"For the past year, energy companies in the United States and oil and gas operators across North America discovered their networks had been examined by the same Russian hackers who successfully dismantled the safety systems in 2017 at Petro Rabigh, a Saudi petrochemical plant and oil refinery."
Why are these systems even connected to the internet?
Decades ago, creating such connections might have been a forgivable oversight, since the internet was a much more peaceful place, and the idea of cyberattacks might have seemed like paranoid science fiction.
Today such attacks are happening in front of our noses and these systems are still connected to the internet?
On the electrical distribution side, there are a few things which may need internet connectivity. Getting map tiles for displays; having an externally contracted call center integrate with the outage management; automatic vehicle location (painting crew vehicles on the displays).
Adding to the last point, something that is coming to the industry is read only access to the system from a mobile device. This requires internet or a private network across the bounds of your network.
I don't want to talk too much about company specifics, but typically modern systems will have servers dedicated to only internet related functions. They will be internally firewalled from any servers which could make changes on the network. These systems aren't cheap though, a lot of what we replace is 15-30 years old. As such, it may not be as secure as it could be.
I've mainly talked about distribution. Transmission and generation also have functionality which requires the internet, or at the least a very large private network.
You can always run your own OSM tile server. That's what they recommend instead of relying on the official server, actually, if you have any non-trivial load.
Google Maps for Android provides area-based offline maps, with a time limit that is not enforced.
It's been very useful to me personally, not sure what's unusable about it. I find the online version less usable because it nags me about GPS and obstinately only stores search history online, coupling it to the global Google Activity History setting.
If you have a GIS system, that is able to use Google Maps as the basemap, you still don't have the ability to save it for offline use. The APIs/libraries/license agreement with Google that these GIS systems use won't allow that.
Not that other providers (Bing, Here, etc) are any better. Your only way is to download OSM data/obtain local ortophoto and make your own tiles.
Is navigation working off-line now? Last time I checked, it didn't. And Google Maps, even on-line, are quite bad at being a map, with the completely unreliable way of rendering street labels. I've used Google Maps off-line in a pinch a few times, but it wasn't too pleasant of an experience.
(Call me entitled, but I don't think it's too much to ask of an off-line map to offer point-by-point navigation and searching through the DB of addresses and POIs in the off-line map. When you can't do it, I get the feeling someone doesn't want you to use off-line mode, and is purposefully overcomplicating things.)
All those things (except display of some street names) work for me offline on my Android phone, but only for driving directions. You have to save an offline map manually first, somewhere in the settings or sidebar.
"In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network. On average, we see 11 direct connections between those networks."
-- Sean McGurk, The Subcommittee on National Security, Homeland Defense, and Foreign Operations May 25, 2011 hearing.
My old apartment's intercom system had a bit of advertising material saying it was "computerized, not internet-connected" (or something like that) - it was an electronic system, but all it had was a connection up to the front door entry system, a terminal for the doorman, and the ability to call 911 if you pressed the panic button. No fancy cloud apps to drain your battery and then get hacked.
If an apartment intercom can realize this is important, why can't an oil refinery?
Note that POTS pretty much doesn't exist anymore. Analog phone lines only run up to a point at which they get converted to SIP which then runs over IP (while it's often using "private" networks, it's not air-gapped from the Internet and thus can still be compromised).
Shameless plug: I work for a startup ( https://www.sensorfu.com/ ) that helps utilities and industrial companies to solve that exact problem of keeping their control | ICS networks closed and isolated from internet.
Even larger utilities often have a rather small IT teams that are tasked with everything from keeping things running to change management, network design and architecture. And whether it is lack of time to focus on making the right things, or lack of time to even learn the latest right things<tm>, mistakes happen, all the time. And even when 'perfectly' implemented, it is far too often that we see that some one just decided that it's ok to run a cable from control room to open internet to make those night shifts a little less boring.
Convenience will trump security at the first opportunity unless extraordinarily stringent procedures and checks of those procedures are in place. "Well it was costing us an extra ten minutes every day so we just brought a router from home and hooked it up" is a situation I run into almost constantly.
I'm not sure about the US, but in Russia and, well, in all former Soviet states energy systems are not actually connected to the internet and where there is automation it can all fallback to manual operations, so they can survive cyber attacks like nothing happened (almost, as figuring things out and communications cost some time).
This didn't stop the 2015 attack Ukraine's power systems from wreaking havoc, although I suppose if it was entirely computerized they could have been offline for much longer.
They dont have to be connected to the internet directly, the attackers can move laterally across segmented network boundaries or deliver a USB or backdoored device implant for their initial access.
Which is why you dont get to bring your equipment into those facilities. But someone always thinks he is the exception to the rule. What harm could a USB stick do and you really need your powerpoint slides.
> Today such attacks are happening in front of our noses and these systems are still connected to the internet?
I've done my fair share of inspecting critical infrastructure in different countries and 9 out of 10 times the reason is: cost.
Got a bridge / tunnel / trafostation that needs monitoring / interaction? DSL only costs 20 a month, let's do it! VPN and 2FA? Costs & our employees are going to kill us since that is too complicated. Updates of the OS and that application that was tailor made by the maker's daughter in law 10 years ago? Too risky and costly.
TL;DR Never attribute to malice that which is adequately explained by stupidity.
This is about nation state adversaries. There should be no illusions that they laugh at people who think they are safe behind air gaps and routinely cross them. Often both infiltrating and exfiltrating data.
I prefer security focused organizations attempted to deploy their limited resources more effectively. Well trained and security conscious end users are very hard to attack.
I don't understand your point. Everything is vulnerable; you can never secure something fully. Security in layers is how security works, and disconnecting critical systems from the internet seems like a good layer to add.
Why are these systems even connected to the internet?
Decades ago, creating such connections might have been a forgivable oversight, since the internet was a much more peaceful place, and the idea of cyberattacks might have seemed like paranoid science fiction.
Today such attacks are happening in front of our noses and these systems are still connected to the internet?
It really boggles the mind.