Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me 

This is a new web page...

Asking the companies about the most typical way they will be compromised, most answer this that it will be an inside employee.  In earlier days ICS where standalone systems and protocols where most of the time proprietary. There was less ICS security awareness needed, protocols were hard to understand but most important because systems were never or almost never connected to the internet. 

Attacks on information systems: Once upon a time, there were information systems that were not intentionally attacked, because nobody knew how to attack them. Then the first practical information system was implemented. Systems have faults, faults may lead to failures.  Insiders – those with legitimate access and authority – are often cited as the most damaging information-related threat. But how do insiders turn bad, and what can be done about them?   How do we "measure" security?    What about the basis for trust? Organizational trust? More specifically, "Trust for what?". .   Hackers like insiders can compromise a seemingly unimportant system to access the network and use it as a launching pad for attacks on other systems and many people would be none the wiser because they don't have the proper controls to prevent and detect malicious use.

Knowledge is needed to develop malware to infect and impact industrial control systems.  Malware developers need to acquire certain knowledge to launch a targeted attack on an ICS. If an attacker wants to impact the security of the ICS with malware, he needs to infect the ICS first. This requires knowledge about what Operating Systems (OSs) (e.g., Windows, Linux) need to be infected. One or more exploits compatible with the OS are needed to infect the targeted machines. Knowledge about the OS version is needed, depending on the vulnerabilities that the exploits target. If the target is not connected to the internet (i.e., completely air-gapped) then an attack scenario corresponding exploits is needed (e.g., a scenario where the malware infects USB-drives). Knowledge about firewalls and their rules will enable the attacker to develop malware that can spread and scan through networks withouting being blocked. The attacker should know a (unique) property of the target for the malware to detect if it has reached its target. 

- Financial - Multinationals - Telecom - Water - Nuclear - Energy - Harbour - Airport - Managed Service Providers - Health - Insurance 

In the past, Operational Technology was typically comprised of multiple standalone systems.  Precision control systems used for calibrating industrial machinery, for example, had no need to communicate with those that might manage the flow of essential components onto an assembly line. Typically, none of these technologies were expected to cross the functional barrier separating OT from traditional IT, or to be joined to enterprise networks in order to share either data or systems access with any of the usual corporate information systems. From IT’s perspective, these systems were effectively off-limits. They were managed by subject-matter-experts at the shop floor level. From OT’s perspective, this was a status quo that could be easily accepted. It kept things simpler and more tightly under their control for Operations personnel to manage their own technological backyard.

Insider threat tactics: The hacker speaks by Priscilla

· Priscilla Felicia Harmanus · 1993 from the Netherlands · Last update: 21 august 2020    

How I discovered Free Software and met RMS 

How To Install Proprietary Closed Software In Ubuntu 
Your Grandma on linux - explain

No one knows who I am yet and what kind
of content I produce. So why not focus on a topic that 
people are 
already searching for, right?



Information Technology vs. Operational Technology

 

Where the physical and digital world come together

Differences between IT and OT environments

 


This is a new web page


Industrial Control Systems (ICSs) have been with us for more than five decades. They are used to perform a broad range of automated tasks, such as the production of food, drinks, electricity and oil. ICSs are also used to control services like traffic lights, safe railroad crossings or transport luggage on an airport conveyor belt. Some ICSs are critical to society, like a power plant: households can experience a black-out if a power plant stops working. 

 

 

ICSs were initially communicating through proprietary control protocols on specialized hardware and software, isolated from the rest of the world. Later, standardized communication protocols, hardware and software were introduced and recently businesses have started to integrate ICS with regular Information Technology (IT). These changes enable new functionality but also imply that ICSs become more accessible to the outside world and IT problems, including malicious software (malware), become a threat to ICS networks. 

 

 

Malware is omnipresent and malware is now able to reach ICSs. This could cause financial loss or physical damage. Developing malware that can infect and impact ICSs requires a certain amount of prior system knowledge. If the information needed to develop malware for a specific target was kept secret by ICS managers/employees, it would be harder to target that ICS using malware. 

 

 

This brought up the research question: “What system knowledge is needed for a malware developer to create malware to infect and impact an Industrial Control System?”. We divided it into two sub-questions, the first is about the knowledge needed to infect ICSs and the second about the knowledge needed to impact the security of ICSs. 

 

 

We first set up an environment to represent a chemical plant which contained drums, pumps and valves. Then, we developed malware that was able to infect the plant and impact the integrity and availability by disrupting plant supervision and overflowing or emptying the drums. 

 

 

A list of possible environmental changes was prepared which was reviewed and completed by ICS and malware specialists. We changed the environment according to an item on the list and determined if the change reduced or diminished the effects of the malware. System knowledge was needed if the malware was unable to infect or impact the security of the plant when this was not caused by a design decision. These findings were analyzed and together with the learned lessons the sub-questions were answered. 

 

 

The outcome of the thesis was that malware developers need to acquire certain knowledge to launch a targeted attack on an ICS. If an attacker wants to impact the security of the ICS with malware, he needs to infect the ICS first. This requires knowledge about what Operating Systems (OSs) (e.g., Windows, Linux) need to be infected. One or more exploits compatible with the OS are needed to infect the targeted machines. Knowledge about the OS version is needed, depending on the vulnerabilities that the exploits target. If the target is not connected to the Internet (i.e., completely air-gapped) then an attack scenario with corresponding exploits is needed (e.g., a scenario where the malware infects USB-drives). Knowledge about firewalls and their rules will enable the attacker to develop malware that can spread and scan through networks without being blocked. The attacker should know a (unique) property of the target for the malware to detect if it has reached its target. 

 

 

If the malware reaches a machine that can control the environment it will try to impact the integrity and/or availability of the system. If the malware can create a backdoor that is able to communicate with a command and control server, then it becomes possible for the attacker to analyze the environment manually. Otherwise, more knowledge would be needed during development, such as knowledge about the physical processes that are controlled by the ICS and how the processes are controlled. Knowledge about the (Supervisory Control and Data Acquisition (SCADA) or Human Machine Interface (HMI)) software used at the ICS can be used to develop extra exploits and enumerate connected Programmable Logic Controllers (PLCs) at runtime. 

 

 

The main impact of the research is that it provides a list of system knowledge that is needed to develop malware to infect and impact the security of an ICS. As part of their defence in depth strategy, ICS staff should keep the information described here secret to make it harder for malware developers to launch targeted attacks. 

 

Knowledge needed to develop malware to infect and impact industrial control systems - Van de Wouw, D.A. 2013 Eindhoven University of Technology 762759-1

Computer Protip For DIY Repair



 

Waar de fysieke en digitale wereld samenkomen


Where the physical and digital world come together

Dat onze afhankelijkheid van het internet ook risico’s oplevert is u wel bekend. Deze cyber dreigingen raken niet alleen onze kantoorautomatisering, maar ook de industriële automatiseringssystemen.

Zo ondersteunt VKA Rijkswaterstaat bij het veilig houden van haar bruggen, tunnels en sluizen. Maar deze dreigingen gelden ook in vele andere bedrijfstakken, zoals voor (massa)productiebedrijven en ziekenhuizen.

VKA's ervaringen op dit terrein hebben zij verwerkt in deze praatplaat die u kunt gebruiken om cybersecurity binnen uw organisatie te bespreken.






THIS IS A NEW WEB PAGE

We know that our dependence on the internet also creates risks. These cyber threats not only affect our office automation, but also the industrial automation systems (ICS / SCADA).

For example, VKA supports Rijkswaterstaat in keeping its bridges, tunnels and sluices safe. But these threats also apply in many other industries, such as (mass) production companies and hospitals.

VKA has incorporated their experiences in this area into this SCADA Cybersecurity Poster that you can use to discuss cybersecurity within your organization.


Information
 Technology vs. Operational Technology


Where the physical and digital world come together

Differences between IT and OT environments

Traditionally, OT and IT networks have historically been kept separate.

In earlier days, ICS where standalone systems and protocols were most of the time proprietary. There was less ICS security awareness needed. Because these protocols were hard to understand, but more important because systems were never, or almost never connected to the internet. The last years, more and more ICS are internet ready and also actually connected to the internet. With this, the old systems are indirectly also unlocked to the internet. Fig. 1-1 illustrates the gap between IT(Information Technology) and OT(Operational Technology).

For a long time, SCADA systems were protected with obscurity and isolation. The systems were not connected to the Internet and the console commands were difficult for hackers to manipulate. However, with increasing proliferation of networking and development of GUI command and control environment, it has become much easier for hackers to penetrate into the once secure SCADA world and to disrupt and disable the operation of expensive equipment causing huge losses to the industry. The hackers can attack SCADA system to obtain access to SCADA master control station, compromise RTU (Remote Terminal Unit) or local PLC (Programmable Logic Controller), spoof RTU and send incorrect data to master control station, shutdown RTU and modify RTU control program [1]. The losses caused by such intrusions run into millions of dollars with potential health and safety hazards for large populations. Therefore, it has become increasingly important to provide security to the SCADA systems.

Open source software has been established as a viable alternative to the commercial software through the efforts of thousands of volunteers coordinating the development work through Internet communications. Most of the open source software uses the well tested Linux platform and released under GNU public license. Several security tools have been developed with open license

Linux evolved in a completely different way. From nearly the beginning, it was rather casually hacked on by huge numbers of volunteers coordinating only through the Internet. Quality was maintained not by rigid standards or autocracy but by the naively simple strategy of releasing every week and getting feedback from hundreds of users within days, creating a sort of rapid Darwinian selection on the mutations introduced by developers. To the amazement of almost everyone, this worked quite well.

Automation will permeate everywhere. Linux, by its very nature, has the opportunity to dominate universal automation. Over the long run, the evolutionary track of software created by interested users is stronger because any software survives according to the degree it fits into its ecological niche. Linux consumers build Linux. As long as the community can sustain sufficient self-organization, adaptive success is guaranteed. The ecological strategy of proprietary vendors is far different. These vendors try hard to adapt their products into ecological contexts they control, manipulating the consumer by positive marketing as well as by more disingenuous tactics. While carefully reading the tea leaves of user preferences, they cook the leaves with calculated marketing campaigns.

How does Linux lose against the interests of these proprietary vendors? One good way to fail is to lose touch with the very community Linux is being built for and by. This effect can be discerned in the disorganization brought about by disrespect and infighting amongst key groups and individuals of the open source and free software communities. Self-interest leads to survival, but out of balance only narrows the relevance of Linux and may even lead to its downfall. As often as not, the Linux community is its own worst enemy.

The combination of zero royalties and low hardware costs enable the prerequisite infrastructure of large projects to be built cost effectively. Furthermore, maintenance and upgrade costs can be controlled by the project more efficiently. While software evolution is more rapid under Linux than under commercial operating systems, each project nonetheless can select the upgrades and maintenance which are appropriate to its own specific requirements without arbitrary vendor upgrades and artificial external costs. Support cannot be withdrawn because a complete snapshot of the source code used for the project is always available.

For example, many large-scale projects exist which have been developed in the public domain but which are tied to a proprietary infrastructure. In one such case, the U.S. Weather Service has built a large, public domain source system for weather forecasting based upon Hewlett Packard's (HP) proprietary Unix operating system and compilers. The costs of implementing a national-scale forecasting system on high-priced HP equipment would be prohibitive to all but the wealthiest countries. However, with some effort, the entire code base could be converted to Linux and built using standard open compilers such as g . Several template facilities might need to be reworked against the template limitations of g , and data byte order assumptions embedded in some parts of the code must be resolved, but in theory such a conversion could be completed successfully. Then a top-rate automated weather tracking and early-warning system could be implemented wherever raw data could be obtained to feed the forecasting software. Although obtaining raw weather data is not trivial, literally hundreds of programmer-years worth of work on a world-class front-end weather system already has been provided. Once available under Linux, modern weather forecasting services could begin to become available to developing nations worldwide.

Product development also benefits from the same factors. Any number of commercial products can be built without the traditional dependencies on external licensing and support. The control of Linux-based software products can be fully vested in the project itself. Projects can be jump started with fewer legal and financial dependencies. New products can be built by virtually any source in the global development community and can compete on technical merit with few licensing constraints and no royalty encumbrances. Some examples might be a Linux version of the popular modem multiplexers such as Webramp, or Linux-based PDAs, office Intranet and file servers, etc. Linux is highly suited for building any software or firmware product that is service oriented and capable of being remotely, especially Web managed.

But can product developers basing their work on GNU Public License (GPL) open source software such as Linux still protect their valuable intellectual property, their inventions? If they have incorporated GPL source software, then they typically must provide their own product's source code also. In some cases this will not be a problem. Where it is, then the developer should build their product using dynamic libraries if possible. If dynamic libraries are not sufficient, then alternative open source software, such as FreeBSD, could be used as a basis for their product. However, hoarding inventions contradicts the spirit as well as the many advantages of Linux and open source software. While fully adhering to open source practice, vendors such as Red Hat have implemented a business model that emphasizes other product differentiators including packaging, ease of use, configuration utilities, and service, etc. Large projects can greatly benefit from open source practice since they are normally sold based on expertise and long-term maintainability. When the complete project source code is available, the lifecycle stability of the entire project is enhanced.


Insider threat tactics: The hacker speaks by Priscilla

· Priscilla Felicia Harmanus · 1993 from the Netherlands · Last update: 14 juli 2020    

How I discovered Free Software and met RMS 

How To Install Proprietary Closed Software In Ubuntu 
Your Grandma on linux - explain

No one knows who I am yet and what kind
of content I produce. So why not focus a topic that 
people are 
already searching for, right?


Do you know the signs of suspicious activity? Find out. Recognizing and Dealing With Suspicious Behavior

 

Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |

Insider Threat - an overview | ScienceDirect Topics

Insider Attack - an overview | ScienceDirect Topics

Anomaly Detection - an overview | ScienceDirect Topics

Classification of Security Threats in Information Systems

Detect Anomaly - an overview | ScienceDirect Topics

Insider Attacker - an overview | ScienceDirect Topics

Handbook on Securing Cyber-Physical Critical Infrastructure | ScienceDirect

Internal Attack - an overview | ScienceDirect Topics

Malicious Attack - an overview | ScienceDirect Topics

Backup Generator - an overview | ScienceDirect Topics

Proprietary System - an overview | ScienceDirect Topics

Electric Grids - an overview | ScienceDirect Topics

Securing the Smart Grid | ScienceDirect

Attacking Smart Meters - ScienceDirect

Open-Source Security Testing Methodology Manual - an overview | ScienceDirect Topics

Open Source License - an overview | ScienceDirect Topics

Practical Open Source Software for Libraries | ScienceDirect

Malicious Input - an overview | ScienceDirect Topics

Operating System Command - an overview | ScienceDirect Topics

Temporary Internet File - an overview | ScienceDirect Topics

Obfuscation Technique - an overview | ScienceDirect Topics

Electronic Control Unit - an overview | ScienceDirect Topics

Handbook on Securing Cyber-Physical Critical Infrastructure | ScienceDirect

Activex Control - an overview | ScienceDirect Topics

Wireless Access Point - an overview | ScienceDirect Topics

Hacking Wireless Access Points | ScienceDirect

The Basics of Web Hacking | ScienceDirect

Hardware Security | ScienceDirect

Electronics Supply Chain - ScienceDirect

Computers as Components | ScienceDirect

Hacking Wireless Access Points: Governmental Context - ScienceDirect

Internet of Things | ScienceDirect

Frequently Asked Questions about the Glider Emblem

Eric's Random Writings

Open Minds, Open Source

Eric's Random Writings

Hacking and Refactoring

Things Every Hacker Once Knew

Goodbye, "free software"; hello, "open source"

Eric S. Raymond's Home Page

How To Become A Hacker

The Luxury of Ignorance: An Open-Source Horror Story

The Luxury of Ignorance: Part Deux

Terminology Wars: A Web Content Analysis

Halloween Document 10

Halloween Document 10

proprietary

protocol

The Proprietary-Unix Era

The Early Free Unixes

The Cathedral and the Bazaar

C

indent style

languages of choice

bondage-and-discipline language

Pascal

No Secrets

Trade Secret Law and Risk

OSI Position Paper on the SCO-vs.-IBM Complaint

Eric Raymond's FAQ collection

Keeping an Open Mind

Open Minds, Open Source

The Tale of J. Random Newbie

Indirect Sale-Value Models

www.catb.org/jargon/oldversions/jarg447.txt

The Lost Art of Structure Packing

A Story About ‘Magic'

TV Typewriters: A Tale of Hackish Ingenuity

The Meaning of ‘Hack’

kernel-of-the-week club

Unix weenie

bug

number-crunching

Frequently Asked Questions about the Glider Emblem

Eric's Random Writings

Open Minds, Open Source

Eric's Random Writings

Hacking and Refactoring

Things Every Hacker Once Knew

Who Is This ESR Character, Anyway?

www.catb.org/esr/jargon/oldversions/jarg241.txt

www.catb.org/esr/jargon/oldversions/jarg251.txt

How To Ask Questions The Smart Way

Who Is This ESR Character, Anyway?

www.catb.org/esr/jargon/oldversions/jarg241.txt

How To Ask Questions The Smart Way

Halloween Document 8

The Halloween Documents: An Appreciation

Eric's Random Writings

Goodbye, "free software"; hello, "open source"

Eric Raymond's FAQ collection

Halloween Document 2

Halloween Document 5

Halloween Document 10

The Cathedral and the Bazaar

The Luxury of Ignorance: An Open-Source Horror Story

Jargon File Resources

wizard

source of all good bits

Glossary

guru

lord high fixer

grok

glark

glitch

wheel


Traditionally, OT and IT networks have historically been kept separate GOOGLE SEARCH!.


Vroeger waren ICS standalone systemen. En protocollen waren meestal gepatenteerd. Er was minder ICS-beveiligingsbewustzijn nodig. Omdat deze protocollen moeilijk te begrijpen waren, maar belangrijker omdat systemen nooit of bijna nooit met internet waren verbonden. De laatste jaren zijn steeds meer ICS internet ready en ook daadwerkelijk verbonden met internet. Hiermee zijn de verouderde systemen indirect ook "unlocked" voor het internet.
Informatie Technologie vs. Operationeel Technology

In earlier days, ICS where standalone systems and protocols were most of the time proprietary. There was less ICS security awareness needed. Because these protocols were hard to understand, but more important because systems were never, or almost never connected to the internet. The last years, more and more ICS are internet ready and also actually connected to the internet. With this, the old systems are indirectly also unlocked to the internet. 

Information Technology vs. Operational Technology


• In procesautomatisering van oudsher veel nadruk op fysieke (toegangs)beveiliging. (Toegangscontrole is ook digitaal) *
• Koppeling OT - IT (kantooromgeving) geeft verhoogde kans op cybersecurity risico’s *
• Groeiend aantal verbindingen / connecties doet complexiteit toenemen
• Risico procesautomatisering is risico IT plus risico OT (optelsom risico’s)
• Menselijke factor is ook in OT omgevingen het grootste risico *
• Verschuiving Safety naar Security (kan ook safety mee gemoeid zijn)

Binnen de industrie is het personeelstekort het grootst bij bedrijven die werkzaam zijn in de machine-industrie en de reparatie en installatie van machines

> Recommended readings


 

Als hackers toegang krijgen tot dergelijke systemen kunnen ze mogelijk controle krijgen over kritieke infrastructuur, zoals de bediening van bruggen en sluizen.

 

Home » Research » About » IT vs OT | When Facing The Insider Threat What Happend Free Software vs Open Source | ask me |