port security
DESCRIPTION
How do you stop the US 3rd Infantry Division? Could a computer worm attack the shipping port automation systems to disrupt supplies for the miliatry?TRANSCRIPT
Implications of the Stuxnet Worm to US Shipping Ports
When talk turns to war, amateurs discuss strategy. Professionals discuss logistics.
- Anonymous
Musings by Borepatchhttp://borepatch.blogspot.com
Stuxnet Recap A new type of Computer Worm discovered in the summer of
2010
Stuxnet breaks ground several ways: It uses multiple Day Zero exploits It reprogrammed Industrial Process Control systems from
Siemens AG. These are devices used in manufacturing automation
It is particularly stealthy, using rootkit techniques to hide its presence
It spreads via multiple vectors, before causing damage, and in a controlled manner to avoid generating suspicion (compare with the SLAMMER worm from 2003)
Speculation is that this was created by State actors as a form of Information Warfare; speculation is that Israel targeted the Iranian nuclear program
Why do we think that Stuxnet was State-on-State Information War?
The Siemens IPC systems are not unusual, but are very expensive and not typically available to the average Black Hat hacker
Most malware these days is focused on stealing money – e.g. Capturing online banking passwords – and not on industrial process control. This is a very unusual target.
Some analyses of the worm code reveal hints as to its origin, e.g. Dates supposedly referencing Iranian dissidents, etc. It is possible that these could have been planed by the worm's creator to generate suspicion at Israel, however.
The motive (disabling the Iranian nuclear program) is plausible.
Implications if this is State-on-State Information War
Automated processes are a plausible target, even if they use uncommon hardware/software. ”Security By Obscurity” is over
Air gaps (isolated networks) are no defense: it appears that the Iranian network is isolated from the Internet, and was infected via USB removable filesystems. Note that the US DoD classified network was similarly infected in 2008.
State adversaries can afford to invest millions in programming talent, and take months or possibly years to create highly sophisticated payloads. This is not something that a typical antivirus will defend against.
Impact is likely based on the value of the targeted systems. Some types of systems may be better managed, and harder to subvert.
How to you stop the US 3rd Infantry Division?
Very few State actors can counter the US military on the field of battle
But the US military units need ammunition and gasoline
Slowing the flow of supplies – or getting the wrong supplies sent – will stop the units due to lack of gas and ammunition
The ”teeth” are a very hard target. What about the logistical ”tail”?
Port of Wilmington
Two Port of Wilmington top-lifts rigged with slings work in tandem to lower a damaged vehicle onto a flatbed truck for delivery to Camp Lejeune, Sunday, April 10 [2005]. The Port is handling two ships in four days loaded with several hundred vehicles and other equipment returning from service in Operation Iraqi Freedom.
Top 10 Ports in the US
Rank Port name Total Tons
1 South Louisiana 224,187,320
2 Houston, TX 202,047,327
3 Newark, NJ 152,377,503
4 Beaumont, TX 91,697,948
5 Long Beach, CA 80,066,130
6 Corpus Christi, TX 78,924,757
7 New Orleans, LA 78,085,209
8 Huntington, WV 77,307,514
9 Port City of Texas 68,282,902
10 Baton Rouge, LA 57,082,823
Port Automation
Efficiency drives throughput, and the number of Gross Moves per hour is the key metric
Cost per move is critical for competitiveness
Specialized software is provided by multiple vendors (e.g. NAVIS) to optimize throughput and minimize cost
Your typical Black Hat hacker would not have access to these types of systems; a State Actor would
A Stuxnet-style worm targeting the major Port automation software could criple a US Military response, if unleashed in the weeks or months prior to a conflict
How do you defend against a hypothetical threat?
There is no indication that a worm targeting transportation has been created.
Harder targets are more resilient It is more difficult for a worm to penetrate a hardened system
Worm penetration will be less extensive on a hardened system
Once triggered, damage is likely less on a hardened system
The easiest way to harden systems is to focus on the COTS portion (e.g. Common OS and application layers)
Automated scanning for missing parches, misconfigurations, etc is a well understood field, with mature products an well-documented processes
Rapid gains in hardening result in a typical practice that is much closer to Best Practice
Advice from the UK's Information Security Chief
GCHQ's director has said that 80 per cent of the government's cyber security vulnerabilities can be solved through good information assurance.
Iain Lobban, the director of the signals intelligence and information security organisation, said if government departments observed basic network security disciplines, such as "keeping patches up to date", combined with the necessary attention to personnel security, their online networks would be much safer.
Source: The Register, 13 October 2010