June 28, 2012 6:37 AM
The sophisticated computer worm that sabotaged Iran's nuclear program is now out there, its idea and methods exposed to terrorists or rogue nations who could use them to create their own cyberweapon. Watch Steve Kroft's report on Sunday, July 1 at 7 p.m. ET/PT.
60 Minutes Overtime is a weekly web show that begins where the weekly television broadcast ends
MJ's "manifesto," penned in 1979
May 19, 2013
Backstage at Cirque du Soleil show "Immortal"
May 19, 2013
Becoming human: Shin's new life
May 19, 2013
Big changes for the 2012-2013 season! Watch the current week's episode for FREE up to a week after it airs or subscribe for access to all shows, classic episodes and more!
The US Military's classification of their networks into Unclassified and Classified lays the foundation for security and public access for their users. The total isolation of their secure networks from the public's internet provides the first line of defense. No Secure system the US military is connected in any way to the public internet. No secure computer on that net may have a non-secure USB device or any other unsecured device from the outside world attached to it (that means privately owned devices. Maintaining that 100% isolation is their first line of defense. I think it's a great idea that provides a model for our infrastructure systems to look at mirroring.
The sheer number of PLC's that are present in all the control systems spread throughout all the US industries, including public works, transportation systems, etc., are too large to attempt to firewall by replacing them with write once memory. I think a better, more secure and monitor-able system of security for public infrastructure (to include Police and Fire Departments) would be to create a third, secure infrastructure only network modeled after the US military's secure network.
That would basically give the US three very large networks, 2 secure and 1 insecure.
1. US Military Secure Network.
2. Public Internet (the world wide web one everyone uses)
3. US Secure Infrastructure network.
All Infrastructure designated systems in the US would be hard disconnected and at no point be accessible from the regular internet.
Security procedures for all devices, plants, communication, monitoring, etc for the infrastructure network would be modeled after the US military's secure net. I.E. no personal computers, no USB's nothing from the outside world touches it.
Within that framework you also firewall and segment all the various entities from each other.
Finally all public critical systems on the infrastructure network that require backups- (police, fire department, etc, water, power, food and transportation) should have network free, secondary control systems that allow manual over-rides that would allow quick fall back in the event of a network driven incident. These manual-human control systems cannot be changed via the outside world or a network and are even more isolated that the secure network primary systems. Those secondary systems would be good candidates for the write once PLC's described by morrisward.
Just some thoughts.
Here is the background for a question to ask Ralph Langner on March 4th. Langner has explained Stuxnet a hundred times, but never has explained the mechanism of the Stuxnet malware attack. Either he does not know the explanation, or he fears to state the explanation:
The central heart of every industrial control system (ICS) is the module termed "programmable logic computer," or PLC. The PLC has a programmable memory. However, the memory of the PLC is "write-always," i.e., vulnerable to rewriting by "bad guys."
ICSs were initiated in automobile production lines in 1959, where the memories of the PLCs were changed only for car model year changes, e.g., 3 years. Now, with corporate management of ICSs achieved through the corporation's network connectivity, the bad guys will find a path through the connectivity to the write-always memories of the PLCs. The advantage for fast change is afforded by write-always memories, they can be reprogrammed "on the fly." In today's milieu, it is also malware that will reprogram the memories "on the fly."
The alternative type of memory is "write-once." Write-once is exemplified by music CDs and movie DVDs that are used around the world; these are storage media than cannot be rewritten. If a PLC were fitted with a write-once memory, malware would be blocked from reprogramming an already-programmed memory.
Summary of the systems:
1. ICS is a control system, controlling large electromechanical systems
2. A network is exemplified by the internet; information is stored, and made retrievable.
In mid-2010, Stuxnet malware reprogrammed the memories of the PLCs of the ICS of the Natanz nuclear enhancement plant in Iran, causing the destruction of 1,000 centrifuges. Symantec published on the web a report on Stuxnet entitled "Stuxnet Dossier." Studying that report, we uncovered the underlying problem and patented, as here can be concisely expressed, "write-once, monitored memory." Basically, the attendant installs the specific preprogrammed write-once memory into the specific PLC, and the control room monitors the specificity of memory.
Example from a major vendor of ICS equipment
DHS has a team in Idaho that publishes "ICS-ALERT." Schneider Electric is a major ICS equipment vendor. ICS-ALERT-346-01 references a Schneider vulnerability notice, and in that notice there is this admission about Schneider's write-always PLC memories:
"....allowing remote attackers to.....modify the memory of the module and execute arbitrary code."
Sincerely,
Alan Morris, P.E.
Morris and Ward
Consulting Engineers
The concept of a terrorist organization recruiting computer scientists capable of building a virus as powerful as Stuxnet is laughable. It's comparable to a terrorist organization/rogue nation from shortly after WW2 recruiting nuclear scientists to build a nuclear bomb. This program was the cohesive effort of a highly-funded group of the best hackers/programmers the world has to offer. Perhaps China, Japan, Russia, England, or a select few other European countries could do what the US and/or Israel has done with Stuxnet, but certainly not a rogue nation.
Even IF a rogue nation could somehow develop a virus comparable to Stuxnet, security procedures in US plants are far more secure. It is believed that Stuxnet made its way to computers in Iranian plants through USB flash drives that employees had brought home and connected to their own personal computers which were infected with Stuxnet from the Internet. This would never happen in a US plant. A terrorist/rogue nation might, perhaps, attack less secure systems, like those of many major American corporations, but all of the governmental systems that we depend upon to survive are protected. No system is foolproof, but we have little to fear, in terms of cyberwarfare, from terrorists and rogue nations.