Friday, 18 January 2013

Malware a huge threat in Critical Infrastructure

Every time a story emerges up about malware popping up on an industrial control system or someone remotely hacking into some piece of critical infrastructure, there is a reliable and justifiable chorus of experts wagging their fingers and asking, “Why in the world was that system connected to the Internet in the first place?” At this point, pretty much everyone agrees that sensitive control systems should be air-gapped, or completely disconnected from the Internet. In this way, physical, human interaction should be the only way to access such systems, which is a considerable problem for those in the business of conducting cyberwarfare.

In order for the now-infamous Stuxnet malware to infiltrate work-stations at Iran’s Natanz nuclear enrichment facility, which was reportedly air-gapped from the rest of the Internet, some person apparently had to walk into the lab with USB device that had the Stuxnet malware preloaded onto it. This unknown person then had to physically plug the USB stick into a computer connected to the Natanz network, which then used some combination of Microsoft’s auto-run feature, a few forged certificates, multiple zero-days and lines upon lines of malicious code to spin a bunch of centrifuges out of control, causing them to malfunction in some catastrophic way.

This infection mechanism has an overwhelmingly analog feel to it, especially considering that malware itself and the Stuxnet saga as a whole constitute one of the more sophisticated cyberespionage operations known today.

As a number of news outlets have noted, the Natanz incident played an integral role in Microsoft’s decision to disable the AutoRun functionality that automatically executed external media upon detection. More to the point, the Natanz incident sent a warning to the administrators of secure systems all over the world that thumb drives and other external storage devices presented a serious threat, and could potentially render the air-gap defense method useless. Largely because of Stuxnet, Defense claims that USB-storage and similar devices have been banned at Natanz and at the Pentagon, as well as in any number of other facilities containing sensitive systems.

This reality has forced the U.S. military apparatus to look beyond the conventional, analog variety of infecting air-gapped machines. The Department of Defense knows that this sort of 20th century, Cold War-era spy work just won’t jibe with the digital age. So the Pentagon is seeking an electronic way to jump the air-gap, so to speak.

The details of their proposal are of course classified, but sources familiar with the program told Defense News that the Army’s Intelligence and Information Warfare Directorate (I2WD) met with representatives from 60 or so organizations on November 28 of last year. Together they came up with a handful of objectives that will guide their Tactical Electromagnetic Cyber Warfare Demonstrator (TECWD, pronounced ‘techwood’).

Defense News notes that the TECWD program aims to uncover electronic solutions to problems in kinetic warfare as well (the report claims that one objective seeks to develop systems that could mitigate the threat of improvised explosive devices).

However, the more relevant part is about “inserting and extracting data from sealed, wired networks.” According to Defense News, the DoD believes they can inject malicious code via radio frequencies by analyzing electromagnetic field distortions from aircraft and ground vehicles deployed in or around the systems they want to compromise.

The TECWD project isn’t seeking to directly produce systems, according to the report, but is rather designed to be a platform on which to demonstrate a vast swath of emerging electronic warfare and defense capabilities.

No comments:

Post a Comment