Hackers Targeting US Nuclear Power Plants, Report Finds (cnet.com) 91
For the past couple of months, hackers have breached the computer networks of companies that operate nuclear power facilities in the US, according to a new report from federal law enforcement officials. From a report: One of the companies targeted was the Wolf Creek Nuclear Operating Corporation, which operates a nuclear facility near Burlington, Kansas, according to a joint report issued last week by the FBI and Department of Homeland Security and described by The New York Times. The report carried an urgent amber warning, the second-highest rating for the severity of the threat, the Times reported. Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks "one of the most serious national security challenges we must confront."
Air Gap (Score:2)
Are the control systems at plants not isolated from the outside world?
If not, why not?
It seems obvious that they should be.
Re: (Score:2, Informative)
This is the advantage of the vintage of the U.S. nuclear fleet. The vast majority of the control systems, and just about all if not all safety-related control systems are electromechanical. There's nothing digital. You have to physically be there to screw with it. For those unfamiliar, the control logic doesn't use the fancy schmancy transistor, it uses electromechanical relays.
Plenty of plants have analog to digital converters that take process information for monitoring - even remotely, but these include
Re: (Score:2)
This is the advantage of the vintage of the U.S. nuclear fleet. The vast majority of the control systems, and just about all if not all safety-related control systems are electromechanical. There's nothing digital.
There are plenty of digital controls in nuclear plants. Yes, there is also a lot of older relay technology as well, but plants have been upgrading controls for quite some time. Critical safety systems are still mostly non-digital because of difficult licensing process for upgrade to digital, but that is also changing.
Re: (Score:2)
There are plenty of digital controls in nuclear plants. Yes, there is also a lot of older relay technology as well, but plants have been upgrading controls for quite some time. Critical safety systems are still mostly non-digital because of difficult licensing process for upgrade to digital, but that is also changing.
I don't know what you've been smoking, but when a friend of mine was involved in the group that attempted to send robots in to assess the damage in the Fukushima facility, all of the electronics in the robots kept dying.
This is because almost no electronics that aren't military -- and generally sourced from NSA-run chip foundries -- aren't radiation hardened.
The systems are electromechanical because they have to operate in the event of a large scale radiation leak.
While you are correct that there's a lot of
Re:Air Gap (Score:4, Informative)
http://www.westinghousenuclear... [westinghousenuclear.com]
Here is one on the Oconee Reactor Protection digital system, other plants are in the process of planning protection system digital upgrades;
http://www.power-eng.com/artic... [power-eng.com]
In addition, many US plants have installed digital control rod drive control systems. Once again, those controls are not located inside containment. You can walk right up to them, as most all controls, while the plant is running full power.
Re: (Score:2)
The control systems are loca
Re: Air Gap (Score:2)
Dumb question...
You say two of four. Why not three of four?
Re: (Score:2)
2 out of 4 control in this case means that the "safe" action should be initiated if 2 of the control systems issue a "safe" signal or no signal (e.g. due to a complete failure of a contr
Re: (Score:2)
I get it now, thanks!
That was only one of the vectors. (Score:2)
That was only one of the vectors.
You should really read the literature. They also used other vectors, and while they show a USB stick on the vector line, not all of them were via USB. Sometimes it came in loaded on Lexmark printers.
https://www2.cs.arizona.edu/~c... [arizona.edu]
Re: (Score:2)
Re:Air Gap (Score:5, Interesting)
Are the control systems at plants not isolated from the outside world?
If not, why not?
It seems obvious that they should be.
Yes, they are isolated. But articles like this tend to hint that plants are hacked when in reality only the corporate business lans are involved in the attacked, not the isolated control systems. But headlines aren't so exciting if they reflect reality.
Re: (Score:2)
when in reality only the corporate business lans are involved in the attacked,
This.
But headlines aren't so exciting if they reflect reality.
People don't read good news, they react to the sensational bad news. Good news is too boring and run of the mill. "Dog behaved, baby slept peacefully, traffic flowed at a good rate on the interstate..." doesn't get clicks. "Dog eats sleeping baby in the back of a car stuck in a ten hour traffic jam" is what people want to read about.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
“We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems -- and you can get into the control systems by hacking into the plant’s regular computer network -- then the basic security mechanisms you’d expect are simply not there.” - https://www.bloomberg.com/news... [bloomberg.com]
The fact that he said 'the plant's regular computer network' tells of his ignorance to the architectures of nuclear station control networkS (not one), and then the isolated controls as well. This guy has never set foot in a nuclear plant. Also, he should be specific about which 'basic security measure' he claim are not there, because there are in reality many basic security measure "there". That's easy stuff to say when you want attention, and quite vague to evade criticism.
Re: (Score:2)
The air gapped systems are at risk though. As we saw in Iran and in leaked documents from the NSA, there are ways to cross that air gap. Infected USB media, for example.
Re: (Score:2)
The air gapped systems are at risk though. As we saw in Iran and in leaked documents from the NSA, there are ways to cross that air gap. Infected USB media, for example.
Very true, which is why a full gamut of other controls are in place. Air gap alone is not sufficient, but it is a central piece to making intrusion extremely difficult.
Re: (Score:2)
Are the control systems at plants not isolated from the outside world?
Air Heads trump Air Gaps . . . the biggest threat to your computer system security is mechanical: "The loose nut behind the keyboard."
If not, why not?
Nothing can be made foolproof, because fools are so ingenious.
It seems obvious that they should be.
"Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error."
Re: (Score:3)
Are the control systems at plants not isolated from the outside world?
If not, why not?
It seems obvious that they should be.
From TFA (yeah, I know; too bad TFS didn't mention this small detail): "The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet," Wolf Creek spokeswoman Jenny Hageman said in a statement. "The plant continues to operate safely."
Re: (Score:1)
They are, as stated in the featured article.
Re: (Score:2)
Yes [nei.org], critical safety systems are air-gapped. In theory some of the operating data could be acquired, and I expect other systems outside of the reactor could be compromised and perhaps force an outage.
Re: (Score:3)
Headline says the power plants were targeted, summary says the companies were targeted.
The headline is BS. The Wolf Creek plant controls were not involved at all, just the corporate business network which is completely separate. The headline intentionally implies something that didn't happen.
Re: (Score:3)
Headline says the power plants were targeted, summary says the companies were targeted.
The headline is BS. The Wolf Creek plant controls were not involved at all, just the corporate business network which is completely separate. The headline intentionally implies something that didn't happen.
Taking headquarters out of the loop would be the best thing to happen to the plant, says this former operator.
Re: (Score:2)
Taking headquarters out of the loop would be the best thing to happen to the plant, says this former operator.
We're from fleet, and we're here to help.
Re: (Score:2)
Taking headquarters out of the loop would be the best thing to happen to the plant, says this former operator.
We're from fleet, and we're here to help.
And we're glad to have you. The two biggest lies in the Navy.
Re: (Score:2)
Does the malware care if its nuclear or what the social media or site was used to find the way in?
Its just like spam efforts that got a new list of emails that worked.
The malware wants to get deeper into any network that they get activated in.
Too much information is on the internet and too many random people are finding details online.
Malware follows social media or the
Who's up for Vodka? (Score:1)
This topic makes me thirsty. Who wants Vodka?
Re: (Score:2)
Re: (Score:2)
What if it were someone else's nuclear power plant?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
all children study physics and can discern that it would not be a good idea to interfere with a nuclear power plant.
All children who are brought up right know it is not ethical to interfere with anything belonging to other people, even if it is connected to the internet. Hackers of this kind don't care, they want the cred for doing the most damage they can. And a lot of people today seem to think that if it is connected to the internet then it is fair game for anything they can do to it.
Re: (Score:2)
The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an aging nuclear generating facility known as Wolf Creek -- owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. -- on a lake shore near Burlington, Kansas.
The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously
Re: (Score:2)
Who wants Vodka?
. . . and then the CIA guy answers, "Don't bother pouring a separate glass for me . . . I'll just take drinks out of the glasses of every one else . . . "
sensationalist garbage (Score:1)
"There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the government agencies said."
Zero Cool isn't fucking with the control rods of a reactor from his mom's basement. This is just another intrusion of an organization with poor security.
control rods just need some hitting Y on vent gas (Score:2)
control rods just need some hitting Y on vent gas all day long.
Re: (Score:2)
Venting prevents explosion.
Wup Wup! (Score:2)
Re: (Score:2)
Sorry. Not following. What is Semitic about attempting to hack reactor sites?
Ummm, me neither. Autocorrect does some strange things sometimes. "Some" is the right word But I can't figure out how it made what it "corrected'.
We knew this was going on (Score:4, Insightful)
Re: (Score:3)
It's not crazy (Score:2)
Until you can convince upwards to
Re: (Score:2)
Re: (Score:2)
it's cheaper to have them internet accessible. That's the basic problem with nuclear power. It's perfectly safe if you take all necessary precautions. But sooner or later some small government types come in, convince everyone they can cut their taxes by being every so much more efficient as a private company, take over and find running a nuke plant is _hard_. Like, really hard; and finally they start cutting corners and running the plants longer than they're supposed to. Until you can convince upwards to 90% of the population that having a nuclear power plant run by the lowest bidder is a bad idea I'm gonna oppose nuclear.
First, they are not internet accessible. Not sure why you think they are other than gullible acceptance of a misleading headline. Furthermore, they are not run by the lowest bidder. But hey, maybe you could help write more misleading headlines, you seem to have the knack.
Re: (Score:1)
The tech community knews this was going on for sometime since power companies (for some crazy reason) are internet accessible.
IF they truly are internet accessible, then I've mapped them myself. zmap is great.
Here's the question to ask... (Score:2)
Is the US government, under its various organs doing anything similar - or even bankrolling any entity abroad given what we've learned (thorough Wikileaks) over the last few months?
Weren't hackers always a threat? (Score:2)
I remember back in the early 2000s hearing about hacker threats to key infrastructure like power plants, water filtration, and the like. The solution then is if you don't air gap your mission critical systems, you're an idiot and shouldn't be in a job.
How is 2017 any different to then and why is "muh Russia" the most shouted phrase while happily ignoring China, Israel, Pakistan, and well every other country with a vested interest in national and corporate espionage?
Re: (Score:2)
A connection to a company modem would be made and commands attempted. More details about the OS, file system, wider network would requested after a connection would be made. Sometimes just to use that networks speed to move a lot of data around from other more interesting networks and get some data stored to work on later given dial up speeds.
A list of all extension phone numbers would be tried until a modem go
Isn't this a repost? (Score:5, Interesting)
I think I've seen this same misleading bullshit article title literally once a month since 9/11/01.
So the administrative (read: Windows) network got some malware at a nuke plant? Shocking. I'd honestly think I'd be more shocked if the headline said that a nuclear facility had never gotten its Windows network breached, because I've never seen one that hasn't been.
Now, if the article showed that someone was fucking with the reactors or other critical systems, I'd be worried. But every article for the last 16 years has always been this same kind of clickbait garbage.
Re: (Score:2)
Re: (Score:2)
Nuclear plants, hospitals and the like are attractive targets for malware. Even if it's only the admin network that is hit, they have to fix it. There are legal requirements for record keeping, privacy, that sort of thing. The place can be forced to shut down if it can't do the paperwork.
So there is a strong incentive to pay the ransom.
Re: (Score:2)
The liked article might be bad.
But the articles in german news clearly say: the hackers could power down the plant or cause other havoc.
If that is true, I don't know.
big deal (Score:2)
I get a few fishing emails a day that make it through the spam filter. No where in the linked article is there any evidence of anything different than the spam i get which is the same as anyone gets.
Sure some may be more akin to spear phishing but its hardly a national emergency. Don't open attachments from random people on the internet. If your responsible for a nuclear power plant, be even more cautious!
Common sense, nothing to write an article about, which trump will then read and do something half assed
mdsolar (Score:2)
Kompromat (Score:3)
All the people saying control systems weren't affected seem too unconcerned about the long game. The hackers undoubtedly have better kompromat opportunities for deeper and better attacks now. An air-gapped system doesn't protect you when an employee has been blackmailed, bought, or duped.