English: SCADA HMI software operator interface (Photo credit: Wikipedia)
In 1999 a technology manager called Kevin Ashton coined the phrase “The Internet of Things”.
It was to convey the fact that not everything connected to the Internet generates data via humans tapping on keyboards. Today, these “things” now include elements of our critical national infrastructure via what are called SCADA (Supervisory Control And Data Acquisition) systems or ICS (Industrial Control Systems). Unfortunately, these systems can be just as vulnerable to attack as our laptops.
Security through obscurity has helped to protect these systems until recently as they are not obvious to regular Internet users. However, there is no longer anywhere to hide. Many know that search engines such as Google, if queried in using “advanced operators”, can reveal exposed equipment. This became even simpler with search engines such as Shodan which are specifically to help locate exposed webcams, routers, etc but which can just as easily reveal SCADA systems.
Lack of direct connection to the Internet is no guarantee of security either. More often than not, unprotected control systems can be reached indirectly using the “swivel chair interface” where a human can be convinced to transfer something from the Internet to automated systems, or vice versa.
In 2010 we saw how even the most secure “air gap” can be breached when the Iranian nuclear reprocessing plant at Natanz was infected with the Stuxnet virus. This appears to have been achieved when an operator plugged in an infected USB stick to an isolated PC that was used to communicate with the embedded computers that controlled and reported upon the centrifuges producing enriched uranium. The Stuxnet virus simultaneously caused the centrifuges to malfunction whilst reporting that all was well to the operators. Leave a USB stick lying around with what looks like a free game, and you’d be surprised how many users will plug it into the nearest computer.
Since this incident there has been a growing realisation that various elements of a critical national infrastructure are similarly vulnerable. They use similar, if not identical, embedded computer systems as were used at Natanz. The initial thought was one of defending the realm against foreign aggressors. After all, it was an obvious way to cripple a country without firing a physical shot. Why launch missiles if you can switch out the lights and turn off the water. It’s cheaper too. So much so that this form of attack has become a great leveller, allowing small nations to potentially punch well above their weight.
For a while there were detractors who have said that this type of threat is nonsense, and that it simply could not happen. However, tests were already being conducted at research institutes such as the Idaho national laboratories (known as Aurora) by the time Stuxnet was released. Such tests showed that access to these SCADA systems could not only turn off equipment that we all rely upon but it could cause the equipment to self-destruct.
Hence, embedded computing needs to be kept updated and have protection just as much as the computers with which we are all more familiar. Unfortunately, keeping embedded computers updated can be problematic. Perversely, although they may be vulnerable to remote attacks, updating their software (known as firmware if it cannot be accessed routinely by a remote computer) can require visits to the physical devices. This takes time and effort, and when coupled with a history of complacency about their risk of attack, many systems remain vulnerable for significant periods after a vulnerability is reported.
The Latest Bing News on:
Intelligent Infrastructure
- Noida Int'l Airport to get hotel with 'intelligent technology'on November 28, 2022 at 3:58 pm
As per a Noida International Airport spokesperson, the hotel will be a whole new concept featuring intelligent technology like smartphone access and services especially designed to cater to the ...
- CAES Design Win of RISC-V/NOEL-V IP for Idaho Scientific Secure Processor for US Critical Infrastructureon November 28, 2022 at 8:11 am
CAES, a leader in advanced mission-critical electronics for aerospace and defense, announced that it has won its first commercial U.S.-based license for its RISC-V/NOEL-V processor IP with Idaho ...
- Foodetective Raises $5.5M To Become the Online Infrastructure & Intelligence of the Merchant Industryon November 28, 2022 at 6:00 am
Foodetective, is the scale-up building the all-in-one platform and unified API to help merchants manage, aggregate & automate their entire tech stack & operations from a single interface with ...
- Yidu Tech Announces Results for the First Half of FY2023: Adjusted Net Loss Narrowed down 30.3% YoY, Strategic Focus Enhanced Business Resilienceon November 27, 2022 at 10:23 pm
Yidu Tech Inc. ("Yidu Tech" or "the Company", together with its subsidiaries and consolidated affiliated entities, "the Group", HKEx: 2158), a leading corporate in China's healthcare intelligence ...
- How Bitcoin And Artificial Intelligence Will Free Your Timeon November 26, 2022 at 6:59 pm
Will robots surpass our intelligence and replace us altogether? Will we combine with machines in some symbiotic merge that creates a new super being? Or are machines merely tools that will allow our ...
- Intelligent Document Processing Market to Reach $7.4 Bn, Globally, by 2031 at 21.7% CAGR: Allied Market Researchon November 25, 2022 at 5:35 am
Allied Market Research published a report, titled, " Intelligent Document Processing Market by Component (Solution, Services), by Organization Size (SMEs, Large Enterprises), by Deployment Model ...
- CISA Seeks Information for Potential Cyber Threat Intelligence Platformon November 25, 2022 at 12:28 am
The General Services Administration filed a request for information on behalf of the Cybersecurity and Infrastructure Security Agency on the availability of Threat Intelligence Enterprise Services ...
- How AI Can Enhance Critical Infrastructure Securityon November 24, 2022 at 3:21 pm
It has reached a point where technology and automation are necessary to keep our critical infrastructure secure. The field of artificial intelligence (AI) has progressed tremendously over the past ...
- Bentley Systems launches ‘phase 2’ of the infrastructure metaverseon November 18, 2022 at 1:06 pm
Intelligent Security Summit Learn the critical ... on the iTwin platform to extend the scope and interoperability of infrastructure data: iTwin Experience provides a single pane of glass for ...
- Duale lauds Uhuru investment in intelligence infrastructureon November 16, 2022 at 10:50 pm
Our country externally is safe and I think the huge investment the previous administration has made in the intelligence infrastructure is really helping," Duale said on Citizen TV. The CS added ...
The Latest Google Headlines on:
Intelligent Infrastructure
[google_news title=”” keyword=”Intelligent Infrastructure” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
[/vc_column_text]
The Latest Bing News on:
Risks of Intelligent Infrastructure
- NACo Adds Risk Ratings Tool to Its Community Portalon November 28, 2022 at 10:39 am
After piloting SecurityScorecard in 38 counties, NACo made the platform available through its Tech Xchange online portal, which provides technology infrastructure resources to county CIOs, IT ...
- 5 risks of AI and machine learning that modelops remediateson November 28, 2022 at 3:00 am
Modelops improves machine learning model development, testing, deployment, and monitoring. Follow these tips to keep model risks in check and increase the efficiency and usefulness of your ML ...
- Philippines urged to strengthen cybersecurity infrastructureon November 27, 2022 at 8:00 am
The Philippines must improve its cybersecurity resilience and infrastructure to address emerging digital threats that are becoming more complex over the years, according to tech giant Microsoft.
- Preparing your business for climate risk disclosure regulationson November 24, 2022 at 5:29 pm
These include emissions, climate-related risks and the steps the companies ... emissions and increase sustainability down the road. Intelligent Security Summit Learn the critical role of AI ...
- Strategy 'urgently needed' to address cybersecurity risks to oil and gas infrastructure: reporton November 23, 2022 at 10:19 am
"The Department of the Interior — which is responsible for overseeing the infrastructure — has taken few steps to address cybersecurity risk," says the Government Accountability Office.
- Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattackon November 23, 2022 at 9:02 am
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
- Report warns of urgent need to address cybersecurity in offshore oil and gas infrastructureon November 22, 2022 at 5:04 pm
A recent report from the U.S. Government Accountability Office warns that there’s an urgent need to address cybersecurity risks to offshore oil and gas infrastructure. The findings came after GAO was ...
- How AI Can Enhance Critical Infrastructure Securityon November 21, 2022 at 5:18 pm
As we celebrate Infrastructure Security Month, we explore how AI can enhance the monitoring of physical security systems and give back valuable time to infrastructure security professionals.
- CISA Seeks Information for Potential Cyber Threat Intelligence Platformon November 21, 2022 at 1:00 pm
The request will help the agency develop the platform to address current challenges related to cyber threat intelligence.
- Building IT Infrastructure Resilience For A Digitally Transformed Enterpriseon November 21, 2022 at 2:00 am
Some multinational organizations were ahead of the curve in accelerating digital transformation resiliently, but it wasn't until 2020 and the pandemic that businesses of every size started optimizing ...
The Latest Google Headlines on:
Risks of Intelligent Infrastructure
[google_news title=”” keyword=”Risks of Intelligent Infrastructure” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
