How do hackers invade networks?

Dear Control Engineering: I was reading the posting about hackers invading control systems. How is that possible with safeguards?

02/06/2010


Dear Control Engineering: I was reading the posting about hackers invading control systems. How is that possible with safeguards?

One of the techniques that has been in use with hackers for a while is “phishing,” which is a way for the hacker to gain access to a system by fooling a human being into unwittingly creating an access point. Usually you get some kind of email with an attachment. If you try to open the attachment, say a photo, e-greeting card, or some other type of file, it may not work properly. The message tells you that to see the file, you need to download some kind of reader or other bit of free software. If you do this, you’re doomed. That file is the hacker’s foot in the door and your computer becomes the portal for him or her to get around in the networks that connect to your computer.

There have been many variations on this approach since savvy users begin to recognize when this sort of thing is going on. If you have any sense, you aren’t going to send your bank account information because you get an email out of the blue that says your account has been frozen. I received some emails at my home account recently that claim to be from UPS and telling me that a package that I supposedly tried to ship prior to Christmas did not get delivered because the address was wrong. I’m supposed to click on the attachment for information on getting the package back. Fortunately, I’m not dumb enough to do that.

The really scary technique that has emerged recently is called “spear phishing.” It is a more sophisticated process where a motivated hacker is determined to break into a specific system to conduct industrial espionage. Let’s say your company is engaged in a specific area of business that is of interest to the hacker. He can run Web searches on your company and find the names of key individuals in strategic areas. He then sends a highly targeted email to these individuals that gives the impression of being from within the company, but it uses the same technique. The recipient is fooled into downloading something that seems entirely appropriate, but that computer now becomes a portal. From there the hacker can begin to move throughout the networks using that person’s internal clearances. It makes detecting what’s going on very difficult.

A recent article describes this method in greater detail. There are countermeasures a company can use to resist this technique, but it can be very hard to detect. Several major oil companies have had highly proprietary information stolen using spear phishing as the entry method, and they did not realize the extent of the problem until the FBI told them about it. While these begin with enterprise level and IT networks, once those networks are compromised, attackers could turn their efforts to control systems, so any invasion should be a concern to people involved in manufacturing.

Read the Control Engineering Industrial Control System Cyber Security blog.

–Peter Welander, process industries editor.

Posted by Ask Control Engineering on February 6, 2010



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Leaders Under 40 program features outstanding young people who are making a difference in manufacturing. View the 2013 Leaders here.
The new control room: It's got all the bells and whistles - and alarms, too; Remote maintenance; Specifying VFDs
2014 forecast issue: To serve and to manufacture - Veterans will bring skill and discipline to the plant floor if we can find a way to get them there.
2013 Top Plant: Lincoln Electric Company, Cleveland, Ohio
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Bring focus to PLC programming: 5 things to avoid in putting your system together; Managing the DCS upgrade; PLM upgrade: a step-by-step approach
Balancing the bagging triangle; PID tuning improves process efficiency; Standardizing control room HMIs
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.