"The Security Ledger has picked up on an opinion piece by noted cyber terrorism and Stuxnet expert Ralph Langner (@langnergroup) who argues in a blog post that critical infrastructure owners should consider implementing what he calls 'analog hard stops' to cyber attacks. Langner cautions against the wholesale embrace of digital systems by stating the obvious: that 'every digital system has a vulnerability,' and that it's nearly impossible to rule out the possibility that potentially harmful vulnerabilities won't be discovered during the design and testing phase of a digital ICS product. ... For example, many nuclear power plants still rely on what is considered 'outdated' analog reactor protection systems. While that is a concern (maintaining those systems and finding engineers to operate them is increasingly difficult), the analog protection systems have one big advantage over their digital successors: they are immune against cyber attacks.
Rather than bowing to the inevitability of the digital revolution, the U.S. Government (and others) could offer support for (or at least openness to) analog components as a backstop to advanced cyber attacks could create the financial incentive for aging systems to be maintained and the engineering talent to run them to be nurtured, Langner suggests." Or
maybe you could isolate control systems from the Internet.
"Isolate from the Internet" is hard
• Score: 3
Air-gap alone is not enough. Stuxnet travelled via USB sticks. And if your hardware (or anything connected to it) has a wireless interface on it (Bluetooth, Wifi, etc), you have a problem ... an operator might bring a hacked phone within range, for example.
Simplifying the hardware down to fixed-function IC or analog reduces the attack surface much more than attempts to isolate the hardware from the Internet.
Obvious solution is obvious
• Score: 3
The hubris of some thinking that everything can be linked to the internet while maintaining acceptable security is ignorant.
Some systems need to be air gapped. And some core systems just need to be too simple to hack. I'm not saying analog. Merely so simple that we can actually say with certainty that there is no coding exploit. That means programs short enough that the code can be completely audited and made unhackable.
Between airgapping and keeping core systems too simple to hack... we'll be safe from complete infiltration.
Lots of unproven assertions here.
• Score: 3
"obvious: that 'every digital system has a vulnerability,' "
So far, this has been demonstrated (NOT proven) only in the current environment where hardware and software architects, developers and businesses can get away from product liability requirements by crafting toxic EULAs that dump all the responsibility for their crappy designs and code on the end user. If the people who create our digital systems had to face liability as a consequence of their failure to design a secure system, we may find they get off their a**es and do the job properly. Where's Ralph Nader when you need him?
And as the original poster noted, you CAN isolate the control systems from the Internet! Cut the wire and fire anyone who tries to fix it.
"analog protection systems have one big advantage over their digital successors: they are immune"
Nonsense! There were PLENTY of breakins by thieves into banks, runaway trains, industrial accidents and sabotage BEFORE the digital age. There was no "golden age" of analog before digital: That's just bullsh*t.
perspective of a controls engineer--
• Score: 3
There are billions of embedded systems out there, and most of them are not connected to the internet. I've designed embedded control systems for most of my career, and can attest to the many advantages a digital control system has over an analog one. Analog still has it's place (op-amps are pretty fast & cheap), but it's often quite useful to have a computer do it. Most capacitors have a 20% tolerance or so, have a temperature tolerance, and have values that drift. Your control system can drift over time, and may even become unstable due to the aging of the components in the compensator (e.g. PI, PID,lead/lag) .. Also a microcontroller wins hands down when it comes to long time constants with any kind of precision (millihertz). It's harder to make very long RC time constants, and trust those times. Microcontrollers/FPGA's are good for a wide control loops including those that are very fast or very very slow. Microcontrollers allow you to do things like adaptive control when you plant can vary over time like maintaining a precision temperature and ramp time of a blast-furnace when the volume inside can change wildly.. They also allow you to easily handle things like transport/phase lags, and a lot of corner conditions, system changes -- all without changing any hardware..
I am happy to see the same trend with software-defined radio, where we try to digitize as much of the radio as possible, as close to the antenna as possible.. Analog parts add noise, offsets, drift, cross-talk exhibit leakag,etc.. Microcontrollers allow us to minimize as much of the analog portion as possible.
• Score: 3
A "cyber-attack" is a digital attack. So if your system is not digital, you can't be cyber-attacked. Great news.