TLDR; is a series of book reviews related to the field. This is on the far end of the spectrum, I admit, but if you are in industrial controls, I would argue you should still read this.
Burn In, by P. W. Singer and August Cole, is a sci-fi thriller set in the not-too-distant future. A terrorist (or perhaps terrorist organization) attacks the USA in the very near future. The backdrop is an extrapolation of our current society failing to adapt to very real technologies and political issues we have already started to see. It follows Ghost Fleet, another excellent book that does not cover ICS but also covers the near future.
The authors claim they like to write "useful fiction," as noted by Foreign Affairs. The American government's gridlock fails to tackle actual issues and presents a security threat. White-collar jobs get wiped out by AI, and income inequality continues to rise... increasingly plausible to anyone who lives here.
More interesting to me is a very specific note on targeted attacks on an industrial control network. It is worth noting that I found this fairly plausible, especially for unmanned plants. I hesitate to spoil much, but a water utility's control system is left poorly defended and the adversary is able to trick a single sensor into throwing off a feedback loop.
If you work in any industrial control system, you are a target. I don't care what country you are in, what region you service, someone is trying to get into your water and power grid. Your power grid is an ideal target to shut down a country. In the USA, this has already happened.
When you go ahead and install that auto-dialer for when you are off-shift, keep in mind that tool can be used by the adversaries as well. Many will not use an old-school dial up modem, rather they use an SMS or email... Which presents some issues.
If you are going to add these in, or some Industry 4.0 devices, consider...
Are you keeping those system's firmware up to date?
Are the manufacturers going to keep them up to date?
Do you have them behind any cyber defense? (At the least, a well-set up firewall?)
What is your back-up plan if some device fails?
Do you have back-ups of your system?
Do you have documentation of your system?
If you really want to lose sleep, check out Shodan. There are way too many things up there.
コメント