[SystemSafety] Cybersecurity at Nuclear Power Plants

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Wed Mar 2 10:14:27 CET 2016



On 2016-02-29 09:15 , Peter Bernard Ladkin wrote:
> A good newspaper summary is at
> 
> http://www.ft.com/cms/s/0/b5f0df54-6aa1-11e5-aca9-d87542bf8673.html#axzz41XbXa4RA
> 
> (If you try going there directly, FT might ask you to "sign in" to read it. If so, Google "Caroline
> Baylon nuclear risk" and the link will turn up. Following it skips the sign-in.)

It turns out this works with Google, but not with e.g. DuckDuckGo.

The comments "below the line" exhibit in large part problems which the Report identifies. People
saying, for example,
* "it's mostly analogue technology in the core systems; there aren't problems through digital systems"
* "it's all ISO/OSI-standards-based communication, you can't compromise it like TCP/IP"
* "the key systems are all air-gapped; there aren't any internet connections, so there is no problem"
* "Bah, journalists! They should talk to real experts"

It's sad to see such rubbish, written by people who clearly have little knowledge and haven't read
the report, even in the FT.

The report itself is very insightful (I read it all up to Chapter 8 on organisational responses). It
shows the advantages of talking to a number of industry insiders anonymously. (One of the report's
authors is the Chief of Security for the UK regulator. That must have been an interesting issue
during the interviews! I wonder what was carefully not said?.....)

It also generalises to all kinds of industrial plant.

Big issues:
* the fact that one has to base everything more or less on perimeter security, since that is the
original security concept for these plants. But it means restricting remote access: no having your
forensics person or your maintenance people responding to an emergency by logging in from hisher
bedroom.
* Lots of bespoke, often analog kit is being replaced by COTS, and most digital devices have a
security paradigm based on regular patches. But you can't just install a patch willy-nilly in
industrial plants; you've got to perform an impact analysis on the rest of your kit. And it's
exceptionally hard, to impossible, to perform accurate simulations, since you have to reproduce each
batch of each subcomponent of each digital component, not just the overall plant operation (chips
which are nomimally the same aren't. We were stung through that a decade ago.) The security paradigm
for the COTS kit doesn't match the safety paradigm for the plant.

Easier are:
* General IT-Security cleanliness. No BYOD. No uncleaned USB sticks and other data devices being
brought in and plugged in. (Apparently there is a French company offering cleaning services. Is it
that hard that you can make money from it?)
* Making sure that vendor-supplied default passwords for root access to kit are changed (!!!!).
* Getting SCADA data out exclusively through data diodes and not through electric-digital networking
with potentially-leaky firewalls.

All in all, a valuable read.

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160302/b959d731/attachment.pgp>


More information about the systemsafety mailing list