English: SCADA HMI software operator interface (Photo credit: Wikipedia)
In 1999 a technology manager called Kevin Ashton coined the phrase “The Internet of Things”.
It was to convey the fact that not everything connected to the Internet generates data via humans tapping on keyboards. Today, these “things” now include elements of our critical national infrastructure via what are called SCADA (Supervisory Control And Data Acquisition) systems or ICS (Industrial Control Systems). Unfortunately, these systems can be just as vulnerable to attack as our laptops.
Security through obscurity has helped to protect these systems until recently as they are not obvious to regular Internet users. However, there is no longer anywhere to hide. Many know that search engines such as Google, if queried in using “advanced operators”, can reveal exposed equipment. This became even simpler with search engines such as Shodan which are specifically to help locate exposed webcams, routers, etc but which can just as easily reveal SCADA systems.
Lack of direct connection to the Internet is no guarantee of security either. More often than not, unprotected control systems can be reached indirectly using the “swivel chair interface” where a human can be convinced to transfer something from the Internet to automated systems, or vice versa.
In 2010 we saw how even the most secure “air gap” can be breached when the Iranian nuclear reprocessing plant at Natanz was infected with the Stuxnet virus. This appears to have been achieved when an operator plugged in an infected USB stick to an isolated PC that was used to communicate with the embedded computers that controlled and reported upon the centrifuges producing enriched uranium. The Stuxnet virus simultaneously caused the centrifuges to malfunction whilst reporting that all was well to the operators. Leave a USB stick lying around with what looks like a free game, and you’d be surprised how many users will plug it into the nearest computer.
Since this incident there has been a growing realisation that various elements of a critical national infrastructure are similarly vulnerable. They use similar, if not identical, embedded computer systems as were used at Natanz. The initial thought was one of defending the realm against foreign aggressors. After all, it was an obvious way to cripple a country without firing a physical shot. Why launch missiles if you can switch out the lights and turn off the water. It’s cheaper too. So much so that this form of attack has become a great leveller, allowing small nations to potentially punch well above their weight.
For a while there were detractors who have said that this type of threat is nonsense, and that it simply could not happen. However, tests were already being conducted at research institutes such as the Idaho national laboratories (known as Aurora) by the time Stuxnet was released. Such tests showed that access to these SCADA systems could not only turn off equipment that we all rely upon but it could cause the equipment to self-destruct.
Hence, embedded computing needs to be kept updated and have protection just as much as the computers with which we are all more familiar. Unfortunately, keeping embedded computers updated can be problematic. Perversely, although they may be vulnerable to remote attacks, updating their software (known as firmware if it cannot be accessed routinely by a remote computer) can require visits to the physical devices. This takes time and effort, and when coupled with a history of complacency about their risk of attack, many systems remain vulnerable for significant periods after a vulnerability is reported.
The Latest Bing News on:
Intelligent Infrastructure
- Electric Vehicle (EV) Charging Infrastructure Market Likely to Boost Future Growth by 2026 : Tesla Motors, Schneider Electric, ABB, Siemenson March 2, 2021 at 12:38 pm
Charging Infrastructure - Market Analysis, Trends, and Forecasts 2020-2026" Study has been added to HTF MI offering. The ...
- US Intelligence Report Leaves Saudi Arabia with No Good Geopolitical Choiceson March 2, 2021 at 8:21 am
A demonstrator holds picture of journalist Jamal Khashoggi during a protest in front of Saudi Arabia’s consulate in Istanbul, Turkey, ...
- AI and 3D: A New Era of Geospatial Intelligenceon March 2, 2021 at 6:01 am
In this special guest feature, San Gunawardana, Co-founder and CEO of Enview, discusses the marrying of AI and mapping, and why the two matter for the future of national security, disasters, ...
- Intelligent Transportation Systems Market Up-to-date Industry Data on the Actual Market Situation, Trends, and Future Outlook 2025on March 2, 2021 at 1:50 am
Mar 02, 2021 (The Expresswire) -- "Final Report will add the analysis of the impact of COVID-19 on this industry" Global “Intelligent Transportation ...
- Wireless Infrastructure Market : 2021-2030 Projection Comprehensive Research and Predictive Business Strategies | Qualcomm Technologies, Incon March 2, 2021 at 12:51 am
A consciously conceived and designed business intelligence report titled Global Wireless Infrastructure market 2021 by Manufacturers, Type, and Application, Forecast to 2030 by MarketResearch.biz ...
- Baidu and Huaneng Collaborate to Create an Intelligent Energy Futureon March 1, 2021 at 2:14 am
Baidu and China Huaneng Group Co., Ltd. recently signed a memorandum of understanding aimed at driving the intelligent transformation of the energy industry. Additionally, the partnership will strive ...
- Infrastructure Investor Awards 2020: Innovator of the Yearon March 1, 2021 at 12:00 am
The winner of our first Innovator of the Year award launched an infratech-focused strategy and used technology to optimise its existing assets' performance.
- Logically launches the most advanced Threat Intelligence platform to identify and combat misinformation and disinformation at scaleon February 28, 2021 at 9:33 pm
In today technology news, we covered about the Logically launches the most advanced Threat Intelligence platform to identify and combat misinformation and disinformation at scale ...
- The AI Infrastructure Alliance Launches With 25 Members to Create the Canonical Stack for Artificial Intelligence Projectson February 24, 2021 at 9:42 am
About the Artificial Intelligence Infrastructure Alliance The Artificial Intelligence Infrastructure Alliance (AIIA) is a consortium of leading artificial intelligence startups with a mission to ...
- DDN Global Leader in Intelligent Infrastructure and Technology Announces Record Breaking Revenue of $400 Million in 2020on February 24, 2021 at 12:36 am
DDN®, the global leader in artificial intelligence (AI) and multicloud data management solutions, today announced record-breaking annual revenue of $400 million and its highest ever profitability in ...
The Latest Google Headlines on:
Intelligent Infrastructure
[/vc_column_text]
The Latest Bing News on:
Risks of Intelligent Infrastructure
- Cyber threats from China: Experts demand healthcare facilities be declared critical infrastructureon March 2, 2021 at 7:00 am
Threats posed by China-based hackers to healthcare facilities at a time when the COVID-19 vaccine rollout has begun has put cyber intelligence agencies on alert. A Singapore-based cyber intelligence ...
- AI and 3D: A New Era of Geospatial Intelligenceon March 2, 2021 at 6:01 am
In this special guest feature, San Gunawardana, Co-founder and CEO of Enview, discusses the marrying of AI and mapping, and why the two matter for the future of national security, disasters, ...
- Criterion Systems, Inc. Acquires Realm Consulting, Inc., Launches Intelligence Solutions Business Uniton March 2, 2021 at 5:00 am
Criterion Systems, Inc. (Criterion) announced today it has acquired Realm Consulting, Inc., (Realm) a subcontractor for the Intelligence Community providing services in software development, network ...
- Wireless Infrastructure Market : 2021-2030 Projection Comprehensive Research and Predictive Business Strategies | Qualcomm Technologies, Incon March 2, 2021 at 12:51 am
A consciously conceived and designed business intelligence report titled Global Wireless Infrastructure market 2021 by Manufacturers, Type, and Application, Forecast to 2030 by MarketResearch.biz ...
- LevelUP, SecZetta, and RiskRecon Announce New Total TPRM Offering in Third-Party Risk Managementon February 24, 2021 at 5:26 am
NEW YORK, NY / ACCESSWIRE / February 24, 2021 / LevelUP Consulting Group, a leading provider of professional services for managing risk, today announced a new Total Third-Party Risk Management (Total ...
- Former CISA Director Chris Krebs Discusses Risk Management & Threat Intelon February 23, 2021 at 3:00 pm
Also on Krebs' radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.
- To Reduce Risk, Build Trust, in Developing Countries and the U.S.on February 23, 2021 at 10:14 am
Mena Cammett ’12 of the World Bank says that the tools used to analyze risk in emerging markets are increasingly relevant to the United States. To mitigate vulnerabilities, build trust.
- The 20 Coolest Risk, Threat Intelligence And SIEM Companies Of 2021: The Security 100on February 23, 2021 at 7:12 am
From protecting assets and quantifying risk to automating security operations to maximizing existing security investments, here’s a look at everything the 20 coolest risk, threat intelligence and SIEM ...
- DHS Announces Seven R&D Awards to Help Secure Nation’s Mobile Network Infrastructureon February 22, 2021 at 12:20 pm
Science and Technology Directorate (S&T) and the Cybersecurity and Infrastructure Security Agency (CISA) are jointly announcing the inaugural research and development (R&D) awards for the ...
- Nozomi Networks Labs Report: Cyber Risk to Critical and Industrial Infrastructure Reaches All-Time Highon February 17, 2021 at 4:00 pm
Software Supply Chain Threats and Persistent Ransomware Attacks Raise the Stakes for Enterprise Cybersecurity A new report from Nozomi Networks Labs finds cyber threats to industrial and critical ...
