热度 17
2011-6-9 17:56
1913 次阅读|
0 个评论
US Governors and others frequently bemoan the lack of investment being made in crumbling infrastructure. Bridges, tunnels and the rest of the brick and mortar that enables our lives are in disrepair, and we're told things are getting worse. Shrinking budgets insure that repairs will continue to fall behind. Pundits also say the electric grid is old and not capable of meeting 21st century needs. I recently met with a control engineer who works for a large metropolitan water company. He's concerned about another kind of infrastructure " the digital one that monitors and controls factories and other large plants (including water plants, of course). These ubiquitous supervisory control and data acquisition (SCADA) systems often handle extremely high power actuators, like multithousand horsepower motors. Industrial automation equipment often runs for decades or longer. Years ago, when working on a system in a steel mill, I came across a huge motor stamped with a manufacturing date of 1899. It was still in service. The electronics, too, often runs for decades. That's a testament to great engineering and manufacturing, and is also potentially a great hazard. These systems were largely designed before security became an important issue. Many have been almost haphazardly connected to the Internet in the intervening years, when management sees the 'net as an easy way to monitor remotely and save money. I have been told (by the NSA) that a Tylenol factory has been hacked. In 2003 a worm shut down all safety monitoring on an Ohio nuke plant for five hours. Vancouver's traffic lights have been compromised. A 14-year-old turned the Polish city of Lodz's trams into his own giant train set, derailing four cars and injuring at least a dozen people. There are many more instances. Then there's the famous Aurora experiment: in 2007 researchers from the Department of Energy hacked into a replica of a power plant and seriously damaged a generator. I'm told the hack was trivial. And that a lot of plants remain vulnerable. Now wireless is infiltrating the infrastructure. There are plenty of good reasons to use RF instead of fiber or copper. But how secure are these transmission media? How many of usthe embedded engineers designing these systemsare security experts? Are we letting unintended vulnerabilities sneak into the code?