Forget the Sony Hack, This Could Be the Biggest Cyber Attack of 2015 – Defense One

Aurora Project

On July 3, DHS, which plays “key role” in responding to cyber-attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”    

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.

Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

Launching an Aurora attack:

“The perpetrator must have knowledge of the local power system, know and understand the power system interconnections, initiate the attack under vulnerable system load and impedance conditions and select a breaker capable of opening and closing quickly enough to operate within the vulnerability window.”

“Assuming the attack is initiated via remote electronic access, the perpetrator needs to understand and violate the electronic media, find a communications link that is not encrypted or is unknown to the operator, ensure no access alarm is sent to the operators, know all passwords, or enter a system that has no authentication.”

That sounds like a lot of hurdles to jump over. But utilities commonly rely on publicly available equipment and common communication protocols (DNP, Modbus, IEC 60870-5-103, IEC 61850, Telnet, QUIC4/QUIN, and Cooper 2179) to handle links between different parts their systems. It makes equipment easier to run, maintain, repair and replace. But in that convenience lies vulnerability.

Protecting against an Aurora attack

Weiss says that a commonly available device installed on vulnerable equipment could effectively solve the problem, making it impossible to make the moving parts spin out of synchronization. There are two devices on the market iGR-933 rotating equipment isolation device (REID) and an SEL 751A, that purport to shield equipment from “out-of-phase” states.

To his knowledge, Weiss says, Pacific Gas and Electric has not installed any of them anywhere, even though the Defense Department will actually give them away to utility companies that want them, simply because DOD has an interest in making sure that bases don’t have to rely on backup power and water in the event of a blackout. “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERC-CIP audits.”

Aurora is not a zero-day vulnerability, an attack that exploits an entirely new vector giving the victim “zero days” to figure out a patch. The problem is that there is no way to know that they are being implemented until someone, North Korea or someone else, chooses to exploit them.

via Forget the Sony Hack, This Could Be the Biggest Cyber Attack of 2015 – Defense One.

Europe’s Smart Highway Will Shepherd Cars From Rotterdam to Vienna – IEEE Spectrum

By far the most ambitious smart-road project is to begin next year in Europe. It’s called the Cooperative ITS Corridor, and on day one it’s supposed to shepherd cars from Rotterdam through Munich, Frankfurt, and on to Vienna without a single interruption in the initial, basic service: warning drivers of upcoming roadwork and other obstacles. And because the Corridor will be the first to harmonize smart-road standards among different countries, its choices are meant to be a template for us all.

Sensing capabilities

Tass answers such questions on its test bed, an 8-kilometer stretch of road in Helmond that is studded with sensors far more capable than the Corridor will have. “We measure the exact position of vehicles within 1-meter accuracy, 10 times per second, then compare this ground truth with the actual system being tested,” Van Vugt says. “There are cameras every 100 meters and Wi-Fi antennas every 500 meters—about twice as dense as what you’d have on a normal motorway. And we put Wi-Fi stations about on the same poles as the antennas and camera systems.”

Callout to security

For engineers, though, there’s only one real problem: how to safeguard communications. Today’s cars are dripping with communications channels, each of which offers a way into critical systems like engine controls, antilock brakes, and even the actuators that lock the doors and lower the windows. That’s a lot of targets, and smart roads threaten to hook them together and make them vulnerable to attackers, just as the Internet has done with the world’s desktop computers.

via Europe’s Smart Highway Will Shepherd Cars From Rotterdam to Vienna – IEEE Spectrum.

This is the state of things. The future comes slowly. The slow progress is attributed it difficulties negotiating between countries (within Europe) and probably also funding issues.

We can say all we want that the problem is (technically) solved, but in practice there are going to huge unexpected (to me) problems. So [after we’ve figured out the technical details], are we content to let the future happen without us?