about the US and Russia improving relations and bringing a little more piece to the world?

What's terrifying is HOW Trump is trying to do it. Peaceful cooperation with Russia is a reasonable goal but not at any cost or by abandoning countries that actually are friendly to the US. Russia is NOT a friend to the US and pretending that the interests of those two countries have somehow magically aligned because Trump is in the White House is absurd.

Re:

[rtb61]

Do you not know, being a friend is a two way street. the USA is friend to no one and as publicly stated the US governments demands that it must dominate the entire globe in every sphere of human activity, starting off with the military industrial complex and nuclear weapons targeted at every single other country on the globe

From the rest of the planet's viewpoint it's not fuck Russia, it's fuck the war warmongering USA. Yeah, you guys are the enemies of peace on this planet, not Russia and not China, USA n

Nation states don't have friends

[sjbe]

Do you not know, being a friend is a two way street. the USA is friend to no one

No nation state really has friends. Friend is a term of convenience and nation states in reality do not have friends. The US and Canada are about as close to "friends" as any two countries can get but I assure you that is only because of interests that happen to align. The US and western Europe are "friends" and if you don't understand why then you need to go study your history before posting any more drivel.

as publicly stated the US governments demands that it must dominate the entire globe in every sphere of human activity, starting off with the military industrial complex and nuclear weapons targeted at every single other country on the globe

Citation needed.

From the rest of the planet's viewpoint it's not fuck Russia, it's fuck the war warmongering USA.

Warmongering US? As opposed to Russia which just invaded Crimea and is actively

Re:

[amicusNYCL]

NATO wasn't a thing in 1917 or 1941.

But it has been since 1949, and it held the Soviet Union back since then. That's what Putin wants to change.

Trump's merely calling them out on their freeloading.

No, Trump is only grandstanding, playing to his base. You can tell by his recent NATO meetings when he talked about getting everyone to agree to do more. Well, he lied. He didn't. They didn't agree to anything more than what they agreed to during Obama's term, which was to increase defense spending to 2% of their GDP by 2024. That agreement did not change, but Trump was still trying to sell his

Re:

[amicusNYCL]

What is so terrifying about the US and Russia improving relations and bringing a little more piece to the world?

Despite what the president tells you on Twitter, Putin's goal is not peace and improved relations. Putin wants to break apart NATO, he wants to break apart the EU, he wants to disrupt democratic governments and would rather deal with autocrats and dictators. These are his goals, not happy fun times and unicorns. He is working to achieve them, and has been for decades. One of the ways his intelligence services help accomplish this are by creating divisions in other countries. Look at Brexit. Look at Tr

Re:

[AvitarX]

Well, I'm using the 538 rolling average, so it's at least slightly resistant to both error and movement.

It seems to take at least a week for any change.

The 10-11 threshold seems to be pretty relevant though, it's when generic (midterm) polling starts to break 9% and Republicans start to maybe sort of not rubber stamp everything about Trump. 9% poll lead puts the senate in the realm of possible for the democrats (obviously individual races will have effects, and likely the real life gap will need to be a tou

Re:Quick Change Topics!

[PopeRatzo]

Our last bit of blaming 12 Russians for hacking the DNC server was called out in less than a day. They know the FBI hasn't looked at the server and Crowstrike is unwilling to testify that Russia hacked it.

Amazing. Every single word in those two sentences was wrong.

Re: Quick Change Topics!

[PopeRatzo]

I will keep it simple: what YEAR did the FBI examine Your Highness mail server?

2016.

https://motherboard.vice.com/e... [vice.com]

Here is some more background on Trump's "Where is the server?" lie:

https://www.politifact.com/tru... [politifact.com]

Re:

[Archangel Michael]

https://www.cnn.com/2017/01/05... [cnn.com]

That is a bit of news from the time it happened, not a few days ago, after they needed to show they did have access to the server.

Washington (CNN)The Democratic National Committee "rebuffed" a request from the FBI to examine its computer services after it was allegedly hacked by Russia during the 2016 election, a senior law enforcement official told CNN Thursday.

SO, which story do you actually believe? The one where they rebuffed attempts to inspect the server, or the one that they're using now, that they had the servers the whole time?

Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of

Re: Quick Change Topics!

[PopeRatzo]

Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"

The FBI is not the "Intel Community". They're law enforcement, no less than your local cops. They have about the same record of integrity, too, which is saying, "so-so". But they take the whole, "national security" thing pretty seriously. And that includes all the Trump appointments, and his director of national intelligence and his attorney general. And while you're being Inspector Gadget finally trying to get the dirt on Hillary Clinton, there is a legal noose tightening around Trump's neck. Indictments, convictions, guys in jail.

And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.

So, the question you have to ask yourself is if you believe Donald Trump or people appointed by Republicans to be FBI director, attorney general, FISA judges, etc etc. You can either trust people that have actually earned trust or a guy who changes his story about what he actually said on live fucking camera four times between Monday and Thursday.

Not you, ArchMike. It's too late for you. The question is for other people reading this. You're already too far gone down the 4chan hole looking for pizza and crisis actors. The question is for the grown folks.

Re:

[swillden]

And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.

I can't find any evidence of the Trump Justice Department saying that.

What we do know is that back in 2016 the DNC hired the respected cybersecurity firm CrowdStrike to determine if their mail servers had been hacked, and how, and by whom -- and to make sure the attackers were booted out. CrowdStrike made forensic images of the servers for analysis and provided copies to the FBI. James Comey said during his January 2017 testimony before Congress that "We got the forensics from the pros that they hired w

Re:

[PopeRatzo]

There is one problem with the CrowdStrike-provided images, which is that although no one questions CrowdStrike's competence or integrity, they did not maintain proper legal chain of custody documentation. This means that information obtained from the images would be easily challenged in any criminal or civil court proceeding.

Signed, forensic images of computer system have been accepted as legal evidence for over a decade.

Re:

[swillden]

There is one problem with the CrowdStrike-provided images, which is that although no one questions CrowdStrike's competence or integrity, they did not maintain proper legal chain of custody documentation. This means that information obtained from the images would be easily challenged in any criminal or civil court proceeding.

Signed, forensic images of computer system have been accepted as legal evidence for over a decade.

Sure, if chain of custody was maintained and documented.

Re:

[swillden]

Sure, if chain of custody was maintained and documented.

The chain of custody on the forensic images has not been questioned.

Well, maybe by Hannity or Alex Jones or someone. Not by anyone who doesn't froth.

Unfortunately I don't recall where I read about the chain of custody issues. I don't read (or watch/listen to) Hannity or Alex Jones or anyone like that, though. Most of my news comes from the NYT and The Economist. If i can find a reference, I'll post it.

Re: Quick Change Topics!

[Type44Q]

The FBI is not the "Intel Community"

Word games from "Mr. Establishment" himself... color me surprised at your 'semantic creativity.'

Re:

[amicusNYCL]

Word games from "Mr. Establishment" himself... color me surprised at your 'semantic creativity.'

The FBI has an intelligence branch, but the FBI itself is law enforcement, not intelligence.

Here, in chronological order:

Office of Naval Intelligence, USN, DOD
Coast Guard Intelligence, USCG, Homeland Security
Bureau of Intelligence and Research, Dept. State
Central Intelligence Agency, independent
25th Air Force, USAF, DOD
National Security Agency, DOD
Defense Intelligence Agency, DOD
National Reconnaissance Office, DOD
Intelligence and Security Command, US Army, DOD
Office of Intelligence and Counterintelligence,

Re:

[amicusNYCL]

Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"

You're right, that's less of a "right vs left" issue and more of an "America vs Russia" issue. That's one of their goals - to get Americans to distrust each other and our own institutions. People need to remember who the real enemy is, it is not other Americans. The intelligence community in the US is full of people who genuinely love the country and want to see it do well, and they don't deserve these buckets of scorn. They aren't perfect, and sometimes they do something that I don't agree with, but to

Re:

[Archangel Michael]

No. You obviously can't comprehend the statement you quoted. I clearly indicated that I don't trust them, and/but I made no reference to Trump's truthiness. That kind of cognitive dissonance is why people like you come off as idiots when it is pointed out. You should try thinking in non-binary.

Re:

[Archangel Michael]

Da, My Russian is a bit rusty. Though I got my Russian Troll money! Go Putin! Yay! You should sign up, it pays really well!

Re:

[amicusNYCL]

Do they require you to move to Arkhangelsk or is that optional?

that Vice piece is a joke though

[Uberbah]

First note the weasel words:

Even so, what CrowdStrike gave the FBI is likely better than if it had seized and analyzed a physical box.

Then the canards:

"You have that image from the machine live in the network including its memory content, versus a server that someone physically carries into the FBI headquarters. It's unplugged, so there's no memory content because it's powered down.

As if the FBI has to have the hardware transported to a lab to analyze it. They have agents with functioning legs who could ex

Re:that Vice piece is a joke though

[PopeRatzo]

The FBI wouldn't trust CrowdStrike to make such an image.

Of course they would. The FBI uses contractors all the time. Especially for what the president calls "the cyber".

https://www.reuters.com/articl... [reuters.com]

Re: Quick Change Topics!

[Type44Q]

I figured even you would have the self-respect not to link to Vice...

Figured wrong, I clearly did. ;)

Re:

[Shotgun]

It doesn't change your narrative, but a quick update. The IG report and Congressional testimony has revealed that all except four of the emails on Clinton's server were forwarded to an entity outside of the US. It was reported to Strozk, who ignored it. Then led the investigation down the "no harm, no foul" road.

Re: Quick Change Topics!

[Anonymous Coward]

The millineal generation
Phrase. Literal
A generation consisting of 1/1000th of a Neal.

Suppose that were true

[raymorris]

Suppose Russia isn't constantly trying to hack the US.
We have daily news reports saying they are, that essentially they are fighting a cyber war against us and that's been going on for years, but we'll assume for a moment that is false.

Nobody is doing anything about it, of course. Obama nor Trump fired a barrage of missiles in a counter-attack, nor really made any big deal about it - they're still doimg trade deals, selling the Russians a significant portion of our Uranium, etc.

So Putin sees that nobody really cares about the reported attacks. Nobody seems all that bothered about it - not enough to demand any counter-attack.

Suppose you're Putin, or Russian intelligence, or head of Russia's cyberwarfare command. You see that constant statements that you're attacking the US don't lead to any significant response. You see that you COULD attack the US with impunity and they wouldn't do anything about it.

What would YOU do if you were Putin, or head of Russia's cybercommand, and you knew you could get away with attacking the US as much as you wanted?

If it were me, seeing that nobody cares whether Russia attacks us or not, I'd go right ahead and attack. We're getting blamed for it anyway.

So either Putin and his commanders are stupid, and not taking advantage of the situation, or you're mistaken.

As it happens, I'm a career security professional. Knowing about hacks is my job. I work at a company founded by Misha Govshteyn. Guess where Misha is from. Mr. Govshteyn and I will tell you, Russia is hacking the hell out of the US all day long. Only China sends more attacks.

Re:

[Anonymous Coward]

The Uranium bit was a red herring. It was signed off by a ton of people and overblown.

As for as Russian attacks go, I think people need to segregate issues a bit.

1. Russia did manipulate our elections with propaganda and it is plausible but not proven that those manipulations were enough to cause enough voters to vote for Trump or not for Hillary where it mattered. That is the simple truth, though it isn't spoken much. Usually people say the outcome wasn't changed, and you can no more 100% know that than

Re:

[Shotgun]

The nuclear war that could have arisen from the Bay of Pigs was averted, arguably because Kennedy knew what missiles were where.

Theory: What if everyone is tolerant of cyber spying, because it actually makes us all safer, by avoiding the "accidental wars"?

Re:

[amicusNYCL]

You see that constant statements that you're attacking the US don't lead to any significant response.

In your hypothetical world, does this include the President of the United States America traveling to see you, telling everyone how strong you are, and completely discounting the conclusions of the combined intelligence community, including his own DNI, and Congress, by saying on international TV that he doesn't see any reason why you would be attacking us? I mean, is the president talking all tough like he's some kind of badass when he's laying in his bed messing with his phone, but when he actually gets

Re:

[Shotgun]

Is this what you mean by Trump did nothing. [latimes.com]

Re:

[amicusNYCL]

Yeah, do it smart. Post anonymously without any citations to back up your claims.

Do it smart!

http://www.worldstopexports.co... [worldstopexports.com]
http://www.worldstopexports.co... [worldstopexports.com]

I'd like to know why the US and Russia are trading uranium at all. Why are we trading uranium with each other? Do we send them natural uranium and they send it back to us enriched?

Re:Unpossible!

[chill]

Congratulations! You just described one of the main reasons for NAFTA, the TPP, and other global, multilateral trade deals. The simple fact is the more countries are tied by trade, the fewer wars they have. Another "peace dividend" that President Orange Bumblefuck doesn't even remotely grasp, and hence, pissed all over.

lies

[phantomfive]

It may be true or it may be not true.....But we've had false stories about nuclear reactors being hacked before, which turned out to be standard, untargeted malware, on a non-control computer. Regardless, the DHS has been trying for over a decade to get power over the Internet, including things like the "internet kill switch." The information they release is targeted and framed to convince people to give them that power. Furthermore, we know government agencies frequently lie, and it's only gotten worse as the president has set the example.

Re:

[CaptainDork]

And, taking advantage of the president is the Republican party.

We need an October Surprise.

All the fucked up shit so far has come and gone as news.

Re: lies

[phantomfive]

What could possibly be enough of a surprise at this point? A nuclear strike somewhere?

Re:

[CaptainDork]

Almost anything, if the timing is right.

Americans have a short attention span.

Stomping on the base just a week before elections would be a good start.

Re: lies

[phantomfive]

I don't even know what you mean by "stomping on the base"

Re:lies

[toonces33]

Maybe you should read the article.

Re: lies

[phantomfive]

The vagueness of the article only gives it more the appearance of a lie. There is no evidence there, just vague allusions and scare threats.

Re: lies

[AmiMoJo]

Seems quite specific to me.

The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, âoeair-gappedâ or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

We have who, where, how and by what method. Interestingly it's similar to the technique used by the US to sabotage Iranian enrichment facilities.

Re: lies

[phantomfive]

You can say anything you want, but they haven't presented any evidence. There's not really a how, either, just some vague stuff. Compare that to the level of detail we have about stuxnet, or NSA spying, for example (which DHS also lied about fwiw)

Re:

[AmiMoJo]

Is it normal for them to release evidence to the public?

The Struxnet stuff only came out because other people got hold of it and dissected it. If you follow security blogs you can see that the same thing happens with Russian malware found in the wild. And really, it seems odd to give weight unverifiable blog posts about Struxnet, but not to somewhat reputable journalists.

Re: lies

[phantomfive]

It's normal for them to lie, exaggerate, and not tell the truth. For an example, look at what they were saying around the time they were trying to get Apple to unlock the iPhone for them.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Long-term narrative

[h33t l4x0r]

There's no really good evidence that the Russian government is involved with any of the hacking, except to say "That's something they would do". It's the fallacy of the reversed conditional,

I don't see any reason why it wouldn't be Russia.

Re:Long-term narrative

[GrimSavant]

That's a remarkable bit of denial, an excellent exemplar of why I have decreasing faith that this will end well. There is plenty of evidence that the Russians were involved in all sorts of various hacking and active measures and whatnot, but if you simply refuse to believe that evidence, then you can just deny everything and believe whatever you want to believe or whatever you are told to believe. That is one of the end goals of the concerted campaign of propaganda that the Russians been running since the Soviet era: true information no longer matters anymore and the ability to assess facts and adjust beliefs in response to facts is utterly withered.

To the particular point, the prior indictments against the Russian nationals are far more detailed than standard indictments, they are so called "speaking indictments." The most recent one this month against the GRU hackers detailed the particular methods they used and quite a bit of the timing of the attacks. And it sounds like western intelligence had high end source in the Russian government that Trump was told about prior to the inauguration [nytimes.com] confirming that the top levels of the Russian government, including Putin, were orchestrating the attacks. But again, if you can simply deny that information out of hand, and call it "fake news", then what point is there in providing any more information? What will be believed short of reality providing a swift kick to the groin?

Re:

[swb]

I'm always curious why contemporary Russia wants to be so adversarial with the United States. It made sense with the Soviet Union given the ideological nature of the Soviet Union and Communism, but makes much less sense with a basically capitalist economy and the dismantling of the Party ideological machine.

India and Brazil have more people and comparable GDPs to Russia, yet they don't have the kind of adversarial relationship with the US Russia does. Sure, there are disagreements and diplomatic conflict,

Re:

[drinkypoo]

I'm always curious why contemporary Russia wants to be so adversarial with the United States.

That's not the goal, that's the means. The goal is to reduce the power of American hegemony.

India and Brazil have more people and comparable GDPs to Russia, yet they don't have the kind of adversarial relationship with the US Russia does. Sure, there are disagreements and diplomatic conflict, but not "plotting-to-destabilize" levels of conflict.

As long as there are no repercussions, why wouldn't they?

Re:

[butchersong]

Russia does not wish to be owned by the same forces that traditionally steer the US, EU and most of the rest of the "in the club" world. Mostly the impetus is self preservation on from Putin and his inner circle mixed with a general sense of nationalist pride. This means that their actions tend to undermine the order that those forces seek to establish. Think of their wish to move a pipeline through Syria and all the crap fallout that has happened over the last few years in that country.

Cheap, crappy security

[gweihir]

Hackers only break in when security sucks. Unfortunately, that is the standard-situation these days.

Re:

[CaptainDork]

That works both ways. Remember Stuxnet.

Every goddam government is screwing every other goddam government.

Only the USA is making their incompetence public in order to give the 3-letters more power.

Air-Gapped

[Kobun]

You keep using that word. I don't think it means what you think it means.

Re:

[mikeiver1]

Kind of thought the very same thing. They are not air gaped if "trusted" vendors can remote into the network to access the building controls/ energy management systems from the outside. There is literally no way to stop this sort of attack short of having a completely self contained network with no outside internet connections and connected via dedicated fibres run with the high tension lines connecting the various generating plants and sub stations. So this will not happen. Get a generator and make sur

Re:

[pots]

I read that and assumed that this was similar to Stuxnet - they compromised the trusted vendor, who had physical access, and when the vendor went to work on the machine they brought with them some kind of compromised software update or something. It was a compromised USB key that was used for Stuxnet.

Re:

[AHuxley]

Air gapped could be some contractor standard. Contractors walking in and out with the work computing to other networks?
More of a two way sneaker net than a secure computer with updates in day and hours.

Re:

[sit1963nz]

Air-gap is defined as being the empty space between a managers ears.

Re:

[Pinky's Brain]

At the very least just give them a VLAN instead of putting them on the intranet. Switches are a big black box of NSA inserted exploits and bugs but it's better than nothing.

Shouldn't be news

[Anonymous Coward]

Several years ago I was at an IT Security dinner/presentation and they laid out some of the details behind a cyberattack on an airline. The hackers didn't go after any airline networks directly. Rather, they compromised an airline parts supplier and injected malware into webpages (or documents, I forget) and eventually 'caught' an airline when someone inside the airline visited the compromised site and was themselves infected.

I've tried to explain this to people in my industry. They don't have to be even trying to get you, just someone in your industry.

This and the massive Target breach are why vendor, their networks, and their devices should not be trusted (from a security standpoint at least).

Here's a whacky idea

[sjames]

How about ACTUALLY air-gapping the control network. If they want remote monitoring (not control), they can put a polling device on the control network. It can send all the data via a serial port with the RX connections removed to another machine on the internal network that can be reached via VPN.

Re:

[thegarbz]

How about ACTUALLY air-gapping the control network.

I have a better idea. Pratice good security rather than proposing something that ultimately gives you a false sense of security. As TFS points out these hackers breached supplier's machines and networks. That now gives them the ability to drop in a payload that will happily breach the air-gap next time someone makes a service call.

The upside about air-gapping is how effective it is, the downside is that it's like a warm blanket making you feel cosy without actually fixing the core problem that your house's

Re:

[sjames]

The vendor coming to your side of an air gap involves a laptop that has no other network connection. If you close the air gap, you are not air-gapped.

Re:

[thegarbz]

The vendor coming to your side of an air gap involves a laptop that has no other network connection.

Otherwise known as a security risk.

You misunderstand. I'm not saying don't air-gap. I'm saying don't "air-gap and be done with it". Your network architecture is a small part of overall security. Airgapping makes people incredibly complacent.

Re:

[jimbolauski]

I/O is just one of the problems, the bigger one is patching. The update software has not been thoroughly reviewed before it is brought to an air gaped system. I would be surprised if virus scans were being performed on all media brought into the building.

IBM researchers did this like, a decade ago?

[Khyber]

Yup, here's a report from 2007.

https://www.forbes.com/2007/08... [forbes.com]

That nothing has been done to fix this shit is the real story.

Sorry Comrade

[sit1963nz]

Newbie Russian hacker, he thought voltage machine was the same as voting machine.
we are saying sorry
do not worry, we will have it all good by November , yes.
Please give out best to the Donald

Squirrels and Storms

[Lije Baley]

Hackers are no match for mother nature in making the power go out. Outages from storms actually kill people every year. Spend the money on more tree-trimming if you want to protect the people.

Access procedure ??

[Archfeld]

Who gives vendors access that survives a single on-site visit ? I can remember back in the day activating vendor access ID's with a new PWD every time they were onsite, and freezing the same ID's when they left the site. They were not allowed remote access unless an engineer was onsite at the time and that remote access was physically disconnected when the incident ended and the onsite personnel left the site.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Seconded!

[tacokill]

Stuxnet was brought into an air-gapped Iranian facility just like this article describes. It was brought in via a Siemens PLC or controller (not sure which) that ran Siemens Step 7 OS on it.

The industrial controls world (like Siemens operates in) is a target rich environment to say the least. This is not an industry that is used to worrying about security and hackers. Nobody should be surprised by this.

Nonsense

[VeryFluffyBunny]

The article itself is incoherent nonsense written by someone who has little or no understanding of network security.

OTOH, I do believe that Russia and China and other states are more than likely probing USA infrastructure control systems among many other things because the USA has effectively declared a cold war on those states and is developing cyber-weapons to use against them. Russia and China would be foolish not to develop countermeasures.

Entire city lose water supply?

[myid]

Suppose someone broke into a power company, and shut off all power to a city. Would water stop running into everyone's home in the city, because the water company's water pumps stopped working?

A July 13 CBS news article [cbsnews.com] says

Director of National Intelligence Dan Coats warned of an impending, potentially devastating cyberattack on U.S. systems, saying the country's digital infrastructure "is literally under attack" and warning that among state actors, Russia is the "worst offender."

Speaking at a scheduled event at the Hudson Institute, he adopted the language of former Director of Central Intelligence George Tenet who, in the months ahead of the 9/11 attacks, warned that the "system was blinking red." Coats, citing daily attacks from Russia, China, Iran and North Korea, said, "Here we are, nearly two decades later, and I'm here to say the warning lights are blinking red again."

It's a good idea to have an emergency supply of food and water.

Teenagers can do that.

[Qbertino]

"Airgapped". ... Bullshit. Either your disconnected or your not. Secure setups are the ones that aren't connected, have no wireless or landline connection and nobody knows about. Anything else can be broken into by teenagers with access to shodan, the secretaries phone number and two or three raspberry pis.

Richard A. Clarke

[oh_my_080980980]

Richard A. Clarke was warning people about this issue since 2002. This is nothing new. Utilities were always a major security risk since security was not considered important.

newer != better

[orgelspieler]

I worked in the power industry about 15 years ago, and there was always resistance to anything newfangled. There was one exception. The ability of the HMI (we called them MMI back then) to communicate with the outside world was seen as a godsend. You could remotely tap the datalogs and see trends in things like air intake differential pressure, oil temperatures, mag sensors. All of these things would provide us with valuable information, and it was even better if you could correlate it across multiple sites

Fix this shit NOW, DAMNIT!

[Rick Schumann]

Seriously, why is this so difficult!?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[ArchieBunker]

We just had a story last week about the FBI crying that they might need to legislate crypto back doors. Coincidence?

Re:

[AHuxley]

The malware becomes self aware after a number of hours when the contractors ends their work?
Social engineering and advance malware. So advanced. So powerful. Just like any other malware that takes over home computer everyday of week and flips email.

While you're at it.

[Ungrounded Lightning]

... adopt formal methods, write good software like your life depends on it.

And while you're at it: Discard "rapid prototyping" methods, no matter how formal they look.

Start by putting a stake in the heart of Agile.

Re:

[Opportunist]

That's what your government wants you to want, so they can more easily control what you can and what you cannot see!

(No matter your conspiracy theory, I can always field one that's more insane!)

Re:

[PPH]

Even general electric isn't let in the system without a reason,

Your old SCADA version is about to expire and will cease to function X weeks after this time. Please provide access to our maintenance representative before this time in order to have an update installed. We will invoice you for the update once it is installed.

Re:

[zlives]

ummm no

Re:

[PPH]

The system need to be all open source and audited by multiple separate security companies.

Yeah, right. Lets see how well that will work.

Utility software (SCADA, etc) is covered by NDA agreements. It is customized for a particular utilities' system by the vendor and once set up, they don't want you taking that configuration information and entering into a maintenance contract with a third party.

There is also something to the fact that many of these systems are a real shit-show. And they don't want customers banding together, comparing notes and putting pressure on the vendor to clean up their a

Re:

[DavidHumus]

Because Russia and China are the two largest and most dangerous? BTW, you would have heard about China if you had been paying attention.