How to Hack a Chemical Plant

Anyone who operates a chemical plant with control networks that have full time connectivity to the outside world is asking for trouble. Security measures or not, they need to be disconnected!

What is needed is two fully seperated networks in the plant (one for controls and the other for IT systems), while this may pose an additional burden when it comes to managing the control network, there really is no other option.

They do not have the right to assume this danger for the rest of us.

I mostly agree with what you say, but: The Stuxnet virus was not inserted into the system via an internet connection, but rather by way of a virus carried on a USB stick.

That means that industrial systems need to be patched with updates, which in turn means an internet connection. My personal solution was to setup a server with WSUS (Windows Server Update Services - free from M$), connect it to the internet (on the I.T. side), download all applicable patches for the machines on the SCADA system, then disconnect from the internet, then connect it back to the SCADA side.

A long, drawn out process, but that enables me to stay current on patches, without a 24/7 connection to hackerville.

Agreed... I should have included that proper internal security protocols were also required.

There are ways to do these things with NO connection to routable public IP space. In this day and age, running these systems with publicly routable IP space is criminal.

As to the external I/O threat such as USB ports, ROM drives and the like, they need to have them removed and only connected to the various systems when a patch is needed.

Download the patches to disconnected from the control network machines, burn the updates to a ROM drive, then plug in an external ROM drives to the machines that need to be updated and apply your patches.

Doing it this way ensures you can go over the patch material with a fine tooth comb and ensure no world connectivity at any time. If a plant has the ability to kill people if a large malfunction was to occur, this should HAVE to be there process.

As to MES information systems in the Plant Managers office... run a LAN extension to his office with a dumb X Windows terminal (or whatever flavor of transport the system uses) so he can see how many gallons he has made of purple kool-aid per hour.

Putting it plainly... I do not accept the premise that plant control system need to be "on" the Internet to function.

I guess that the level of caution you must take must be tied to the risk. Which risk? The risk that your process presents to others and not to the financial risk of the company producing the commodity.

Edit...

I misunderstood your method. Your process is close to what I mean. I still would not have a machine with a running OS that forms part of the control network connected to the world at any time.

The CIA knows how to do this. No yellow cake for you!

No we are not ready. The IoT is a catastrophe waiting to happen.

And planting seeds, and challenges, in deviate minds only adds to the potential for disaster.

Let's discuss how to build a bomb and plant it on an airplane and why it is a bad idea next.

The IoT is the ultimate invitation to disaster, but don't believe me.

There are a lot of chemical plants, refineries, etc. that are connected to the internet in one way or another. There are a lot of layers of protection between the physical computers and the internet but the connection is still there. A lot of companies will use online historians (like PI) which allows them to monitor and troubleshoot the plant remotely provided they have the correct access. Plants also have remote access capabilities for control system support and things of that nature.

Most plants that I have been in it would be difficult for someone to hack into the system and then have the additional expertise to sabotage the control system to the point that the unit experienced some kind of catastrophic failure. Nearly every plant is designed to "fail safe" and you would need to modify the control logic to get it to not behave that way. Even after that they should have a physical layer of protection on everything that allows for control system failure. Is it inconceivable that someone would be able to get past all of that and cause some major harm? No, but I think the chance is fairly remote. Many times more likely that you will be exposed to somebody operating the plant in an unsafe manner during start up or maintenance and cause an issue.

You said "No, but I think the chance is fairly remote". ok... tell you what, the plant that takes a "chance" can be in your neighbourhood and not in mine. Sound good?

I try to not be near any of them but more for the fact that I know people are fallible and will inevitably make mistakes which may or may not be catastrophic than the idea that someone is going to do something nefarious through the internet. Here in TX (and the US in general I would argue) you can't really avoid some level of chemical exposure risk. There are carbon monoxide pipelines, vinyl chloride monomer railcars, HF railcars, formaldehyde trucks, chlorine trucks, natural gas storage domes, hydrogen storage domes, etc. Just on a trip to the grocery store you can pass trucks carrying thousands of pounds of cryogenic liquid or a silane gas trailer that stores a pyrophoric gas at 2,000 psi.

I'm glad that somebody is worried about this I guess but I'm more worried about things like mechanical integrity programs where we've seen multiple failures that led to fatalities. Like I said above, almost every plant I've been in had several layers of protection between the internet and their control computers. Some aren't connected at all but most of them are in one way or another. Some plants don't even have computers; they make me the most uncomfortable.

Silent!!! I'm busy tryin