At the Gundremmingen nuclear power facility in Germany, malware was found on computers that are part of a system that models nuclear fuel rod movement and on USB data storage devices. The malware, which includes Conficker and W32.Ramnit, was never activated because they require communication with a command-and-control network, and the infected systems were not connected to the Internet.
-http://arstechnica.com/security/2016/04/german-nuclear-plants-fuel-rod-system-sw
arming-with-old-malware/
-http://www.reuters.com/article/us-nuclearpower-cyber-germany-idUSKCN0XN2OS
[Editor's Note (Assante): I am amazed by statements from industry leaders about how "protected" their organizations and industries are, in response to stories about targeted cyber threats. Incidents like this one are common, and they cast a great deal of doubt on conventional prevention-focused security programs. Gundremmingen CNPP demonstrates how non-targeted malware can find its way onto critical systems (in this case a nuclear power plant's fuel rod movement/management system) and worse, be able to live there undetected for a significant period of time. Critical infrastructures must mature beyond simple cyber walls and invest in developing competent cyber defenses. (Murray): Mission critical applications should be isolated (VPNs) AND resistant to arbitrary changes to programs and other data (restrictive access control policy). Either a belt or braces may keep one's pants up but they complement one another and neither is expensive. (Williams): Years ago, I remember hearing the wise Ed Skoudis say "Airgaps are just very high latency networks." Eerily similar to the Stuxnet story, this discovery is definitely concerning but we should strive to keep it in perspective. Organizations should consider how they can most effectively restrict USB usage while still performing mission critical operations. ]
No comments:
Post a Comment