Difference between revisions of "The issue of critical systems coming online"

From ScenarioThinking
Jump to navigation Jump to search
Line 1: Line 1:
-Zoran Milkovski
-Zoran Milkovski
==Description:==
==Description:==
The issue of should we or should we not have systems such as electrical power grids, nuclear power plants, water distribution systems and even military systems such as the notorious SCADA systems online, is being present for a long time. The U.S power grid for example, is worth billions of dollars of electrical lines, switching stations and generators. That alone makes it a target for even teenage hackers, and we’re not even mentioning the terrorist, enemy governmental organizations and alike. If this sort of a system is online, than its an attractive target. Just as in conventional military strategy, natural resources refining and distribution facilities such as electrical power, water system, oil and gas and nuclear reactors are considered as legitimate military targets during wartime and therefore, are under direct defense from the military. This however, is only partially true in the cyberspace. Although an cyber attack on this systems will probably have a severe consequences in the real world, its network traffic maintenance and supervision is rarely done by the government or military, and yet they are still high priority target to attackers regardless of motivation.
Granted, cyber war that will aim to bring such system offline would probably used only in case of a preceding of real physical attack. Nevertheless, even though such cyber attack will be anticipated, depending on a time frame, which is usually short in case of war, one cannot be 100% certain that these systems that are of benefit for both various defense mechanisms as well as general public will be bulletproof. It is more likely for one to predict that a cyber attack would target those systems in order to bring them offline and probably strategically disrupt the functionality of the country.


==Enablers:==
==Enablers:==

Revision as of 02:01, 19 May 2008

-Zoran Milkovski

Description:

The issue of should we or should we not have systems such as electrical power grids, nuclear power plants, water distribution systems and even military systems such as the notorious SCADA systems online, is being present for a long time. The U.S power grid for example, is worth billions of dollars of electrical lines, switching stations and generators. That alone makes it a target for even teenage hackers, and we’re not even mentioning the terrorist, enemy governmental organizations and alike. If this sort of a system is online, than its an attractive target. Just as in conventional military strategy, natural resources refining and distribution facilities such as electrical power, water system, oil and gas and nuclear reactors are considered as legitimate military targets during wartime and therefore, are under direct defense from the military. This however, is only partially true in the cyberspace. Although an cyber attack on this systems will probably have a severe consequences in the real world, its network traffic maintenance and supervision is rarely done by the government or military, and yet they are still high priority target to attackers regardless of motivation. Granted, cyber war that will aim to bring such system offline would probably used only in case of a preceding of real physical attack. Nevertheless, even though such cyber attack will be anticipated, depending on a time frame, which is usually short in case of war, one cannot be 100% certain that these systems that are of benefit for both various defense mechanisms as well as general public will be bulletproof. It is more likely for one to predict that a cyber attack would target those systems in order to bring them offline and probably strategically disrupt the functionality of the country.

Enablers:

  1. Technological advancement in remote access for distribution and monitoring of resources
  2. Cost efficiency in online systems

Inhibitors:

  1. VPN, Intranet solutions
  2. Isolation of critical systems
  3. Exploit – Patch ratio equality
  4. Advanced designs to withstand serious damage

Web Links:

The web links provided below are case studies developed for companies in the power and water distribution, recent decisions for advancement that led to exposing critical control systems to remote access:

- DONG Energy: Making the most of the intelligent electrical grid.
- http://www-01.ibm.com/software/success/cssdb.nsf/cs/CSDY-78WUDJ?OpenDocument&Site=gicss67eu&cty=en_us

- Hydro Ottawa: Outsourced billing system allows tighter focus on core competencies and customer service.
- http://www-01.ibm.com/software/success/cssdb.nsf/CS/JSTS-6K9TFC?OpenDocument&Site=gicss67eu&cty=en_us

- Russian power company rolls out IBM Maximo Asset Management software to reduce cost per kilowatt-hour of energy produced.
- http://www-01.ibm.com/software/success/cssdb.nsf/CS/LWIS-7BCU8M?OpenDocument&Site=gicss67eu&cty=en_us

- Shipcom uses IBM WebSphere Application Server to bring the benefits of a full enterprise solution to oil and gas rigs and other remote sites.
- http://www-01.ibm.com/software/success/cssdb.nsf/CS/JKIN-7CETN6?OpenDocument&Site=gicss67eu&cty=en_us

Other Web Links:
http://www.memagazine.org/backissues/membersonly/dec02/features/scadavs/scadavs.html
http://www.hhs.gov/disasters/press/newsroom/leadersguide/freo_appendixd.pdf
http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf

Retrieved from "https://www.scenariothinking.org/index.php?title=The_issue_of_critical_systems_coming_online&oldid=24767"