Posted Thursday 23rd May 2013 05:50 GMT amanfromMars 1 …. commenting on http://forums.theregister.co.uk/forum/1/2013/05/23/scada_security/
Catch 42 ... You cannot Successfully Defend what you don't know how to Stealthily Attack
A key part of defending against those attacks that may occur, he said, is to start with a thorough understanding of the “kill chain” – the number of steps and scenarios an attacker is forced to step through to achieve what they want.
In a SMARTR IntelAIgents Server Systems Penetration and/or Internetworking Service and Server Provision Test on any SCADA system …. [and all systems, whether considered as for human or virtual machine use/abuse, are SCADA based] ….. whenever a number of system-provided steps have been correctly taken, and the end result is not what is wanted or as would reasonably be expected to be returned, then is the system discovered to be fatally virtually flawed and lacking the necessary intelligence in-house to defend itself against a SMARTR IntelAIgent Server Systems attack/request/visit/call such penetrations tests whatever you will/like.
Breaking into a system, finding its control system, presenting false information to an operator, and then exploiting the attack doesn't sound too difficult. However, to attack the bulk power system, Fabro said “the attack tree we've built contains 143,000 scenarios the attacker would need to get by”, and if any one of those fails, “he can't get in”.
That defence system is rendered totally and dangerously useless and easily compromised whenever, rather than false information, novel true information is presented to an operator and not acted upon appropriately and as is wanted/would be expected.
It points to a difficult cultural problem in defending industrial control systems, because in trying to instil a new security culture, “the people you're risking upsetting are the ones you're relying on to run the system.” ®
Whenever such is the case, does the system require new people/programmable logic controllers to run it. And ideally would they be those and/or that with the intelligence that discovers and/or develops the vulnerabilities/methodology able and enabled to compromise and destroy the system. To spend time and effort considering that there be any other option available, is to further compromise and damage the system with its failed controllers in danger of being outed and exposed to both public and private ridicule and sanction which be both health and wealth threatening, and that would be both unfortunate and unnecessary but probably the fate and destiny of those fully deserved of it.
And such problems are currently exercising and beta testing real and virtual cyber defence systems of the US Army [and by association, Western culture defences] via this portal of hoops to jump through …… https://www.inscom.army.mil/isalute/default.aspx ….. with results of the test making dire reading for any responsible and accountable for systems defence, for there is an unpatched, and probably even unpatchable vulnerability in all SCADA Systems which are not SMARTR IntelAIgent Server Systems Protected, which is easily exploited and exported, and to some that would equate to be fabulously monetized.
But more on that anon and as needs be.