A newsletter I get everyday from Wired magazine ran an article on the dangers posed to the public by malicious hacking. Here’s the pertinent passage:
AFTER LAST MONTH’S Petya/NotPetya ransomware outbreak you may be feeling like the next global attack could come at any moment. It hasn’t struck yet, but if the ransomware fear doesn’t get you, the phishing paranoia might. And don’t forget angst about power grid hacks. Reports this week revealed that the FBI and Department of Homeland Security are scrambling to defend multiple US energy companies and manufacturing plants from hackers—including a nuclear power plant in Kansas. So far there’s no evidence that hackers have accessed the industrial control systems that actually direct physical equipment, so it’s not a doomsday scenario yet, but from an anxiety perspective it’s not great.
It’s not exactly a new idea that almost anything connected to the Internet is vulnerable to intensive hacking efforts. Hackers have usually gone where the money is, and that’s been financial institutions and individuals with an online identity. It’s beginning to look as though ransomeware has become the next scourge.
But things could become serious. Nuclear power plants, it now appears, are connected to the Internet, and the government reportedly believes that one of them, in Kansas, is vulnerable to hacking.
I have always opposed nuclear power plants. It seemed to me that, sooner or later, one of them would have a catastrophic accident that would spew tons of deadly radioactive dust directly into the atmosphere, to be carried by winds thousands of miles and deposited on the earth along its path.
Sooner or later happened at Chernobyl, Ukraine in 1986, when a graphite-modulated reactor blew up and spread radioactive debris over thousands of square miles.
In 2011, the Fukushima Daiichi Plant melted down as a result of an earthquake and the resulting tsunami. It has still not been brought under control and continues to emit radioactive material into the ocean and atmosphere. Robots sent into the most radioactive areas of the plants have ceased to function because of the intense radiation.
There are three things to remember about nuclear reactors: 1. Meltdowns are catastrophes, and the damage to property and loss of life are simply unacceptable. That means that the likelihood of a meltdown must be brought to zero, which cannot be achieved with today’s technology and probably with no future technology. The only reasonable course is no reactors at all. 2. If a reactor can melt down, it will eventually melt down. This is a corollary of Murphy’s Law. 3. As a reactor ages, the probablity of failure increases, because reactor parts are subject to heat, radiation, and corrosive substances that cause them to deteriorate. The probability can be reduced by decommisioning the reactor well before it becomes dangerous.
Now virtually all the power plants are connected to the Internet, where they can be managed and monitored from a central location. Because they are online, they can be targeted by both small-time hackers and state intelligence agencies.
The same is true of the nation’s electric power grid.
The reason that these problems haven’t been fixed is money. The only way to ensure that hackers can be kept out is air. There must be air between the internal network and the Internet. Data must be encrypted end-to-end and transmitted over dedicated lines. This is how the military and the intelligence agencies have been exchanging data for at least 60 years over leased lines. Transmitting secure data over the air requires strong encryption, since third parties can capture the transmissions.
When state actors come into the picture, things become much more serious. Even encrypted communications are not perfectly safe. Given enough computing power a state can crack a cryptographic system and access almost any information stored within the system.
As long as local networks remain disconnected from any open network, the network will remain secure from all outside efforts to compromise it.
The same goes for electric power grids. Many of these systems were fitted with interfaces to the Internet in the belief that the Internet was benign. The system worked well until hackers, thieves, and spys began to penetrate what were then regarded as secure sites
No comments:
Post a Comment