More on Stuxnet – Some Views

 

Stunxnet is beyond imagination. Bloggers claim its targets are beyond process, power and nuclear plants. Siemens systems are also being used in Space as well as Traffic control systems like railways. If you have seen Die Hard 4.0 you can have your imagination rolling!  Now its clear why hackers targeted Siemens systems. But still I have my doubts.

One of the blogs claim it could have even attacked India’s INSAT-4B satellite. Jeffery Carr on his blog says “On July 7, 2010, a power glitch in the solar panels of India’s INSAT-4B satellite resulted in 12 of its 24 transponders shutting down. As a result, an estimated 70% of India’s Direct-To-Home (DTH) companies’ customers were without service. India’s DTH operators include Sun TV and state-run Doordarshan and data services of Tata VSNL.

What does this have to do with the Stuxnet worm that’s infected thousands of systems, mostly in India and Iran? India’s Space Research Organization is a Siemens customer. According to the resumes of two former engineers who worked at the ISRO’s Liquid Propulsion Systems Centre, the Siemens software in use is Siemens S7-400 PLC and SIMATIC WinCC, both of which will activate the Stuxnet worm.”

The blogger has indicated that the PLC’s were used in Liquid Propulsion Systems Centre. Might be that these PLC’s were used as safety systems for gas handling. Whether these PLC’s were used to control satellites is a real question.

 

And there has been lot of talk about SIL. SIL only represents reliability of the system and not security.

 

What is a SIL? (ref: http://www.dyadem.com/services/additional-engineering-services/sil/)

A SIL is a statistical representation of the reliability of the SIS when a process demand occurs. It is used in both ANSI/ISA-S84.01 and IEC 61508 to measure the reliability of SIS. Both ISA and IEC have agreed that there are three categories: SILs 1, 2 and 3. IEC also includes an additional level, SIL 4, that ISA does not. The higher the SIL is, the more reliable or effective the system is.

SILs are correlated to the probability of failure of demand (PFD), which is equivalent to the unavailability of a system at the time of a process demand.

 

There has also a lot of SIL4 discussed on these blogs.

What is SIL 4? (ref: http://www.gmigasandflame.com/sil_faqs.html#SIL4)

SIL 4 is the highest level of risk reduction that can be obtained through a Safety Instrumented System. However, in the process industry this is not a realistic level and currently there are few, if any, products / systems that support this safety integrity level.
SIL 4 systems are typically so complex and costly that they are not economically beneficial to implement. Additionally, if a process includes so much risk that a SIL 4 system is required to bring it to a safe state, then fundamentally there is a problem in the process design which needs to be addressed by a process change or other non-instrumented method.

Quotes one of my Colleagues who is Safety Systems professional “To attain SIL 4 the system has to be non micro processor based and hence more secure. It is true that it is more secure as there is no software involved. However practically SIL4 are not used currently”

This discussion on Siemens website supports it (http://www.automation.siemens.com/WW/forum/guests/PostShow.aspx?PageIndex=1&PostID=181715&Language=en)

However there has been some work on SIL using Linux (Ref: SIL4LINUX). And some claims on Software supporting SIL 4 (www.firmafrance.com/Documents_Produits/Produit3396.pdf)

 

To conclude the SIL standards really do not ensure how secure the system should be from hacking attempts.

 

One more question! How come Windows in Iran. Noted this on Microsoft’s Website (http://www.microsoft.com/exporting/faq.htm)

Are there certain countries you cannot ship Microsoft products to?

Yes.  In general, Microsoft products may not be exported to Cuba, Iran, North Korea, Sudan, or Syria.

 

For automation professionals who would like to know more on the infection process read Symantec’s Exploring Stuxnet’s PLC Infection Process

Share

India’s gateway to Internet

During a casual discussion with friends I was imagining how Governments are able to block web content. During my visits to countries abroad I was frequented by government notifications stating the site visited is banned (worse was that even Google apps was banned), but not such a single website was showing such notification in India. Curious to know I googled it to find such ones.

Indeed Government of India has its own short list of banned sites with its 13th July 2006 circular.

  1. http://www.soniamaino.com/ not working since Aug 25, 2006
  2. http://www.hinduunity.org
  3. http://mypetjawa.mu.nu
  4. http://pajamaeditors.blogspot.com
  5. http://exposingtheleft.blogspot.com
  6. http://thepiratescove.us
  7. http://commonfolkcommonsense.blogspot.com
  8. http://bamapachyderm.com
  9. http://princesskimberley.blogspot.com
  10. http://merrimusings.typepad.com
  11. http://mackers-world.com
  12. http://www.dalitstan.org
  13. http://hinduhumanrights.org/hindufocus.html
  14. http://nndh.com http://bloodroyaltriped.com
  15. http://imagessearchyahoo.com (should probably be http://image.search.yahoo.com)
  16. http://imamali8.com
  17. http://rahulyadav.com

These websites could not be accessed but however no notifications came up. The following message came up on a chrome browser.

image

It seems the system of blocking is not without loop holes. The cached copy of page from Google gives latest updates of the website. One such blog with banned in India can be seen below.

image

I was also curious to know how internet is brought to India and how many gateways the Government should control to censor web content. While I imagined several gateways there are only  eight gateways (called landing stations) that connects India to the world of internet.

  

  1. SMW3w : Stands for  South East Asia – Middle East – Western Europe this cable connects Western Europe, Middle East and South east Asia. There are a total of 39 landing points through the cable’s journey and it touches India at Mumbai first and connects the rest of Asia through Cochin. The landing station in Mumbai is owned by VSNL/Tata.
  2. SMW4 : Stands for South East Asia – Middle East – Western Europe, this cable connects Western Europe, Middle East and South east Asia. It has around 17 landing points and touches India in Mumbai and Chennai. Landing station in Mumbai is owned by VSNL/Tata and landing station in Chennai is owned by Bharti Airtel.
  3. SAFE : South Africa Far East Cable. This cable comes from Melkbossstrand in South Africa, linking Durban, Mauritius on the way to Cochin, India. Landing station in Cochin is owned by VSNL/Tata.
  4. FLAG : Stands for Fiber Optic Link Around the Globe. This cable runs through the Suez canal connecting middle east and touches India at Mumbai. The cable network is owned by FLAG Telecom which is bought by Reliance and is now a Reliance company. The landing station in Mumbai is owned by VSNL/Tata. From Mumbai the cable goes to  south east Asia.
  5. i2i : Airtel SIngtel joint venture company is responsible for this 3100 km long cable from Singapore to Chennai. The landing station is in Chennai. From Singapore it will connect to SEA-ME-WE 3 and APCN 2.
  6. TIC : Following the same route as i2i, TIC stands for  Tata Indicom India Singapore Cable. It  connects Chennai and Singapore. TIC is owned by VSNL with the landing station in Chennai. In Singapore the landing station is in Changi.  The cable is 3175 km long.
  7. Falcon : Europe-Middle East- India cable with landing station in Mumbai. The cable and the landing station is owned by Reliance.
  8. Indo-Sri Lanka Cable : Landing station is owned by BSNL and this cable connects Tuticorin and Colombo, Sri Lanka.

image

and finally some stats

Note: The contents of this article are from various web sources. I have not done any research to verify the correctness of the information presented.

Share