Thursday, December 29, 2011

AST-0037863_The_In_Security_State_of_SCADA_Software_Systems.pdf (application/pdf Object)

AST-0037863_The_In_Security_State_of_SCADA_Software_Systems.pdf (application/pdf Object)

This is a real vulnerability to our power, water, waste, and transportation grids. SCADA systems, are integral to the operation of many of our infrastructure operations. The SCADA system is the program that operates these systems, it controls many subroutines, some of which are PLC's or programmable logic controllers. These are very simple command processors, that control key valves, gates, temperature controls. They also can be input devices taking reading from limit switches, and thermostats, to tell the SCADA system what the state of object is. The controls are so simple that a few lines of code will completely change the readings or operations of a PLC, giving the SCADA false information. Like is a gate really closed in a prison, or water plant, is a valve really closed to a waste water containment vessel. It can even turn on all the traffic lights to green on a critical intersection.

In a hospital, many operations are controlled by SCADA type systems, as are elevators in highrises, or the fire suppression systems in a school, there are to many to mention. If hackers, or worse terrorists attack these systems, it could be devastating to US infrastructure. In many cases, we may not even be aware of the attack, for days, even weeks. It will be blamed on maintiance workers, or bad mechanical gear. By the time it is figured out that the software is cycling a gear on and off to the point of failure, many will have changed out motors and valves to solve the issue.

The programmer does not even have to be that good, just changing the code in some way, can cause problems that would be hard to diagnose. In fact a small change could cause such intermittent problems that it could be a long time before someone would even think to look at the software.

A big part of the security for these systems will be in providing good physical security, that will detect anytime the PLC's are accessed. This means the software experts will need to work hand in hand with physical security experts to insure the integrity of the systems. The normal separation of physical and software security will not provide the protection needed.

New surveillance towers at U.S.-Mexican border should spot a human at 7.5 miles | Government Security News

New surveillance towers at U.S.-Mexican border should spot a human at 7.5 miles | Government Security News

Israel uses this type of surveillance, to monitor the Gaza strip. They also have a 300 foot radar, that gives them even more in depth info. Using this to track movement up to the border, allows for rapid positioning of a response force.

This distance also handles many of the Maquiladoras, so that activities can be monitored, and the appropriate authorities notified of suspect activities. It will also allow for tracking of Maquiladora manager's to and from the border check points. Suspect activity can be radioed to the managers to allow them time to avoid dangerous situations.

The technology is pretty much off the shelf, and can be installed it ether a fixed or mobile platform. Israel has them situated on most of their guard towers, and on a whole fleet of jeeps and trucks. With the reach they have, people doing suspect activities can be tracked often to their staging points, or even homes in some cases. This also would work over the lake, where a lot of activity is, and boats can be tracked to the shore on both sides.

Using the surveillance system, drones can be directed to track people even further into Mexico, with video for recognizing people and vehicles used.

This actually can be a huge success, in clamping down border incursions, making the actual legal crossings choke points. With proper surveillance, suspect activity can lead to pinpointing suspect vehicles, for even more success and speed at the crossings.

Friday, December 23, 2011

Kevin's Security Scrapbook: Workers Warned to Keep Smartphones Safe at Christmas Parties

Workers Warned to Keep Smartphones Safe at Christmas Parties

It is not just an espionage issue, there are a lot of emotions going on during this season. So stalkers or stalking type actions are also an issue. Many of the Smart Phones have tracking capabilities, easily turned on, and many of the simple spy programs just use these to show locations. Some allow others to hear conversations, or at minimum know what numbers are being called.

When you get some quiet time, just try and see what is turned on. Look for the GPS to be active, unless your are using GPS it should be turned off. Check your Bluetooth app's, if it is turned on, it often can be hijacked to send info to another phone even spoofed to send the conversations to another phone, thinking it is dealing with a Bluetooth head set. Smart phones are not the only target, virtually any phone that has Bluetooth capability can be attacked. On a plane the other day, I found 8 phones sending Bluetooth data, out that I could exploit.

It take normally less than 5 seconds to steal your whole contact list, as well as calendar data from any Bluetooth enabled phone. Keeping it turned off is the best bet, but if you are using a headset, then limiting the Bluetooth, to only one active Bluetooth, contact is also a help. The bad news there is that Bluetooth data is not encrypted, so everything you are communicating to your head set, as well as the communications of the person you are talking to, are open to being spied on by anyone that buys some very simple applications. Think of your Bluetooth as more a party line for those around you, in some instances they could if they wanted join in the conversation.

Happy holidays, and remember that Bluetooth keyboard for your tablet, you just got for Christmas is also capable of leaking info, like all your passwords, as you type them into the tablet to log on to your financial account or the credit card data you just used to buy that on line accessory you just had to have. I have over this Christmas season, heard two people giving credit card info over Bluetooth headsets, that just got garbled into my conversation as they passed.