Yokogawa: Attack of the Drones

Wednesday, October 5, 2016 @ 08:10 AM gHale

By Gregory Hale
It is possible for a drone to attack an industrial installation.

The industry is headed toward an intersection of physical security and cyber security and cyber physical is becoming a reality. Cyber physical systems are “smart” systems co-engineered interacting networks of physical and computer components.

Yokogawa: Secure by Design
Network Visibility with New Platform
ICSJWG: Security in Perspective
ICSJWG: Different Approach to Security

Drones are just one case in point.

“Usually a camera is a default payload, but they can easily carry a small computer,” said Jeff Melrose, senior principal technical specialist at Yokogawa during his presentation Tuesday entitled, “When Drones Attack: Cyber Physical Attacks and ISA 100,” at the Yokogawa Users Conference and Exhibition in Orlando, FL. “The range used to be about 1000 yards and the speed average is 30 mph. But now drones have upped their capabilities to more than 40 mph and up to three miles.”

Drone technology is becoming more advanced and the ability to use a drone as a surveillance tool or as a weapon is becoming more possible.

“It doesn’t take a whole lot for people to operate the drones,” Melrose said. “It is really easy.”

At one point, Melrose showed a video of a drone following a person around a field and it had no problems keeping up with or changing whatever direction the person went.

Melrose talked about two basic assumptions about drone security:
• An adversary needs to be within physical proximity to do major harm
• Physical security can end up minimized inside the plant boundary

However, he said, there is drone reality:
• Drones can allow an adversary to attack over a long distance – even a hobby drone can travel 3 miles
• Drones can tailgate workers with no problem

While Melrose got into a discussion about electronic warfare, the long and short of the discussion is it is possible for an attacker to create a disruptor to wireless systems and wreak havoc on an industrial facility. He talked about four incidents that occurred where wireless systems ended up jammed:
1. San Diego Harbor 1999 — A U.S. Navy radar test created EMI which affected 928.5MHz wireless communication from SCADA systems and connected valves controlling San Diego Water Authority and San Diego Gas and Electric.
2. A similar incident in 2007 led to GPS and other wireless services being significantly disrupted throughout San Diego, Emergency pagers stopped working, harbor traffic-management system guiding ships failed, cell phones failed, ATMs failed. The issue ended up being two Navy ships in the harbor doing a jamming training exercise.
3. Newark Airport 2013—The FCC fined a Readington, NJ, man nearly $32,000 after it traced a problem with Newark Liberty International Airport’s satellite-based tracking system to his truck. The man had purchased an illegal GPS jamming device for about $100 and installed it in his company-owned pickup truck so his boss could not monitor his movements.
4. Den Helder, Netherlands, late 1980s — A gas pipeline control system located near a naval base found a 36-inch valve was opening and closing with the same frequency as the scanning of an D/L-band radar (1.215-1.4 GHz) system in the harbor. Shock waves induced by the rapid valve movements caused a pipeline rupture.

“The closer a transmitter can be to the target network, the more effective it is. So the possible use of a drone to move the transmitter closer to the target (is a viable option),” Melrose said.

This is not pie in the sky. Drones are a realistic attack approach.

The following are some cyber defense strategies:
• Know your radio spectrums
• Industrial wireless will need to go with MESH network topologies
• Certain overhead areas need to be secured. Police your Fresnel Zones, which are a series of concentric ellipsoidal regions indicating wave strength between two antennas.
• Industrial wireless networks vs. EMI vs. distance