Bill’s Security Blog

According to Wall Street Journal’s MarketWatch, Waterfall Solutions will be presenting at the 2008 PCSF.

In a presentation on Wednesday, August 27th, Mr. Turniansky will give a detailed presentation on the topic of “Unidiresctional Connectivity - A Novel Robust Method for Absolute Protection of Process Control Systems”.

Some are too willing to throw out the notion of unidirectional communication in a control system because it requires some special configuration.

My take is that if you want Real security, you must consider the overwhelming value of a one-way communication link, particularly when critical control systems come into place.

In control networks, there are some devices, like sensors and other detectors, that simply generate traffic.  They do not need to receive anything.

Another possibility is to prevent two way traffic between systems at higher and lower levels of “criticality.”

A no-brainer example would be to employ one way communication between the contol network and the corporate network.  This would allow business units to monitor the control network, but not have data (and attacks) flow from the business side back.

This would have prevented the shutdown of Unit 2 of the Hatch nuclear power plant earlier this year.

From the Washington Post’s “Cyber Incident Blamed for Nuclear Power Plant Shutdown”

A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.

The incident occurred on March 7 at Unit 2 of the Hatch nuclear power plant near Baxley, Georgia. The trouble started after an engineer from Southern Company, which manages the technology operations for the plant, installed a software update on a computer operating on the plant’s business network.

Though I don’t know all the details, it’s clear that there was some computer on the business network that must have, through some route, been able to feed back to the control network.

Why introduce the potential for a network based attack on one of these devices, simply employ one-way communication.

Method’s I’ve heard about in the past include physically modifying the network cabling so that the cable is physically incapable of sending traffic in both directions.

In any event, I wont’ be at PCSF, but hope the presentation is available.

Bill

This entry was posted on Sunday, August 24th, 2008 at 4:13 pm and is filed under Control Systems, Critical Infrastructure. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.