These days, anyone who has e-mail has probably received a phishing message at one time or another. Thinly disguised to try and trick you into divulging credit card details or other personal banking information, they are a constant reminder that the issue of cyber security is not one that should be taken lightly. However, until recently, it was not considered a serious threat to the health of industrial automation networks or the global operations of energy and petrochemical companies.
Enter the Stuxnet worm
A New York Times report suggests that the Stuxnet code was designed with a single purpose in mind – to subvert the PLCs that control the centrifuges critical to the uranium enrichment process. The report then puts forward the idea that this was not the work of a lone psychotic hacker or even a high-tech organised crime syndicate, but rather, the work of a nation (or nations) that stood to benefit from a disruption to the nuclear development programme in Iran.
Spread over the corporate network, the code is designed to seek out a specific industrial control configuration and then reprogram the PLCs to give the attached machinery a new set of instructions. Research by cyber security firm Symantec indicates that the idea was to disrupt the PLCs and frequency controllers used to regulate the speed of the centrifuge motors at the enrichment plant in Iran. In particular, Symantec said, it was designed to target those operating at frequencies between 807 and 1210 Hz, the typical range used for control in this type of application. It knew exactly what it was looking for, and, as an added sophistication, the code recorded what normal operation looked like and then ‘played’ these readings back to the operators while the centrifuges spun out of control and tore themselves to pieces.
Jim Pinto makes an interesting point in his e-newsletter of 28 January. He says that an Israeli intelligence agency, as well as Hillary Clinton, announced separately that they believed the incident had set Iran’s nuclear efforts back by several years.
Night Dragon – new-age industrial espionage
No sooner had I come to terms with the realisation that there is now pre-emptive ‘first-strike’ cyber capability out there, than I became aware that industrial espionage has not been slow to elevate itself to a similar level.
From an article that appeared on Automation World: “Cyber espionage hit the headlines recently with reports of a series of hacker attacks – dubbed Night Dragon – aimed at major global energy players. The sophistication is significantly lower than that of the notorious Stuxnet worm, but the Night Dragon attacks, believed to be largely the work of Chinese hackers, have nonetheless been successful in achieving their apparent objective – that of intellectual property theft from global oil and gas, energy and petrochemical companies.”
According to a McAfee report a series of coordinated covert and targeted cyber attacks have been conducted against global oil, energy and petrochemical companies since November 2009. These have involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, and the use of remote administration tools (RATs) to harvest sensitive proprietary operational and financial information relating to oil and gasfield bids and operations. In certain cases, the attackers were even able to reach down to a level where they could access and collect data from the companies’ scada systems.
The report goes on to say that in 2010 we entered a new decade in the world of cyber security that is setting up to be an exponential inflection point. Today’s hackers are leveraging productised toolkits that enable them to develop more sophisticated malware in a much shorter ‘time to market’ frame. Having matured from the previous decade, they look set to release the most insidious and persistent cyber threats ever known.
Along with contributing editor Andrew Ashton, I have been following these and other such stories with interest. While we both believe that South Africa probably is not under immediate threat of a pre-emptive cyber strike to any of its automation networks, the threat to sensitive company information is ever-present and should not be ignored, particularly if the attackers can infiltrate down to the level of the scada and PLC. Over the next few months we will be investigating the magnitude of these types of threat in a local industrial automation context – keep an eye on this space.
Process Expo 2011 show dates have changed
Due to a clash with the local government municipal elections on 18 May, Process Expo 2011 has been rescheduled for 24-26 May. The venue is still Nasrec (see “Urgent: Dates change for Process Expo 2011”).
Training is getting a higher profile this year, for the first time the Expo incorporates the Process Training Academy that will offer visitors 90 cutting-edge, industry specific workshops over the three show days. To register for training or as a visitor, please visit www.process-expo.co.za and complete your details. Entrance and training are both free of charge and the training schedule can be viewed at http://instrumentation.co.za/papers/training.xlsx.
Steven Meyer
Editor: SA Instrumentation & Control
| Tel: | +27 11 543 5800 |
| Email: | [email protected] |
| www: | www.technews.co.za |
| Articles: | More information and articles about Technews Publishing |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version