Juicy Target: Big Cloudy Agglomerations of Virtual and Tangible Gizmos

March 9, 2019

Last week I had a call about the vulnerability of industrial facilities. The new approach is to push certain control, monitoring, and administrative systems to the cloud. The idea is that smart milling machines, welders, and similar expensive equipment can push their data to the “cloud.” The magic in the cloud then rolls up the data, giving the manufacturing outfit a big picture view of the individual machines in multiple locations. Need a human to make sure the industrial robots are working happily? Nope. Just look at a “dashboard.” If a deity were into running a chemical plant or making automobiles, the approach is common sense.

I read “Citrix Hacked and Didn’t Know Until FBI Alert.” The FBI is capable, but each week I receive email from companies which perform autonomous, proactive monitoring to identify, predict, and prevent breaches.

The write up points out

The firm attributed the attack to an Iranian group called “IRIDIUM” and says it made off with “at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement.”

The article buries this statement deep in the report:

The breach disclosure comes just three days after Citrix updated its SD-WAN offering to help enterprises to administer user-centric policies and connect branch employees to applications in the cloud with greater security and reliability. The product is intended to simplify branch networking by converging WAN edge capabilities and defining security zones to apply different policies for different users.

What’s the implication?

Forget Go to My PC vulnerabilities. Old news. The bad actors may have the opportunity to derail certain industrial and manufacturing processes. What happens when a chemical plant gets the wrong instructions.

Remember the Port of Texas City mishap? A tragic failure. Accidental.

But Citrix style breaches combined with “we did not know” may presage intentional actions in the future.

Yep, cloudy with a chance of pain.

Stephen E Arnold, March 9, 2019

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta