Re: [SystemSafety] Cybersecurity at Nuclear Power Plants

From: Peter Bernard Ladkin < >
Date: Wed, 2 Mar 2016 10:14:27 +0100

On 2016-02-29 09:15 , Peter Bernard Ladkin wrote:
> A good newspaper summary is at
> (If you try going there directly, FT might ask you to "sign in" to read it. If so, Google "Caroline
> Baylon nuclear risk" and the link will turn up. Following it skips the sign-in.)

It turns out this works with Google, but not with e.g. DuckDuckGo.

The comments "below the line" exhibit in large part problems which the Report identifies. People saying, for example,

* "it's mostly analogue technology in the core systems; there aren't problems through digital systems"
* "it's all ISO/OSI-standards-based communication, you can't compromise it like TCP/IP"
* "the key systems are all air-gapped; there aren't any internet connections, so there is no problem"
* "Bah, journalists! They should talk to real experts"

It's sad to see such rubbish, written by people who clearly have little knowledge and haven't read the report, even in the FT.

The report itself is very insightful (I read it all up to Chapter 8 on organisational responses). It shows the advantages of talking to a number of industry insiders anonymously. (One of the report's authors is the Chief of Security for the UK regulator. That must have been an interesting issue during the interviews! I wonder what was carefully not said?.....)

It also generalises to all kinds of industrial plant.

Big issues:
* the fact that one has to base everything more or less on perimeter security, since that is the original security concept for these plants. But it means restricting remote access: no having your forensics person or your maintenance people responding to an emergency by logging in from hisher bedroom.
* Lots of bespoke, often analog kit is being replaced by COTS, and most digital devices have a security paradigm based on regular patches. But you can't just install a patch willy-nilly in industrial plants; you've got to perform an impact analysis on the rest of your kit. And it's exceptionally hard, to impossible, to perform accurate simulations, since you have to reproduce each batch of each subcomponent of each digital component, not just the overall plant operation (chips which are nomimally the same aren't. We were stung through that a decade ago.) The security paradigm for the COTS kit doesn't match the safety paradigm for the plant.

Easier are:
* General IT-Security cleanliness. No BYOD. No uncleaned USB sticks and other data devices being brought in and plugged in. (Apparently there is a French company offering cleaning services. Is it that hard that you can make money from it?) * Making sure that vendor-supplied default passwords for root access to kit are changed (!!!!). * Getting SCADA data out exclusively through data diodes and not through electric-digital networking with potentially-leaky firewalls.

All in all, a valuable read.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Mar 02 2016 - 10:14:35 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:08 CEST