Computer Security: Our life in symbiosis*
Do you recall our Bulletin articles on control system cyber-security (“Hacking control systems, switching lights off!” and “Hacking control systems, switching... accelerators off?”) from early 2013? Let me shed some light on this issue from a completely different perspective.
I was raised in Europe during the 80s. With all the conveniences of a modern city, my environment made me a cyborg - a human entangled with technology - supported but also dependent on software and hardware. Since my childhood, I have eaten food packaged by machines and shipped through a sophisticated network of ships and lorries, keeping it fresh or frozen until it arrives in supermarkets. I heat my house with the magic of nuclear energy provided to me via a complicated electrical network. In fact, many of the amenities and gadgets I use are based on electricity and I just need to tap a power socket. When on vacation, I travel by taxi, train and airplane. And I enjoy the beautiful weather outside thanks to the air conditioning system located in the basement of the CERN IT building.
This air conditioning system, a process control system (PCS), monitors the ambient room temperature through a distributed network of sensors. A smart central unit - the Programmable Logic Controller (PLC) - compares the measured temperature values with a set of thresholds and subsequently calculates a new setting for heating or cooling. On top of this temperature control loop (monitor - calculate - set), a small display (a simple SCADA (supervisory controls and data acquisition) system) attached to the wall allows me to read the current room temperature and to manipulate its set-points. Depending on the size of the building and the number of processes controlled, many (different) sensors, PLCs, actuators and SCADA systems can be combined and inter-connected to build a larger and more complex PCS.
In a similar way, all our commodities and amenities depend on many different, complex PCSs e.g. a PCS for water and waste management, for electricity production and transmission, for public and private transport, for communication, for production of oil and gas but also cars, food, and pharmaceuticals. Today, many people live in symbiosis with those PCSs which make their lives cosy and comfortable, and industry depends on them. The variety of PCSs has become a piece of “critical infrastructure”, providing the fundamental basis for their general survival.
So what would happen if part or all of this critical infrastructure failed? How would your life change without clean tap water and proper waste disposal, without electricity, without fresh and frozen food? The cool air in the lecture hall will get hot and become uncomfortable. On a wider scale, with no drinking water from the tap, we would have to go back to local wells or collect and heat rain water in order to purify it. Failure of the electricity system would halt public life: frozen goods in supermarkets would warm up and become inedible, fuel pumps would not work anymore, life-preservation systems in hospitals would stop once the local diesel generators ran out of fuel… (this is nicely depicted in the novel “Blackout” by M. Elsberg).
We rely on our critical infrastructure, we rely on PCS and we rely on the technologies behind PCSs. In the past, PCSs, PLCs and SCADA systems and their hardware and software components were proprietary, custom-built, and stand-alone. Expertise was centralised with a few system engineers who knew their system by heart. That has changed in recent decades. Pressure for consolidation and cost-effectiveness has pushed manufacturers to open up. Today, modern PCSs employ the same technological means that have been used for years in computer centres, in offices and at home: Microsoft’s Windows operating system to run SCADA systems; web browser as user interfaces; laptops and tablets replacing paper checklists; emails to disseminate status information and alerts; the IP protocol to communicate among different parts of a PCS; the Internet for remote access for support personnel and experts...
Unfortunately, while benefitting from standard information technology, PCSs have also inherited its drawbacks: design flaws in hardware, bugs in software components and applications, and vulnerabilities in communication protocols. Exploiting these drawbacks, malicious cyber-attackers and benign IT researchers have probed many different hardware, software and protocols for many years. Today, computer centres, office systems and home computers are permanently under attack. With their new technological basis, PCSs underwent scrutiny, too. The sophisticated “Stuxnet” attack by the US and Israel against the control system of Iranian uranium enrichment facilities in 2010 is just one of the more publicised cases. New vulnerabilities affecting PCSs are regularly published on certain web pages, and recipes for malicious attacks circulate widely on the Internet. The damage caused may be enormous.
Therefore, “Critical Infrastructure Protection” (CIP) becomes a must. But protecting PCSs like computer centres, patching them, running anti-virus on them, and controlling their access is much more difficult than attacking. PCS are built for use-cases. Malicious abuse is rarely considered during their design and implementation phase. For example, rebooting a SCADA PC will temporarily cease monitoring capabilities while updating PLCs firmware usually requires thorough re-testing and probably even re-certification. Both are non-trivial and costly tasks that cannot be done in-line with the monthly patch cycle releases by firms like Microsoft.
Ergo, a fraction (if not many) of today’s PCSs are vulnerable to common cyber-attacks. Not without reason, the former advisor to the US president, Richard Clarke, said “that the US might be able to blow up a nuclear plant somewhere, or a terrorist training centre somewhere, but a number of countries could strike back with a cyber-attack and the entire [US] economic system could be crashed in retaliation … because we can’t defend it today.” (AP 2011) We need to raise our cyber-defences now. Without CIP, without protected SCADA systems, our modern symbiotic life is at risk.
*To be published in the annual yearbook of the World Federation of Scientists.
Check out our website for further information, answers to your questions and help, or e-mail Computer.Security@cern.ch.
If you want to learn more about computer security incidents and issues at CERN, just follow our Monthly Report.
Access the entire collection of Computer Security articles here.
by Stefan Lueders, Computer Security Team
