How do hackers invade networks?

Dear Control Engineering: I was reading the posting about hackers invading control systems. How is that possible with safeguards?


Dear Control Engineering: I was reading the posting about hackers invading control systems. How is that possible with safeguards?

One of the techniques that has been in use with hackers for a while is “phishing,” which is a way for the hacker to gain access to a system by fooling a human being into unwittingly creating an access point. Usually you get some kind of email with an attachment. If you try to open the attachment, say a photo, e-greeting card, or some other type of file, it may not work properly. The message tells you that to see the file, you need to download some kind of reader or other bit of free software. If you do this, you’re doomed. That file is the hacker’s foot in the door and your computer becomes the portal for him or her to get around in the networks that connect to your computer.

There have been many variations on this approach since savvy users begin to recognize when this sort of thing is going on. If you have any sense, you aren’t going to send your bank account information because you get an email out of the blue that says your account has been frozen. I received some emails at my home account recently that claim to be from UPS and telling me that a package that I supposedly tried to ship prior to Christmas did not get delivered because the address was wrong. I’m supposed to click on the attachment for information on getting the package back. Fortunately, I’m not dumb enough to do that.

The really scary technique that has emerged recently is called “spear phishing.” It is a more sophisticated process where a motivated hacker is determined to break into a specific system to conduct industrial espionage. Let’s say your company is engaged in a specific area of business that is of interest to the hacker. He can run Web searches on your company and find the names of key individuals in strategic areas. He then sends a highly targeted email to these individuals that gives the impression of being from within the company, but it uses the same technique. The recipient is fooled into downloading something that seems entirely appropriate, but that computer now becomes a portal. From there the hacker can begin to move throughout the networks using that person’s internal clearances. It makes detecting what’s going on very difficult.

A recent article describes this method in greater detail. There are countermeasures a company can use to resist this technique, but it can be very hard to detect. Several major oil companies have had highly proprietary information stolen using spear phishing as the entry method, and they did not realize the extent of the problem until the FBI told them about it. While these begin with enterprise level and IT networks, once those networks are compromised, attackers could turn their efforts to control systems, so any invasion should be a concern to people involved in manufacturing.

Read the Control Engineering Industrial Control System Cyber Security blog.

–Peter Welander, process industries editor.

Posted by Ask Control Engineering on February 6, 2010

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Sister act: Building on their father's legacy, a new generation moves Bales Metal Surface Solutions forward; Meet the 2015 Engineering Leaders Under 40
2015 Mid-Year Report: Manufacturing's newest tool: In a digital age, digits will play a key role in the plant of the future; Ethernet certification; Mitigate harmonics; World class maintenance
2015 Lubrication Guide: Green and gold in lubrication: Environmentally friendly fluids and sealing systems offer a new perspective
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Cyber security attack: The threat is real; Hacking O&G control systems: Understanding the cyber risk; The active cyber defense cycle
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Building high availability into industrial computers; Of key metrics and myth busting; The truth about five common VFD myths
New industrial buildings: Greener, cleaner, leaner; New building designs for industry; Take a new look at absorption cooling; Offshored jobs start to come back

Annual Salary Survey

After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.

The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.

Read more: 2014 Salary Survey: Confidence rises amid the challenges

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.