Hacked air conditioning and plummeting elevators?

Imagine that you are in an elevator in a high rise building when suddenly the elevator starts to plummet with no apparent stopping mechanism other than the concrete foundation below.  While this may sound like something from a Hollywood movie, consider the idea that a securely tethered, fully functional elevator is as vulnerable as it is smart.

Wired.com explored the possibilities for hacking an electricity grid via an air conditioning unit several years ago. To summarize, an electric company offered customers a discount to place a governor on an air conditioner. This allowed the electric company to adjust the air conditioner to maintain control to prevent power dips and surges during extreme demand. In doing so, the electric company introduced an Industrial Control System (ICS) into every residence that accepted the offer. 

However, as the Wired.com article explains, these ICS devices were not secured against unauthorized access, leaving them vulnerable to widespread attacks that could cause the problems they were trying to prevent. An attacker could control multiple devices, causing them to create a power dip, or a surge, by doing the opposite of what the electric company commanded.

There are many reasons why the cybersecurity of industrial control systems presents unique challenges. Unclear or overlapping responsibilities, technical issues, lack of security awareness on the part of the ICS operators, and insufficient ICS knowledge on the part of security experts are just some examples. Yet, most of these systems are vital for the business continuity and commercial success of their organizations; they should therefore be seen as critical infrastructure.

The range is huge, from data centre air conditioning, fire alarm systems, elevators, and electronic locking systems to refrigerator controls and connected coffee machines. These systems are usually outside the control (Read more...)