20.1.2022 | 05:47
Important national infrastructure helps keep our electricity and water moving stuxnet, our payments in motion and our production and distribution running. This infrastructure is now facing an emerging threat with cyber-attacks. However, in trying to safeguard power plants from cyber-attacks and cyber-attacks. We could be not paying attention to the ball in the face of the more conventional safety concerns.
A large portion of infrastructure is based on automated technology, commonly called industrial control systems (ICS). These systems permit the physical world to be control by computers. They open valves, produce power, and arrange parcels ready for delivery to satisfy our needs.
The computers that control these systems are increasingly connect to different computer networks. And, more importantly, with the internet. These new connections open avenues for attackers to access and penetrate systems. Disrupting large-scale the services that we rely heavily upon.
This issue made even worse by the lengthy life span that industrial machines have. A lot of older devices are in use , and aren’t protect for modern technology. The recent disclosure of 25 vulnerabilities in devices. That connect older and new devices in power stations is a proof point to this.
Thankfully, we haven’t yet seen any significant disruptions but one particular notable case has revealed. To the entire spectrum of industries that utilize controls that they could be targets in the near future and need to be ready for attacks.
The Stuxnet Legacy
In 2010, a piece malware known as Stuxnet has been use to hack and disrupt. The functioning of enrichment facilities for uranium in Iran. Which caused millions of dollars worth of damage and slowing down the program of enrichment by several years.
It spread itself through all the web, infecting normal Microsoft Windows computers. As it sought its targets a particular kind part of industrial control. Systems exclusively manufactured by Iran in Iran and Finland. After it had identified its target, Stuxnet was then able to alter the operating. Parameters of these components to create dangerous circumstances. While concealing the behavior from the people who were able to support the system. Although Stuxnet hasn’t been link to an individual threat, there are many theories about where the malware originated.
Stuxnet was a nightmare for all who uses control systems. The first time that significant physical harm occurred due to malware.
Since Stuxnet industries that manufacture using control system for automating. Their operations have made significant investments in cyber defense and are developing new technology to safeguard these vital infrastructures. The work has so far entirely focused on managing the risks associated. With the protection of data, in an approach called information assurance. However, it can have implications for the protection of infrastructure in different ways.
Fail-Safe Vs Fail-Secure Stuxnet
Industries control system has historically utilized the fail-safe design. If a system fails to operate properly, it will shut down to limit environmental damage and also to prevent the loss of life. The water treatment facility can shut down when water tankers exceed their dangerous limits of capacity such as.
The majority of information assurance methods On the other hand recommend the fail-secure design methodology. If a system is compromise the system is attack, security mechanisms are activate to ensure that your information is not being misuse.
However, these security objectives could be in conflict with each other. If a system malfunctions and the primary goal is to safeguard information, shutting it down could cause the system to enter a risky situation. If a wind turbine starts moving at an alarming rate, while an automation system is able to stop it the system that is fail-safe could detect this as an anomaly or malicious behavior, and prevent the shutdown, which could have catastrophic consequences.
While it is important to secure the information contained in control systems but in the case of an attack, it should always be second to protecting living things and our environment.
Secure And Safe
An alternative movement is being develop to help find a way to reconcile both approaches by ensuring that both persons and data are safe in the event of an attack. They want to see the industry adopting an functional assurance approach. In the case of an attack the system will be in fail-safe and fail secure modes.
The concept of functional assurance transcends the simple notion that is on or off in the case the threat. Internet linked systems come subject to constant attack and have to be functioning. If an internet-connect control system was to shut down each when it was attack it wouldn’t be running, therefore we must begin planning how to ensure that the systems are running against the ferocious attacks from the digital world.
Aftereffects Of Stuxnet
The aftereffects of Stuxnet cause the development of security guidelines and security standards that are specifically design for Industrial control system. But, a study has revealed that these documents are likely not sufficient to help operators attain operational security. Safety is often emphasize, but it is generally ignore as a separate matter. The focus is not on their interdependence particularly the capacity of failing safely and effectively.
The government and the industry are trying to figure out how to provide functional assurance However, they have to improve their performance. Control system technology for industrial use is becoming more prevalent, not just in critical infrastructure as well as in our own personal lives as we progress toward living in cities that are smart. This means everything including traffic light systems to security for your home could be a target. The safety of our people is at stake however we’re trying to ensure that our infrastructure functions more efficiently, making the balance between security of data and protection of people more vital than ever.
Comments are closed