Aluminium plants are particularly vulnerable because the electrolysis "pots" must be kept hot, requiring a continuous supply of electricity. Supply interruptions can be a disaster.
https://www.argusmedia.com/en/news/1863707-venezuelas-fragil... "State-owned aluminum smelter Venalum's remaining operational units and state-owned Bauxilum's alumina production units were destroyed by the blackout and likely will not be repaired for at least a year, a senior Venalum official said. "The primary aluminum and alumina sectors are dead for the foreseeable future." "
You get all sorts of problems, including from freeze-thaw[0] damage to the pots, the electrodes get oxidized, and the plant itself isn't fit to work in due to CO buildup (no fans!).
[0] It's weird to see freezing damage occurring at 900˚C, but I guess that is what happens.
Thankfully the smelting can apparently be controlled manually. According to this article[0] all Hydro plants are still running 24/7, but now using paper, pencils, and calculators.
-An unsurprising, but somewhat amusing tidbit from the article is that Hydro's senior employees got a chance to shine today - while younger employees had only ever operated the plant via SCADA systems taken offline today, the staff closer to retirement ran the show like it was 1975.
A diverse workforce can be a bonus when things go pear-shaped; with any luck Hydro (and others!) take the lesson to heart and train all staff in fallback measures as part of their disaster planning.
I think I read once that the last-ditch effort in case of power blackout is heating the ovens with gravity-fed kerosene burners to keep them from going titsup.
>>A.P. Moller-Maersk A/S, the owner of the world’s biggest container shipping company, lost about $200 million to $300 million because of a cyber attack in June
Very soon we'll be talking real money. How do you price your ransom...we caused this much damage to Maersk, be smart...
Yes, it's been a longstanding issue and the ICS security space has been heating up the past few years as a result of the increasing awareness of the problem. There are quite a few companies trying to bring OT network security into the modern age but it's a slow moving field. We've been looking at the number of Internet-exposed industrial control systems and they've been increasing around 10% year over year despite all the news coverage/ attacks.
IMHO it was all downhill once VLAN use became the default and viewed as equally secure as physically disparate networks.
We used to physically isolate security domains across the board. Everything is virtualized now, which makes it a whole lot less visible when boundaries are being violated, where it used to be obvious.
From the looks of the Twitter thread pointed out by @ 0xDEFC0DE, looks like the ransonmware was spread by Active Directory group policies, probably by organized crime, as opposed to a random drive-by download infiltrating an entire organization.
Stocks and commodities markets are moved by this, and someone in the know could plan and pounce on the situation. I wonder if that's the real motive, not the potential ransom sought.
That was in 2015, at the time ransomware was somewhat "behaved" and there weren't the many different variants that did things like just scrambling your files and throwing up a Bitcoin address to "decrypt" them.
I think things have shifted now to the where it's not something that's recommended.
My local Police Department got their dept. computers crypto locked via some ransomware or other, the FBI told them to pay the 1 bitcoin or whatever they were asking, which they did and got it unlocked!
The problem isn't just windows - it's more along the lines of "narrow software" being very much sold "as is" with "strict and boneheaded compatibility requirements (run known vulnerable software/os)", combined with either consciously or unconsciously taking on the risk of doing so, with or without appropriate mitigations in place.
Control software, or for that matter, software for a sufficiently narrow domain, tends to come "with bugs" and "for compatibility reasons you need to run this on OS/release version X (which is probably what the vendor ran at the point in time when the software were minted/released).
I've had the displeasure of crossing paths with both the linux and windows variety of this.
In some cases you can ignore the vendors and just upgrade, and jump through some amount of hoops to make it work.
I'm sure in most cases you could engineer around this with isolating it from the world, although it may be non-trivial since it'll probably want to communicate over a network of some sort. Although - exactly what is needed in terms of achieving that may be less than well documented, it costs time and money, and is maybe not really budgeted for, there's aggressive installation timelines, and the security part is probably the first thing to get slashed from when the installation timelines starts slipping.
The vendor just wants to sell you a black box, and preferably not touch it ever again after they've sold it to you. (Actually - some even do sell you a branded, badly engineered, stock PC running some variety of windows or linux or bsd, to control your winch/navigation/foundry/whatnot).
I have witnessed "IT for offshore", in which a vessel is docked for X days, here's a list of things that we need to do, after X days the vessel will depart. You may have a few days on top of X days if you can leave somebody at the vessel, after X+Y days, the vessel needs to be somewhere in an operable state, because we have a commissioned work to perform.
For say running a foundry, I'm sure much of this is similar, except the foundry doesn't have go anywhere - but having your foundry do nothing is exceedingly expensive, and making changes during production comes with a different set of risks.
People have probably complained somewhere along the road, disagreeing with the risks, and somewhere higher up in the chain, the choice were made to take on the risk.
Aside from being outdated advice, this is also globally impossible.
Microsoft Windows has got a major lock on the industrial control systems industry. Almost anything being produced today has a Windows machine in the workflow doing something critically important, from monitoring fluid flows to running microchip programmers and test stations.
The advice is outdated because it is entirely possible for Windows machines to be secured well enough for this work. Windows security, like Linux security, is not a binary state with either a zero for no security or a one for security.
They did not accept crippling ransomware by using Windows. Nobody does. This attitude is fatalistic and somewhat juvenile.
They may have implicitly accepted crippling ransomware by not having sufficient internal security processes.
You are right, but still using an operating system with such large attack surface like Windows is a worldwide industry problem. No one is saying Linux is much better either, but there are other solutions like IncludeOS(http://www.includeos.org/technology.html#security) which has a very low attack surface, if not 100% impossible. I'm not saying IncludeOS would work in this case, but secure systems has come a loooong way the recent years.
I would have thought that an imaginative prosecutor could find an existing law that could be applied to punish the payment of ransoms; even if it is only failing to pay some sort of tax or duty. Something like that is what is supposed to have brought down Al Capone.
They'll find a way. Pay for consulting, pay from personal funds etc etc. Companies need to go back to work ASAP, ransom is a small cost of doing business.
I cant find the story anymore, but I seem to recall that at peak crypto locker there was a 'consulting company' that would fix this for you without you having to pay the attackers. Instead you paid the consultants double the extorted amount, and then they paid on your behalf.
This has hit Venezuela badly: https://twitter.com/AKurmanaev/status/1104141813936545793 "Today Venezuela basically crossed off an entire industry. In one day. No more industrial aluminum production. Just like that. It’s gone."
https://www.argusmedia.com/en/news/1863707-venezuelas-fragil... "State-owned aluminum smelter Venalum's remaining operational units and state-owned Bauxilum's alumina production units were destroyed by the blackout and likely will not be repaired for at least a year, a senior Venalum official said. "The primary aluminum and alumina sectors are dead for the foreseeable future." "