Mandiant to probe gaps in rusty unpatchable utility systems Mandiant has launched a managed gap assessment for industrial control systems (ICS) it says will help administrators deal with temperamental systems. It was a "light touch" for legacy or leviathan systems that could fall over in the event of tinkering or patching. Mandiant SCADA bod Dan Scali said the system was geared to …
Scali said hacking attempts against ICS or SCADA systems was less common that run-of-the-mill enterprise popping and differed mainly in attacker intent.He said the intent of hacking ICS could be to "destroy" rather than steal, and posited that attackers may have quietly infiltrated critical infrastructure systems and maintained a foothold, perhaps to begin causing damage only in the event of kinetic warfare between states.
"Are these attackers in there already and they're just undetected?”
Yes, they are already in there and undetected and undetectable, and rather than waste any sysadmin time and ignorant mechanical human effort on worthless speculative FUD navel-gazing with a “could be to "destroy" rather than steal, and posited that attackers may have quietly infiltrated critical infrastructure systems and maintained a foothold, perhaps to begin causing damage only in the event of kinetic warfare between states.” are there to exercise a monitoring and mentoring of an absolutely fabulous command and remote virtual control takeover of leading intelligence power and nervous energy systems …… and that suggests a novel application of an effective successful neuroweapons systems against which there is no known and available defence or attack mechanism.
An ultimate weapons system protecting itself from discovery and reverse engineering with its continual reinvention and improvement as a penultimate tool for virtual realisation of the Total Information Awareness Meme for Genuine Drivering in Live Operational Virtual Environments.
The solution IT offers remorselessly and targets relentlessly is the PEBCAK and media chunnels/covert and clandestine communications channels which chatter and capture mainstreaming media attention and interest with full intent of reprogramming mainstream media direction/projected future administration.
You may like to consider that only failed or failing multi billion dollar companies tout a successfully disruptive and revolutionary competitor advantage as a hacking attempt against ICS or SCADA systems.
Oh, and just love the wry, dry [Dear SCADA haters,] humour, theodore. :-)
* A Black Watch Venture in a Dark Web Enterprise for Global Operating Devices? I Kid U Not? And priceless, so don't ask if not holding any folding for pimping and priming premium present novel noble content supply.
[Hmmmm? ...... You're already fucked - El Reg is just a honey trap front end for GCHQ. Do you really think so, Cliff? How very convenient.]
Methinks that Mandiant are talking out of their nether regions. All of the older systems I have seen are stand alone with no connection to a network at all and even if you have physical access you would have a hell of a lot of typing to do to input your malware - no usb, CD, etc.
Since this if from the company that sees 'reds under the bed' all the time I think a good shovel full of salt is required with each of their statements.
I think they have a fairly narrow target in mind - oil and gas, electric utilities, etc. These tend to be networked so they can be monitored from central control rooms. They're also networked to the business systems so that there is real time response to customer demand, which has gotten a lot more complicated in terms of pricing and supplying selected blocks of demand.
From what I understand, the main threat tends to come in from the business side, where the salesmen and bean counters will click on anything.
A few years ago some of the major American electric utilities were talking to the SCADA vendors and trying to get them to take more responsibility for security. The vendors wanted nothing to do with it, saying that they just supplied some software, not a complete working system.
There's nothing magic about SCADA systems. The "industrial" side has very little to do with the real world security problems. Most modern SCADA systems run on MS-Windows, and the most common database is MS-SQL Server (Microsoft inherited most of those relationships from Sybase). SCADA threats are basically just bog standard Windows viruses with a customized payload.
A SCADA system is really just a GUI front end and data logging system. They are then networked to the actual industrial controls via some specialized protocol, usually a proprietary one. The way the industrial equipment would actually be affected is simply by the virus payload pretending to be the operator and then doing something like telling the machine to shut down.
The main problem with trying to secure SCADA systems is that they tend to be installed and then run for the next 15 years without any upgrades. Most of the big SCADA vendors drank the Microsoft kool-aid back in the 1990s and early 2000s, and everything is built around MS Windows, and associated things like COM/DCOM. Anything that affects those can have a field day in a SCADA system.
Most factories though don't use SCADA systems. There's just no use for them. They're used in certain specialized industries where everything has to work very tightly together in a coordinated fashion. Normal manufacturing though tends to be a lot more asynchronous and the individual machines aren't networked to anything and the only MS Windows you see on a lot of shop floors are in the PCs used to consult the ERP system about what product to make next and to print the shipping labels.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
