~e; Embedded Control Systems and Security

From bc <human@electronetwork.org>
Date Wed, 17 Jul 2002 23:34:28 -0500

  [this forwarded snippet of a newsletter (subbing info
  below) relates to the potential 'threat' of an attack,
  via computers, on large technological systems, such as
  dams, that was mentioned on the list a few weeks back.
  if anyone likes to know more about such issues, you
  may be interested in an e-mail list called RISKs-digest
  which compiles oddities and errors within such systems.]

>                  CRYPTO-GRAM
>                  July 15, 2002
>               by Bruce Schneier
>                Founder and CTO
>       Counterpane Internet Security, Inc.
>            schneier@counterpane.com
>          <http://www.counterpane.com>
>A free monthly newsletter providing summaries, analyses, insights, 
>and commentaries on computer security and cryptography.
>Back issues are available at 
><http://www.counterpane.com/crypto-gram.html>.  To subscribe, visit 
><http://www.counterpane.com/crypto-gram.html> or send a blank 
>message to crypto-gram-subscribe@chaparraltree.com.
>Copyright (c) 2002 by Counterpane Internet Security, Inc.
>** *** ***** ******* *********** *************
>In this issue:
>      Embedded Control Systems and Security
>	... <snip>
>** *** ***** ******* *********** *************
>      Embedded Control Systems and Security
>There's a whole lot of embedded control systems in our society, 
>controlling things as diverse as vending machines and automobiles 
>and power plants, and they've been designed with not a whole lot of 
>Actually, mostly they've mostly been designed with no security.  And 
>that's not a good thing.
>These are distributed control systems (DCS), or supervisory control 
>and data acquisition (SCADA) systems.  The simplest ones just carry 
>measurement data.  More complicated ones throw railway switches, 
>open and close circuit breakers, and adjust valve flow in lots of 
>different pipelines.  The most complicated ones control devices and 
>systems at an even higher level.
>For the most part, these systems have been obscure and isolated -- 
>this is why their designers never bothered with security -- but more 
>and more they're being connected to the Internet.  And the fear is 
>that now they can be taken over by hackers, criminals, or (gasp!) 
>This has been true for decades now, but the War on (Some) Terrorism 
>has brought this into the news.  Many are worried that that some 
>terrorist with a laptop in Peshawar can open the floodgates of a dam 
>in the United States, or shut down the American power grid.  It's a 
>frightening prospect.
>And certainly the threats are real.  These systems can be 
>successfully attacked.  And given the sheer complexity of some of 
>the systems being controlled, catastrophic failures are certainly 
>But I think they're unlikely.  First, as insecure as the systems 
>are, it's hard to hack in and do maximum damage.  It's probably easy 
>to hack in and stumble around until something breaks, but that's not 
>nearly as spectacular.  For once, obscurity is working in our favor; 
>the simple facts that the commands are arcane and obscure, the 
>effects of individual changes are not obvious, and there are no 
>readily available manuals, makes the system more secure.
>Second, low-tech terrorism is much more reliable, and much more 
>effective, than high-tech.  While these threats are real, I rate 
>them as lower than explosives or lunatics with automatic weapons. 
>Sure, opening sewage floodgates into the river will make headlines, 
>but bombing one of the three water tunnels into Manhattan will do 
>much more damage.
>The real threat here is the remote attacker.  I think the likely 
>scenario is that some terrorist-wannabe -- not a real terrorist but 
>someone who reads about terrorism in the press and is sympathetic -- 
>in some random country will try to attack infrastructures this way. 
>They'll break in, and they'll do some random damage.  It won't be 
>spectacular, but it will be successful.
>The solution is twofold.  One, keep critical DCS and SCADA systems 
>off the Internet.  Two, fix the protocols to add security.  And 
>three, don't panic about the threats; the risk isn't that great.
>Point: We're at risk.
>Counterpoint: No, we're not.
>An actual attack:
>** *** ***** ******* *********** *************
>** *** ***** ******* *********** *************
>CRYPTO-GRAM is a free monthly newsletter providing summaries, 
>analyses, insights, and commentaries on computer security and 
>cryptography.  Back issues are available on 
>To subscribe, visit <http://www.counterpane.com/crypto-gram.html> or 
>send a blank message to crypto-gram-subscribe@chaparraltree.com.  To 
>unsubscribe, visit <http://www.counterpane.com/unsubform.html>.
>Please feel free to forward CRYPTO-GRAM to colleagues and friends 
>who will find it valuable.  Permission is granted to reprint 
>CRYPTO-GRAM, as long as it is reprinted in its entirety.
>CRYPTO-GRAM is written by Bruce Schneier.  Schneier is founder and 
>CTO of Counterpane Internet Security Inc., the author of "Secrets 
>and Lies" and "Applied Cryptography," and an inventor of the 
>Blowfish, Twofish, and Yarrow algorithms.  He is a member of the 
>Advisory Board of the Electronic Privacy Information Center (EPIC). 
>He is a frequent writer and lecturer on computer security and 
>Counterpane Internet Security, Inc. is the world leader in Managed 
>Security Monitoring.  Counterpane's expert security analysts protect 
>networks for Fortune 1000 companies world-wide.
>Copyright (c) 2002 by Counterpane Internet Security, Inc.

  the electromagnetic internetwork-list
  electromagnetism / infrastructure / civilization