Kill the heating – how smart infrastructures will not work at all

17.04.2013 by Martin Kuppinger

This week, I read an article (in German) about a severe security bug in heating systems provided by Vaillant, one of the larger manufacturers in that space. The issue was found in so called “nano block heating systems” that are made for detached houses and duplex houses.

The entities have an IP-Interface that allows both the service technicians of the vendor and the owner of the heating system to remotely manage the device. However, a security bug allows pretty much anyone to easily access, in clear text, the passwords of the owner, the technician (expert), and even the developer. In other words: attackers can easily gain full access and control all settings. That allows increasing the temperature of the outgoing water in summer, which can damage the heating element. It allows stopping heating in winter, which could result in frost damages. There most likely are other types of damages an attacker can cause.

Even worse, these systems communicate with the DynDNS (Dynamic DNS) service of the vendor. That allows attackers to identify all systems in a simple way, just by “trial and error”.

Vaillant has announced that they will inform the customers, update the software – which requires, despite having an IP interface,  that a technician visits the customers – and provide VPN communication for technicians.

This issue is a perfect example of what is happening these days in smart metering and other areas of “smart homes”. Vendors start adding IP interfaces, but they fail in security. In the entire segment of home automation, which is based on standards such as EIB/KNX, understanding of security issues appears to be rather limited. Security is understood as “availability”, not as being secured against attackers. That is, by the way, true for other standards as well – most bus systems in manufacturing are not secure at all. EIB/KNX does not even have a security layer. These bus systems typically rely on simple broadcasting. Who has access to the bus, has access to everything. Once you connect the bus to the Internet, things become obviously highly insecure.

The obvious solution for that is protecting the IP interface. However, as long as that is not done perfectly well, the problem remains. The entire manufacturing industry, but also the automotive industry and others that rely on rather primitive bus systems, have to fundamentally rethink their security approaches. Not doing this is wantonly negligent.

Smart infrastructures require smart security. Not having well-thought-out and well-implemented security approaches in place but relying on stone-aged security approaches for (sometimes) stone-aged bus systems puts us all at risk. There is a good reason for the massive potential of Stuxnet: It arises by opening up unsecure environments – unsecure by design – to the Internet, without appropriately changing the security approaches.


US Defense Secretary Panetta and the cyber Pearl Harbor

16.10.2012 by Martin Kuppinger

At the end of last week, US Defense Secretary Leon Panetta gave his first major speech on cybersecurity. The speech was given during the Business Executives for National Security meeting in New York. It gained some attention in the news. This concept wasn’t entirely new, as Jon Oltsik pointed out in a post – back in 1998 Deputy Defense Secretary John Hamre cautioned the U.S. Congress about the same topics, using the term “cyber Pearl Harbor” back then as well. On the other hand, in March 2012 the US Cyber Chief talked about a tide of cyber criminality. And even while I stated that tide appears to be the wrong term despite the lack of an ebb tide that also showed that this issue is increasingly well understood.

On the other hand, John Oltsik claims that “almost nothing” had been done since 1998 to actually improve cybersecurity readiness in the critical infrastructure. I disagree with his point. A lot has been done. But we didn’t manage to close the gap between the threats and the cybersecurity readiness. This gap might even have become bigger. When I look at what various governments like the U.S. government or the German government and multi-national institutions like the EU are doing, I see that they have started investing. They also, like other organizations, have understood that this is an immense risk. But things are moving slowly, which is no surprise when governments are involved.

The biggest issue, however, isn’t the governments but all the providers within the critical infrastructure, from utility companies to finance institutions and their technology providers. Back in 2010 I wrote a post titled “Is an insecure smart planet really smart?”. That’s where the big problem is: there are far too many initiatives around making the world “smarter”, which either totally ignore security or underestimate the role security plays in being smart. This is not only true for the big initiatives, but also for industry automation and, maybe even more, for automation within households.

It is important to understand that addressing the threat Panetta described is not only a task for governments. It is a task for every single organization. When looking at Stuxnet and Duqu, some organizations far away from the real targets became an attack target as an intermediary step. We need to rethink our security and to become much better at that.


Security – the key to smart grids and planets

08.12.2011 by Martin Kuppinger

This week was the 6th National IT Summit in Germany. Like always, that’s where big speeches are made and little happens. The German BITKOM (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V.), the IT and communications industry lobbyist association put the topic of smart networks (or grids) on the table. They requested initiatives (and money) to build such networks. That comes as no surprise, given that the smart world will require massive investments. So driving this forward makes sense.

However, the big problem to solve for this smart world – whatever it will look like – is security. I’d blogged about this quite a while ago, titled “Is an insecure smart planet really smart?” This question is not even still valid, it has become increasingly important. In Germany, there has been a large exercise – sort of a field exercise – just recently called LÜKEX. Many governmental organizations, police, and others are involved, this time upwards to 3,000 persons. In former years it has been about terrorist attacks with bombs and the like. This year it has been about CyberSecurity.

Networking the world requires a very well thought out approach on security. And it requires the willingess not to connect everything. The problem is that many of the initiatives around smart “whatevers” ignore this. There is a BITKOM presentation of mid 2011 which does not even mention security. Fortunately, BITKOM at least mentioned the need for security at the National IT Summit. Nevertheless it looks like the need is neither fully understood nor adequately prioritized. My perspective is that it has to be the priority number one for everything which is done around the smart world. Without security, nothing will be smart.

And even with well-thought security we have to be always aware that everything we network, especially including all the SCADA devices, will massively increase our security risks. So being not too smart might be smarter sometimes.


Is an insecure smart planet really smart?

25.03.2010 by Martin Kuppinger

There are a lot of talks about making our planet smarter. Despite being far too much fiction, the film “Die Hard 4.0″ has been around some of the potential risks around this. I recently had a very interesting discussion with a forensic/incident expert from the US. We’ve discussed several issues and ended around the idea of this “smarter planet” and the “smart grid” as one of its most prominent elements. Per se, the idea of having a networked infrastructure in many areas, with a high degree of flexibility and increased service availability is as appealing as inevitable – things will go that path.

However the security of that future seems to be somewhat ignored, at least in the public discussion. For sure politicians aren’t interested in the dark site of things as long as the bright side is discussed. They don’t want to be the party poopers. Only if there is an incident, they will claim that they have done everything to avoid it and that everyone else is guilty but not them. Vendors, on the other hand, are mainly interested in driving things forward. Most of the for sure don’t ignore security – but it seems to be more sort of a pain than an opportunity.

Thus, we observe currently the same thing in big like we can see day by day in small: Security is ignored when driving things forward. That is true for a tremendous part of the software which is developed, it is true for new standards in IT (think about web services – security has been missing at the beginning), it is true for so many other areas. And now the same thing seems to happen for all these smart things. But, from my perspective, then these things aren’t really smart.

Just think about the smart grids. This is sort of a massive data retention mechanism, collecting and networking millions of households with the utilities. There are privacy threats – who has used which electric device when? There are new attack surfaces. For sure there are some things going on around security. But from what I observe, security is developing slower than the rest of the things in the smart planet initiatives. It’s sort of a ticking time bomb out there.

What will happen? Security is undervalued. For sure it isn’t ignored but it won’t have the relevance it should have in these projects. People will cheer when there are some results of projects delivered. Security will become a problem. There will be unpleasant discussion about who is guilty or not. Security issues will be patched. To some degree. Wouldn’t it be a better idea to built security into the concepts from scratch? To really have a smarter planet at some point of time?

Sorry for being the party pooper!


Services
© 2014 Martin Kuppinger, KuppingerCole