There is an interesting article over on PubMemo.com about
new cyber-visualization technology that DOD’s Defense Advanced Research Projects
Agency (DARPA) is developing to make it easier for cyber warriors to ‘view’ the
electronic battlefield. While the article does not mention control systems as
part of that environment, it is clear that technology like this will be
valuable to military planners trying to execute missions against control
systems in industrial settings.
One of the problems that has always faced people who would
attack a major industrial facility (chemical plant, electric generation
facility, major municipal water treatment plant) is not gaining access to the
facility, but rather what to do when access is gained. There is nothing that
says ‘open this valve and then turn this controller to this position to blow up
this storage tank’.
There is still something to be said for ‘security by
obscurity’ as a protection against serious deliberate attacks on control
systems in critical infrastructure. Just turning random valves or switches is
unlikely to cause catastrophic destruction; there are just too many innocuous
water and air valves to hit the cybersecurity catastrophe perfecta by making
random changes.
For military planners (or terrorists for that matter)
planning a remote attack on a critical infrastructure installation will require
the ability to identify and locate critical controls in a timely manner. Only
then will the planners be able to put together an attack scenario that will
have the specific, limited effect that military planners, contrary to Hollywood
movies, really want to employ in a well-executed attack.
It looks like the Pentagon understands this. They should;
they’ve been planning complicated operations for years. This is just another
target rich environment.
Posts
No comments:
Post a Comment