Saturday, October 22, 2011

Industrial Industry Manufacturers Clarified

Okay, I have an semi-official (here is what we meant, but please don’t quote me) clarification of what Symantec was trying to say when they came up with the phrase ‘Industrial Industry Manufacturers’ it means “industrial control system manufacturers and any other organizations who provide solutions to industrial facilities”. In other words anyone that makes the software or hardware used to control industrial processes; with hardware being used in the manufacturing plant terminology (not limited to control system terminology) to include pumps, valves, motors, frequency converters, pipes, etc.

Good; This I can understand. From a process chemist’s point of view that covers a whole bunch of stuff that I hadn’t worried much about from a security perspective before. But it certainly makes a lot of sense if you think about how you might go about destroying a manufacturing facility. You could just randomly operate relays and that would almost certainly screw up production and/or quality but might not shut down a facility. To shut down a facility you need to be able to destroy equipment (catastrophically if possible). To do that remotely you need to understand the design criteria and the various failure modes of that equipment. That’s all information that the equipment manufacturer will probably have on hand on some networked computer somewhere.

When I worked with the Intel (tactical level only) folks for a brief period in the Army they had a very interesting counter-intelligence term; EEFI – Essential Elements of Friendly Information. It was used to describe the information that the Commander did not want his enemy to know about his forces. So from an industrial security perspective (protecting the facility not just the cyber systems) it looks like whoever wrote Duqu was targeting our (the collective good guys) EEFI.

That’s even scarier than just Stuxnet…

BTW: That really seems to make the latest ICS-CERT update extremely confusing. Perhaps they should have said Duqu was not just [emphasis added] targeting ICS vendors.

No comments:

 
/* Use this with templates/template-twocol.html */