Demo it in Atlanta
I'm sure the folks in Fulton county would love it. Imagine opening all of the doors and letting the armed (firearms) inmates free.
Hard on the heels of warnings that critical systems in America are vulnerable to Stuxnet-style attacks, a group of security researchers says SCADA systems and PLCs make prisons vulnerable to computer-based attacks. In a white paper published here, Teague Newman, Tiffany Rad and John Strauchs say the use of PLCs (programmable …
.... America, the country with one of the world's largest prison populations per capita, helped to develop oneof the most virulent computer worms. A worm which has just made security in all those prisons redundant...
I wonder if that potentiality was included in the NSA collateral damage assessment report prior to them giving approval for release of StuxNet into the, (Iranian), wild?
I've been known to troubleshoot PLC-based SCADA with a simple lightbulb ... and manipulate the data with a AAA cell and a couple bare wires.
If prisons are using these things on Internet[1] connected systems, or worse in places where the inmates have physical access to the wiring ... Well, all I can say is that the inmates are already running the asylum. Which kinda seems to fit the facts in evidence ...
[1] No SCADA system should EVER be connected to systems outside the control of the administrators of said SCADA system ... And I include SneakerNet[tm] in that comment, for the pedants in the audience ...
Interesting. I work in a prison and we have that. We have had inmates get the wires out from inside their cell and get their cell door open. If you don't have physical security for your control systems then you don't have security. I don't see, however, how any inmate would be able to get to the control systems without gaining access sufficient to open doors by merely pushing the buttons.
I'm afraid to say more here but what the article discussed is a concern in other ways.
"If you don't have physical security for your control systems then you don't have security."
It's the little things. Household alarm boxes tend to have a microswitch wired to the cover to trigger the alarm if someone takes off the lid.
But how many "Professional" alarm systems put something like that on all the *junction* boxes?
If you have a lot of people with lots of people with time on their hands and a *real* interest in breaking the system (IOW the prison population) you'd better plan for defense in depth.
Anyone putting SCADA on a public network is an idiot.
SCADA etc should be running over VPN, ssh or whatever.
But are prison security systems really built with over-the-counter PLCs? I'd have expected them to be controlled by access control systems.
It might just be enough disrupt comms or power to the security system. By default many access control systems automatically open the doors as soon as comms is lost. This is a safety feature to prevent people being locked in during a fire or whatever.
"But are prison security systems really built with over-the-counter PLCs? I'd have expected them to be controlled by access control systems."
What did you think these "Access control systems" *are* built out of?
Custom CPU boards?
Custom PLCs?
These companies are *primarily* systems integrators of pre built hardware. The ability to do this *properly* is a significant skill but as always if someone can identify the hardware used they'll be a manual for it somewhere.
you're an idiot.
Keys. A fixed number of complicated keys, kept out of the view[1] of the prisoners, numbered and accounted for.
This way you either have to copy a key, requiring sight of the key head for a useful length of time or you have to take it. The latter generally involving the prison officer at the other end of the keychain getting a bit upset, and vouchsafing his views on the matter in some depth.
[1] the BBC did one of it's occasional documentaries on the prison system once upon a time. They were told, categorically, that they mustn't show any of the keys in the programme. What did they have on the opening shot?
You think changing the lock on the front door can be pricey, I understand that that little cock up cost the beeb some £500k.
Mines the one with some putty and a file in the secret pocket...
- Key systems don't necessarily scale nicely.
- Key systems required a greater degree of trust in keyholders.
- Key systems allow local security bypasses if a key is stolen.
- Key systems do not support some kind of 'emergency lockdown'; keyholders must be physically present at a door to seal it.
There's nothing inherently wrong with a PLC-based electronic door system, so long as it was sensibly implemented.
There's also nothing wrong with combining the two approaches...
But one could (reasonably) argue that if your prison is so large that a key based system no longer scales, then it's probably too large. My big complaint, vis a vis a push button prison, is that the interaction with the staff is part and parcel of the rehabilitation process - take the officers out and you're just warehousing people.
The trust issue is always going to be difficult, whether you're pushing buttons or turning keys. Clearly, the only solution is the panopticon!
1. You assume that the system hasn't been installed in such a way as to make identifying devices straightfoward.
2. You assume that the plans for the system cannot be obtained by a malicious third party.
Somebody has to know that button A is connected to solenoid B. Between corruption, theft, carelessness and social engineering, are you sure that information will never get out?
Eh?
You first want source code for what is (in essence) a wiring diagram, and then claim you're used to older installs where nobody knows what wire goes where?
If you can't walk into a manufacturing (or prison) floor and instantly understand what all the installed bits of conduit are for[1], AND know how to easily trace what goes where, and why, you are way over your head in this conversation.
[1] H20, black water, various gasses, HVAC, treacle, grease, oil, hydraulic fluid, vacuum, high & low voltage in both DC and various forms of AC, data, voice ... Need I go on?
...every solenoid, sensor, etc will have little grey wires connected to it that feed via black sheathed multicores filling big zinc cable trays back to a panel full of little grey wires. Nothing to do with the colour of the pipes that they control. Ok, you might have blue wires for I.S. areas. But they are essentially the same.
If you are so great at tracing wires, there are a few sites I'd love to send you to where they have run new wiring on top of old as they are not sure what cable run ends where.