To be more pedantic, the answer is "that was the emergency stop - there's a reason they only use it in emergencies".

The more interesting question is why is the industrial control computer connected to the internet.

Shouldn't these things be on a separate network protected by an air gap all the time?

Having stuff that doesn't need internet access connected to the internet is like asking for trouble.

That wouldn't necessarily solve the problem, if you look at what happened with stuxnet. Getting a USB stick into a domestic steel factory probably isn't hard.

As another commentator said, these plants are designed to be operated by people who don't know the difference between a mouse and a keyboard. The systems must work perfectly 24/7. I've seen the legions of machines running XP because the legacy software runs on it and God forbid they upgrade to Windows 8.

That said everything seemed pretty secure there, loads of IT red tape needed to get anything on the network.

Well the usual solution to that is glue up the USB port or no USB stick is allowed to enter or leave the facility.

This doesn't make it impossible to get access but it make it a hell of a lot more difficult.

For one thing the hackers don't have direct access they need to rely on the virus to do the dirty work and cannot do intelligence gathering on what systems are being used that well either.

> why is the industrial control computer connected to the internet.

My guess is remote monitoring.

So what's wrong with a separate internet connection, network and a computer with all its USB ports glued up connecting trough a VPN to the facility computers.

You can read all the stats off the screen.

Slightly more insecure then complete isolation but i suspect still better then what they had.

And that VPN would connect to ... the office network where everybody runs outlook ? Or does it connect to a set of machines that run ssh with passwords shared with forums on the internet ? This configuration, incidentally, is probably exactly what the factory was running.

There are a number of things that are commonly brought up as solutions to security. VPN's, Anti-virus, IDS, disabling USB, nat, ... none of them are. The solution to security problems is knowing all possible interactions between your software and the outside world. If you don't, there is at least a good chance it can be hacked.

Of course, not having to know all interactions, some would say, is the reason we have computers in the first place.

The VPN could connect to a Qubes-isolated VM.

I've worked for classified organisations and they don't do this, because it's unsafe.

For instance that VM would have to be an http server to actually see the data, it would have to run on a managed (through sssh ?) host, ...

I mean why not give it an output-only serial line instead (isolating control signals. NO error recovery, windowing, ... allowed) ? At that point it doesn't really matter what's on the other side. The point here is that in this way you can guarantee information only flows in one direction. Plus it's dead simple (it will malfunction and at that time there will be many, many voices saying it's too simple, but it's not).

The system on the other end of the serial line can be as convenient an insecure as you want, because it's not trusted to be secure. Needless to say, in practice there's still considerations of redundancy, so there are multiple output systems sending data over different fiber paths to different destinations. But all of them have the RX pin connected to ground.

There is lots of security hardware that does this.

This is how it works. Network of trust. A trusts B to ... Software trusts hardware to ... Operator trusts hardware to ... Operator trusts software to ... you make an overview of this and then you scratch anything you can. Depending on the level of security required you accept varying levels of inconvenience.

Thanks for the reminder on one-way channels. Each situation is different, e.g. software-based systems can build upon hardware separation (including one-way data diodes), while retaining the option for software defenses to evolve in response to ever-changing threats.

(PDF) Air Gaps: http://www.invisiblethingslab.com/resources/2014/Software_co...

DIY Fiber diode: http://www.synergistscada.com/building-your-own-data-diode-w...

How do workers melt solid steel once it's cooled in places?

I wondered the same and found this informative article:

http://www.steelguru.com/article/details/Mzc%3D/_Blast_Furna...

Fascinating.

Fascinating indeed. Here is a related article about an explosion that happened while trying to restart a chilled furnace: http://www.hse.gov.uk/pubns/web34.pdf

One thing these news stories don't do a good job of getting across is exactly what a blast furnace is. So here's what I got out of that link: a blast furnace is something like a 10-story can, lined with fancy insulating bricks and a ton of embedded pipes for water-cooling so that the insulation doesn't melt. On the outside are a bunch of walkways and vents and ducts and pipes and stuff just like a scene out of Terminator.

You chuck various rocks (iron ore, limestone, coal) into this multi-story brew and they gradually react with each other (the mixture heats itself) as you blow oxygen into openings at the bottom. Over a period of weeks the iron sinks to the bottom (and the waste sinks close to the bottom but not quite) where you extract it. Once or twice a decade you might stop making steel and empty it all out so you can replace the bricks and do maintenance.

If you let it get too cold, the iron and the waste (slag) will freeze and clog the vents, so you drill into it with "a long, consumable, steel tube fed with pressurised oxygen gas" - it's not like you have heating coils built in, you just toss the fuel in with the rest of the stuff. I guess this is also why the "chilled hearth" at the bottom is such a problem (the point of having a blast furnace is that it's mostly-iron that collects down there, not fuel). Of course, the frozen steel and slag is still insanely hot, just solid now. On the other side of problem-land: if the cooling system leaks and too much water gets in, the whole thing might explode and jump about 2 or 3 feet in the air (this "too much water" is on the order of tons, mind you -- this can happen if parts of the cooling system melts).

Yeesh. I'd been thinking they'd lost something an order of magnitude or so smaller -- more like the size of a cement mixer.

And of course each of your top experts (water systems, electrical systems, etc) might want to go home before the 10+ year campaign is over, so you install remote monitoring and if there's a crisis you call the top expert and he can take a look at it and provide advice instead of getting up and spending half an hour to drive there and then give advice (possibly a very useful capability in many other crises)...

Chucking stuff in is close to the truth. In research furnaces they lob bin bags full of various materials they want to add to the cast depending on the grade of steel they're trying to produce. The whole bag goes in, the plastic is negligible.

Often these things are heated (at least initially) with big ole' electrodes or by using induction. Nominal current is in the kiloAmperes. No pacemakers please!

To put it into perspective (again), most steel plants have their own dedicated power stations on-site.

There's two major types of furnaces: blast (coal) and induction (electrical).

Thanks. Apparently a chilled furnace can take months to "rake out." I bet that's a slow, manual process of heating up some bits with a hand oxygen lance, gradually nibbling until the passages and so forth are cleared.

By chance, does know the name of those giant drill-like things in The Deer Hunter iron works? Is that also an oxy lance of some sort?

By heating it... large torches are probably required. I wouldn't be surprised if it was cheaper to replace a clogged assembly than to try to melt the steel back out of it.

I think typically they use thermic lances, because torches aren't even close to enough.