April 1, 2013
Securing Mother-SCADA.
Hi all!
We’re always assessing the state of the world of computers by prodding it with various hi-tech instruments in different places, taking measurements from different Internet sensors, and studying “information noise”. From the information we glean from all this, plus data from other sources, we constantly evaluate the overall body temperature and blood pressure of the computer world, and carefully monitor the main risk areas. And what we’re seeing at the mo – that’s what I’ll tell you about in this post.
To many, it seems that the most diseased elements of the digital world are home computers, tablets, cellphones and corporate networks – that is, the computer world that most folks know about – be it of a work or home/consumer coloring. But they’d be wrong. Despite the fact that the majority of cyberattacks occur in “traditional” cyberspace (cyberespionage, cybercrime, etc.), they don’t represent the main threat. In actual fact, what should be feared most of all are computer attacks on telecommunications (Internet, mobile networks) and ICS (automated Industrial Control Systems).
One particular investigation of ours, conducted as part of our ongoing secure OS project, detected a seriously low level of “computer immunity” for control systems of critically important infrastructure. ICS, including SCADA, all of which is made up of software and computerized hardware, is responsible for controlling – and the smooth, uninterrupted running of – tech-processes in practically every sector of industry, be it the power industry, transportation, the mass media, and so on. Computer systems control critical aspects of all modern cars, airplanes and trains; every power station and waterworks, every factory, and even every modern office building (lifts, electricity and water supply, emergency systems like smoke alarms and sprinklers, air conditioning, etc.). SCADA and other ICS – it’s all imperceptible, working in the background in some corner or other nobody takes any notice of… but a whole lot around us depends on it.
Alas, as with any other computer systems, SCADA & Co. can be exposed to malware and hacker attacks, as was clearly demonstrated by the Stuxnet worm in 2010. Therefore, protection of critically important systems has become one of the main strategic priorities of computer security in most developed countries of the world, while in response to cyberattacks on critical infrastructure some countries are ready to go to war – real tanks-and-bombs war (if they can find out which country is responsible). So indeed, the situation’s sure hotting up.
Of course, we’re on the case with SCADA security, and have been for a while. Over the last several years we’ve been conducting detailed analysis of ICS, been establishing the fundamental principles of SCADA security, and also developing a prototype solution for guaranteed SCADA protection from malware threats – based on traditional endpoint security and our secure OS. Products fit for consumption aren’t ready just yet, but active work is currently underway – so they should be soon…
Now, while continuing our usual analysis of SCADA security, earlier today we stumbled upon one heck of a big surprise: we came across “Mother-SCADA”, the chief, predominant, all-powerful ICS of the whole world, on whose smooth and uninterrupted operation relies literally everything on the planet: from how breakfast tastes and the size of annual bonuses, to the hours of night and day time and how fast the sun and the stars move across the skies.
Yep, we’ve gone and found the SCADA that manages all the technological processes in the Matrix!
You’ve probably all heard about the progressive work of the American scientists the Wachowskis, which confirms that the terrestrial earth (as it is seen by us humans) is a projected, virtual world of a real world. Technically, this projection is made possible using the industrial complex of the Matrix. And so our uncovering Mother-SCADA – the chief behind-the-scenes enabler of the Matrix – is no less than phenomenal. It represents a lot more than the customary showcasing of our cybermastery, and it’s not the next all-new cyber-frightener we’ve uncovered. No. This, clearly and very loudly represents our taking a giant step leap forward and upward on behalf of both man and mankind to a new paradigm of cybertechnology, changing our very perception of reality as we know it.
Of course, since this morning’s discovery, protecting Matrix SCADA is now the single most important task facing us all today, since control of the “upper level of reality” has the trickle-down effect of ensuring computer security in our projected world. Today, we managed only to plug into Mother-SCADA and conduct preliminary analysis of the system. Critical vulnerabilities so far haven’t been found, but the architecture of the system doesn’t permit a 100% guarantee of its security, even though it’s built on an unknown branch of UNIX. We also attempted analysis of the security of its PLC (programmable logic controllers); however, alas, we weren’t able to determine the manufacturer.
Without question a lot of work lies ahead; investigating Mother-SCADA has only just begun; but there’s also some good news: the data we already have are sufficient for the projection of extra systems of its security. Therefore (drum roll … cymbal crash!), I hereby formally (in a not-so formal blog post) announce today the start of development of a security solution for the omniscient, omnipotent, mother of all SCADAs – Mother-SCADA. I also would like to call on the world’s top experts to come and work with us – to help design and implement the required Mother-SCADA security and the secure operating systems it relies upon. Welcome!
That’s all on Matrix SCADA for now. Expect more earth-shattering news later today!…