The NY Times reports a cyber attack on a gas pipeline. They note:
People familiar with the investigation said the early indications were that it was a ransomware attack, and that the events had been unfolding for several days. The company has hired the private cybersecurity firm FireEye, which responded to the hacking of Sony Pictures Entertainment, energy facility breaches in the Middle East and many federal government incidents. The company appears to have brought down activity on the pipeline on Friday to prevent the hackers from inflicting more damage. But that left open the question of whether the attackers themselves now have the ability to directly turn the pipelines on or off, or trigger operations that could cause an accident.
The problem occurs when you run your control network open to your employees who are playing on the Internet. First SCADA networks should be compartmentalized. The should be secure and separate and NOT accessible via an IP network. Second, the employees terminals must only be allowed to work on the secure net and again have no access outside. It is akin to the old "Red and Black" environments in Intel networks.
But the problem is sloppy controls, policies and procedures. The network should be such that employees should be told and monitored and with one violation they must be terminated immediately. Secure nets are as secure as the people who run them.
Posts
