Seeing peril — and safety — in a world of connected machines

Industrial malware has captured the imagination of the tech industry, but efforts by security researchers are promising.

I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.

It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.

Vendors counter that the perfect alignments of open doors that security researchers expose are extremely rare and require unusual skill and inside knowledge to exploit. And the most catastrophic visions — in which malicious code shuts down and severely damages a large city’s water system or an entire electrical grid — assume in many cases a level of interconnection that’s still theoretical.

In any case, industrial security appears to be advancing quickly. Security firms are able to make particularly effective use of anomaly detection and other machine-learning-based approaches to uncover malicious efforts, since industrial processes tend to be highly regular and information flows tightly prescribed. These approaches will continue to improve as the networks that feed information back to analytical layers become more sophisticated and computing power makes its way deeper into industrial systems.

The efforts of industrial security researchers seem to be paying off. In his keynote talk, Digital Bond founder Dale Peterson noted that the exposure of new vulnerabilities has slowed recently and wondered whether security might be subject to something of apredator-prey cycle, in which weak defenses in industrial controls attract hackers, which draws the attention of security researchers, who in turn drive away the hackers by closing vulnerabilities.

If that’s the case, then we’re looking at a gradual victory for the industrial Internet — as long as we don’t reach the last phase of the predator-prey cycle, in which security researchers, feeling they’ve vanquished their enemies, move on to a different challenge.


This is a post in our industrial Internet series, an ongoing exploration of big machines and big data. The series is produced as part of a collaboration between O’Reilly and GE.

tags: , , , , ,

Get the O’Reilly IoT Newsletter

Software / Hardware / Everywhere

The programmable world is creating disruptive innovation as profound as the Internet itself. Be among the first to learn about the latest news, trends, and opportunities.

  • Rick Bullotta

    Given the lack of security in so many legacy systems in the industrial environment, the only safe approach is often the “air gap”. So many of the HMI/SCADA systems are built on wire protocols that are easily compromised.

    • http://twitter.com/JonBruner Jon Bruner

      You’re absolutely right–the air gap is, in theory, the most secure approach. But it’s also such an impediment to productivity, and so frustrating to managers and employees, that it’s often circumvented in ways that are more dangerous than a carefully-managed connection would have been in the first place.

      How common are true air gaps, in which sneakernets are the only way to transfer information from an Internet-connected system to an industrial network?

  • Arwhite2013

    Jon,

    The first paragraph in your article insinuated that Israel is either a Cyber Criminal or a hostile Government. Everyone knows that Iran wants to obliterate Israel of the earth, and has said so many, many times. Everyone, even you, even Israel, has a right to defend their lives.

    Wake up Jon. Don’t be a willing dupe.

    Anita

    • http://twitter.com/JonBruner Jon Bruner

      I think you read that sentence too hastily–I wrote that “Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments.”

      Stuxnet was the first case of industrial malware that got broad publicity, and it brought about a wide public debate on software vulnerabilities in public infrastructure and industrial systems. In other words, people realized that these systems are vulnerable, and started to think of the fallout from exploitation by cyber criminals and hostile governments.

  • Arwhite2013

    Also, Jon, there are many hackers that hack for the challenge, but do not mean harm except to expose weaknesses to a Company. It is an arms race indeed. The more informed we are of Cyber Security, from a personal point of view, to a Government, the better off we all are.
    The educational system in America stinks! Shame on those selfish bastards in charge of our young ones! All “they” want to do is indoctrinate our children instead of giving them good skills to succeed in life, as well as encouraging them to be entrepreneurial souls!
    You obviously, Jon, have been indoctrinated, considering your comment of Israel….