SAVANNAH, GA. -- Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems and decided to disrupt them, imperiling the lives of hundreds of thousands of residents relying on them. Think it could never happen? Think again.
"You could increase the speed of how elevators go up or down," says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority (NYCHA), which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems (ICS) for the boilers, they could raise the heat levels for municipal boilers, causing them to explode.
These types of attack have never happened, but in the age of ever-mounting cyber exploits, NYCHA, which is responsible for over a thousand buildings in the city, wants to take every precaution, though it could get expensive. To that end, NYCHA has had the various city-operated elevator and boiler systems subject to network penetration testing, using the services of Cary, N.C.-based neuroFuzz, which did find a few holes.
But in the end, it's not just a question of fixing a few holes, but of coming up with a cyberdefense approach that effectively creates a guard over the industrial controls for the elevators and boilers.
The security firm, which has expertise in not just Web protocols but the specialized industrial control system (ICS) protocols such as Modbus, worked with the city to come up with a prototype plan for cyber defense. This prototype has been tested in a lab environment — it's not feasible to test it directly on the city's operating elevators and boilers — and would need to implemented in production hardware and software by information technology contractors, such as systems integrators, working under the city's guidance.
To that end, the city put out a request-for-proposal for an opening phase of the project with bids coming in for review just this month. The fate of the project is uncertain, however, since affordability could prove to be an obstacle. But the city will push hard for its cyberdefense ideas.
According to Andres Andreu, chief technology officer at neuroFuzz, the basic concept in the cyberdefense prototype is a reverse proxy that looks at traffic going to the industrial control systems for the New York City elevator and boilers, inspecting traffic to determine if the commands are authorized and do not violate technical restrictions on how elevators or boilers should normally work.
It's basically a policy-based intelligence-based security approach that asks whether the instruction coming into the ICS makes sense or should be allowed in the context, points out Andreu, noting a simple example is you wouldn't allow an elevator in a five-story building to ever be told to go to 6.
Ramirez says the advantage in this approach lies in not just thwarting the type of cyberattack from outside that might ever be unleashed, but also lowering risks associated with any potential insider threats, such as disgruntled employees who for whatever reason might want to do some harm to the elevator or boiler systems.
"If you have a disgruntled employee upset with the city and really wanted to do a number, like not putting the right amount of water or pressure, it ends up deteriorating equipment more quickly," Ramirez notes. The city will be reviewing the bids for the project to evaluate what may be done next.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.