computer
Can freebie software and a can of Pringles bring down the U.S. power grid?
As far as we know, no one has ever deliberately hacked into the U.S. electrical
grid and pulled the plug on millions or even thousands of people. Just as on Sept.
10, 2001, no one had ever deliberately crashed a jet airliner into a skyscraper.
Is the power grid vulnerable to cyberattack? What about natural gas pipelines,
nuclear plants, and water systems? Or refineries and other industrial facilities
that run on similar Internet-enabled digital control systems? Could a terrorist
or disgruntled employee cause lethal accidents and millions of dollars of damage?
What about a bored 14-year-old? Executive consultant for KEMA Consulting Joseph
Weiss thinks they are vulnerable . None of the industrial control systems used to
monitor and operate the nation's utilities and factories were designed with security
in mind. Moreover, their very nature makes them difficult to secure. Linking them
to networks and the public Internet only makes them harder to protect. Paul Blomgren,
manager of sales engineering at cyber-security firm Rainbow Mykotronx in Torrance,
Calif., measures control system vulnerabilities. Last year his company assessed a
large southwestern utility that serves about four million customers. "Our people drove
to a remote substation," he recalled. "Without leaving their vehicle, they noticed
a wireless network antenna. They plugged in their wireless LAN cards, fired up their
notebook computers, and connected to the system within five minutes because it wasn't
using passwords. Within 10 minutes, they had mapped every piece of equipment in the
facility. Within 15 minutes, they mapped every piece of equipment in the operational
control network. Within 20 minutes, they were talking to the business network and had
pulled off several business reports. They never even left the vehicle."
Blomgren, of course, is a professional with a professional's tools. But Eric Byres,
research manager at the Internet Engineering Laboratory of the British Columbia Institute
of Technology in Burnaby, maintains that any hacker could achieve similar results—with
free software off the Internet and a can of Pringles. Wireless systems are especially
vulnerable to attack, Byres said. He cited as an example a petrochemical plant that he
just finished assessing. "They had an overflow pond that wound around the plant site and
wanted to put sensors on it, but they were worried that if they ran fiber, someone might
dig it up," he said. "So they put in a wireless system." Because the wireless system was
part of the plant network, information technology engineers assumed the firewall would
protect it from unauthorized access. That was not the case. Because they thought they
were secure, they never even turned on the wireless transmitters' security features.
Byres said that many information technology, or IT, professionals don't even know these
options exist.
Eavesdropping choices: original or spicy Cajun. A quick Web search can turn up hundreds
of sites eager to tell how to turn a snack can into a directional antenna able to listen
in on wireless systems. Anyone driving by could pick up the wireless traffic. All they
need is a laptop PC, a $60 wireless network card, and a directional antenna, which can
be made from a Pringles can. Don't know how to make the antenna? A Google Internet search
of "Pringles antenna" returns nearly 400 Web sites, many with do-it-yourself instructions,
pictures, and even videos.Wireless security features are easily defeated.
As far as we know, no one has ever deliberately hacked into the U.S. electrical
grid and pulled the plug on millions or even thousands of people. Just as on Sept.
10, 2001, no one had ever deliberately crashed a jet airliner into a skyscraper.
Is the power grid vulnerable to cyberattack? What about natural gas pipelines,
nuclear plants, and water systems? Or refineries and other industrial facilities
that run on similar Internet-enabled digital control systems? Could a terrorist
or disgruntled employee cause lethal accidents and millions of dollars of damage?
What about a bored 14-year-old? Executive consultant for KEMA Consulting Joseph
Weiss thinks they are vulnerable . None of the industrial control systems used to
monitor and operate the nation's utilities and factories were designed with security
in mind. Moreover, their very nature makes them difficult to secure. Linking them
to networks and the public Internet only makes them harder to protect. Paul Blomgren,
manager of sales engineering at cyber-security firm Rainbow Mykotronx in Torrance,
Calif., measures control system vulnerabilities. Last year his company assessed a
large southwestern utility that serves about four million customers. "Our people drove
to a remote substation," he recalled. "Without leaving their vehicle, they noticed
a wireless network antenna. They plugged in their wireless LAN cards, fired up their
notebook computers, and connected to the system within five minutes because it wasn't
using passwords. Within 10 minutes, they had mapped every piece of equipment in the
facility. Within 15 minutes, they mapped every piece of equipment in the operational
control network. Within 20 minutes, they were talking to the business network and had
pulled off several business reports. They never even left the vehicle."
Blomgren, of course, is a professional with a professional's tools. But Eric Byres,
research manager at the Internet Engineering Laboratory of the British Columbia Institute
of Technology in Burnaby, maintains that any hacker could achieve similar results—with
free software off the Internet and a can of Pringles. Wireless systems are especially
vulnerable to attack, Byres said. He cited as an example a petrochemical plant that he
just finished assessing. "They had an overflow pond that wound around the plant site and
wanted to put sensors on it, but they were worried that if they ran fiber, someone might
dig it up," he said. "So they put in a wireless system." Because the wireless system was
part of the plant network, information technology engineers assumed the firewall would
protect it from unauthorized access. That was not the case. Because they thought they
were secure, they never even turned on the wireless transmitters' security features.
Byres said that many information technology, or IT, professionals don't even know these
options exist.
Eavesdropping choices: original or spicy Cajun. A quick Web search can turn up hundreds
of sites eager to tell how to turn a snack can into a directional antenna able to listen
in on wireless systems. Anyone driving by could pick up the wireless traffic. All they
need is a laptop PC, a $60 wireless network card, and a directional antenna, which can
be made from a Pringles can. Don't know how to make the antenna? A Google Internet search
of "Pringles antenna" returns nearly 400 Web sites, many with do-it-yourself instructions,
pictures, and even videos.Wireless security features are easily defeated.
上一篇:The Rose Within
下一篇:乱世佳人-斯嘉丽、瑞特
声明:以上文章均为用户自行添加,仅供打字交流使用,不代表本站观点,本站不承担任何法律责任,特此声明!如果有侵犯到您的权利,请及时联系我们删除。
文章热度:★★★☆☆
文章难度:★★★★☆
文章质量:★★★★☆
说明:系统根据文章的热度、难度、质量自动认证,已认证的文章将参与打字排名!
本文打字排名TOP20
- 1kevin6625 11-28 16:39474 KPM
- 2lin6625 11-10 18:38457 KPM
- 3格物致知 06-02 09:49407 KPM
- 4可爱菌菌怪 04-28 17:05379 KPM
- 5categary 11-28 12:54363 KPM
- 6游客13446040... 11-11 11:29360 KPM
- 7游客13127725... 01-04 08:53353 KPM
- 8游客13646060... 06-02 11:49351 KPM
- 9游客14171596... 11-06 12:47351 KPM
- 10夜会美 12-13 13:17349 KPM
- 11珍珠奶兔 07-29 23:30346 KPM
- 12赵扶苏 12-05 15:01342 KPM
- 13游客11650356... 12-13 12:37328 KPM
- 14游客13643058... 11-13 07:38324 KPM
- 15游客14208513... 11-10 16:23323 KPM
- 16ChenLX 01-03 18:54319 KPM
- 17Nicky 01-04 10:08312 KPM
- 18游客13108741... 01-03 11:06311 KPM
- 19于建松 09-12 15:49310 KPM
- 20承苏凯 01-03 17:48306 KPM
用户更多文章推荐
- Success2020-06-04