Evaluating Or Testing Utility SCADA Security? 227
EncryptedBit writes "I am a local elected official involved in bringing new water and waste water treatment plants online in a small town. The new plants will incorporate SCADA, which can be used to change operational aspects at the plants, up to forcing a shutdown or changing operational parameters. Can any Slashdotters recommend ways to make sure it is secure? Any testing recommendations? The operational engineers are oblivious to security and SCADA is a new factor, so this concerns me. Any pointers would be appreciated."
Don't put it on the Internet! (Score:5, Insightful)
Seriously keep it on it's own separate network.
Re: (Score:2, Interesting)
Re: (Score:2)
That is easier said than done sometimes, and unfortunately it doesn't solve the whole problem. Solid layer-1 through 3 network security is extremely important, and needs to be very thurough.
But resolving the details isn't easy. How do you prevent a technician serving one piece of equipment on the network from accessing other network-connected equipment? How do you counter factory backdoors?
And... how do you do all of this without an IT staff dedicated to it?
Re: (Score:2)
Air gap.
Re: (Score:2)
Original scenario: Vendor technician connects laptop to second Ethernet port of their equipment's management card when doing quarterly PMs. Now what?
Mor common case: Even companies that should know much better (AT&T comes to mind) use Ethernet as the sole connection point to some of their SEL protection relays. It might be on a VLAN, but it is far from an air gap, and there isn't a dedicated workstation to connect a browser to just that VLAN.
With RS485, it was easy to keep some semblance of an air gap
Re: (Score:2)
totally agree - no amount of convenience is worth the security risk !
Re: (Score:2)
Re: (Score:3, Interesting)
> Except we all want cheaper stuff. And that means using the lowest bidder.
It means using the lowest qualified bidder. Do you think you'd get better quality from the highest bidder?
Re: (Score:2)
Right. Finding inferior quality for less money is rarely the problem.
Re: (Score:3, Funny)
But I want to be able to blame "hackers" when I mess up.
Re: (Score:2)
Ha! Something as pedestrian as not having an Internet connection doesn't stop them evul hackrz!
Re:Don't put it on the Internet! (Score:5, Insightful)
Re:Don't put it on the Internet! (Score:5, Informative)
Re: (Score:3, Insightful)
Re:Don't put it on the Internet! (Score:5, Insightful)
Good safe practice for separating a process control network from the internet is something like: internet > corporate network > buffer network > process network. Completely separating it is not advisable, because it can actually make it harder to administer and protect (updates, antivirus, etc). It's an option though if you are diligent with sneakernet updates and whatnot.
The network your SCADA system runs on should never, ever have direct access to your corporate network or the internet, your buffer network should never have direct access to the internet, and your corporate network should never have direct access to your process network. Be stingy about what you allow through the firewalls at each layer.
Basically when you need SCADA data outside the process network, you send it to the buffer network, and from there it is accessed from the corporate network. All controls should only be managed from the SCADA network (i.e. don't set something up so that it can be managed from the corporate network).
Separation is key. As others have said, SCADA networks need a lot of open access to the various systems they control in order to function efficiently, so within the network things have to be practically wide open. The only real option is to protect yourself with layers to make it nearly impossible for anything you don't want to access the system.
Re: (Score:2, Insightful)
Yeah, it might make it a little harder to work with sometimes.
TOO FLIPPING BAD!
Get your lazy ass off out of your chair and maintain the low-level infrastructure like it needs to be. Sometimes the infrastructure needs a guy with a truck, a wrench, and even a firmware update to match.
There's absolutely no reason industrial control processes should be accessible to the same we
Re: (Score:2)
But but but.... I have the god given, constitution granted inalienable right to play Farmville, have my desktop covered with widgets and surf the web while at work! By god, I'm an 'merican!! What the hell do you expect me to do while I'm at work, WORK?!? I don't get paid to stare at those blinking pixels and dial thingamabobs all damn day.
Re: (Score:3, Funny)
But but but.... I have the god given, constitution granted inalienable right to play Farmville, have my desktop covered with widgets and surf the web while at work! By god, I'm an 'merican!! What the hell do you expect me to do while I'm at work, WORK?!? I don't get paid to stare at those blinking pixels and dial thingamabobs all damn day.
I think you're confusing us "'mericans" (people residing on the American landmass) with a uniquely retarded subset of those people called 'Government Employees'.
Re: (Score:2)
But but but.... I have the god given, constitution granted inalienable right to play Farmville, have my desktop covered with widgets and surf the web while at work! By god, I'm an 'merican!! What the hell do you expect me to do while I'm at work, WORK?!? I don't get paid to stare at those blinking pixels and dial thingamabobs all damn day.
I think you're confusing us "'mericans" (people residing on the American landmass) with a uniquely retarded subset of those people called 'Government Employees'.
Nah, he's just in denial that the government functionaries in his country are just as damaged.
Re: (Score:2)
Re: (Score:3, Insightful)
While there are some truly compelling advantages to KISS/dumb systems, there's usually no reason that the system has to have a painful interface. The UIs for medical equipment, for example, are highly polished and tested for ease-of-use. It's just IMHO dangerously stupid to put plug-n-play networking, USB, or Wifi on a drug infusion pump.
If plug A fits into socket B, somebody's going to plug it in. Drop some infected USB drives in the parking lot, somebody's going to stick one in a USB port behind your fire
Re: (Score:3, Insightful)
you really don't want your windows machines to update themselves: NO NO NO NEVER!!!
Just imagine the operators' dumb face when WinXP goes into a restart during some critical operation, this could seriously ruin a plant managers Tuesday!
One important aspect is the internal security, people are lazy, and if you allow the to use a USB drive somewhere (management demands repo
Re: (Score:2)
Re: (Score:2)
That's absolutely a recipe for disaster.
Nothing on the SCADA system should connect to anything, on any other network, using
Re:Don't put it on the Internet! (Score:5, Insightful)
As a security expert who has audited SCADA systems, I must amend the above remark. If you ask them, "I'm here for security, is it connected to the Internet?", they will say "no". If you instead ask them, because you are concerned, "in an emergency, how an administrator can access it remotely", then will tell you the series of systems that will allow you to connect in- firewalls, vpns, and usually a last hop Citrix remote desktop session to the SCADA software itself, which is often Siemens, and is run in a VM. When you tell them to take it off the Internet, they will put your request in change control, and find a way to get rid of you, or if you're a politician, to buy you out. Usually the people running these things have no ability to think adversarially, so they consider something that is several levels removed from the Internet to not be Internet connected, even though it is. They may even tell you that it has its own leased network, run over Frame Relay leased from a telco, which is quite common. This is also internet connected, as the ISP can get pwned, and the frame relay stuff has a management network that is on the ISP's LAN. I've done security for a Fortune 50 ISP as well.
The short answer is, every SCADA system in the Americas is Internet connected, and no one has the balls to tell them to stop. They will only hire people to audit them who will put on kid gloves and play by their rules, and they refuse to take advice from their vendors, who they pay to be compliant. A security consultant lecturing a SCADA client on security measures is like a temp secretary lecturing a CEO on spelling. It's an event that always ends in a raised eyebrow and a prompt firing.
Every nuclear reactor in the united states is internet connected. I've seen them. I'm certain. Being a whitehat pen tester these days is like being a turned out whore- you know you're not helping anyone but it's too late to go back.
Posted anonymously for obvious reasons.
Re:Don't put it on the Internet! (Score:5, Insightful)
I almost forgot. Don't ask them, "is your network secure", because they will say yes, even though there's no such thing as a secure network. The appropriate question is, "how defensible is your network" and "what is your dwell time", i.e., what do you have in place to stop intrusions and how long do hackers usually last on your network. But the best question to start with is "what's your incident response budget", which they will brag about, i.e. how much money they spend on getting hackers removed when they're owned. Start there, get them to tell stories about the last time they got hacked. Then you don't have to listen when they start telling you about how they're "secure".
Re: (Score:2, Insightful)
Indeed, everything is connected to the Internet. It's always just an Ethernet cable away. Send the right commands over a phone line, and that cable will be connected for you.
Re: (Score:2)
is like being a turned out whore- you know you're not helping anyone
A very interesting and insightful post. However, I have to strongly disagree with this analogy. A turned out whore is providing a valuable service.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
http://www.blackandveatch.com/Markets/Telecommunications/Utility_Automation/Default.aspx I stopped reading there.
Re:Don't put it on the Internet! (Score:5, Interesting)
I've also done SCADA system security on the water plants of nuclear reactors, and can confirm that all the ones I've seen have been connected to the Internet. One time I saw a Junxion box and a AP just plugged into the core switch for the control network. It wasn't that crazy given that the Junxion box had its power supply in the manager's office and you can't get within miles of the place without having rifles shoved in your face, but it was still pretty surprising to see it.
Another site uses default passwords for everything and they have a dial-up modem which drops you right into a login prompt on one of the control hosts. You have to call them to get them to plug it in first, though, so they haven't had any problems. Unlike in Hackers, they don't plug it in for any schmuck who asks; you have to give a CAC ID and it has to match the schedule maintenance roster, otherwise the FBI gets called.
The really important stuff isn't really under control of a computer though, it's all in some PLC somewhere and there's only one guy who understands the control logic anyway. I'm not too worried about someone breaking into those networks. If anyone tried to do anything bad, it's much more likely that they're just going to break something unintentionally while learning how the system works and trigger an investigation, not create a meltdown.
Re:Don't put it on the Internet! (Score:5, Informative)
That's incorrect.
I used to build SCADA systems and we often included a separate "work terminal" that was connected to the corporate network for workers to access anything outside they needed. It was not connected to SCADA and the SCADA system was not connected to the main corporate network or the internet.
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
That's not necessarily true. One could still do something like "type > file" or "copy con file" or whatever and have something on their client machine that automatically sends keystrokes to create the remote file (perhaps using alt-NNN as needed for special characters).
Re: (Score:2)
Just as important (Score:2)
Re: (Score:2)
Seriously, no apostrophe. It's = It is. :P
Re: (Score:2, Interesting)
Back in the bad old days - when SCADA was driven by OPC - you had to turn off security just to get things like DCOM to work properly. It was scary and wrong, but you had very little choice. Talking to friends in the industry it doesn't seem to have gotten any better.
The real problem stems from engineering departments losing political clout within business that are
Re: (Score:2)
Some connection to the internet is inevitable - SCADA's are usually used for distributed data, and having separate long-distance physical lines everywhere is not cost-efficient at all.
So there is often some connection to the internet required, even if it's just VPN piggybacking over a hundred standard net connections in different places.
Re: (Score:3, Funny)
From what I understand (Score:5, Interesting)
There isn't much to do with SCADA regarding security - The systems themselves are inherently insecure, the extent of it reaching only so far as default passwords that are scarcely ever changed and the requirement to have a compatible console. If you're connecting these devices to the internet in any way, then you're opening yourself up for a world of hurt. The best security is physical security, with no link to the outside world except in closed, site-to-site communications. I'm by no means an expert, but having heard experts speak about the subject and with some limited experience of my own, there really doesn't seem to be any better way the way things are.
Re: (Score:3, Informative)
The systems I work on feed data to our SCADA systems. The entire network is completely walled off from the Internet, and even connectivity to our internal (non-operations) network is mediated by extremely secure bastion hosts.
I can understand that there may be a need for some access (e.g., system pages an operator to send a warning or emergency message), especially as this is a small town. Keep these sorts of connections absolutely to a minimum, and wrap several layers of security around it.
Re: (Score:3, Insightful)
"Bastion hosts" are an oxymoron. Every device on a network needs the best self-protection set at the highest possible standard. Layers of security are only incrementally effective. It takes only one bot to bring you down. Firewalls, although they sound impressive, are ineffective when users plug in infected flash drives, or other media. You have to distrust every device on your network without exception-- even routers and switches can be broken into using fuzzing techniques. Continually hack yourself, ethic
Re: (Score:2)
You have to distrust every device on your network without exception-- even routers and switches can be broken into using fuzzing techniques.
I always thought that for the truly paranoid, the trick is to make sure that it is physically possible for information to flow into the "secured" system from the outside world. For example, make it so that the only connection between the secured system and the Internet-facing gateway is a serial cable, and the TX line on the serial cable has been physically severed.
Re: (Score:2)
Even Rotts like a juicy steak now and then.
The air gaps seem simple, until someone connects a back door from their phone, wakes up some long sleeping daemon, and then the link is complete.
Hacking yourself is the best way, with the best tools you can get... frequently.
Re: (Score:2)
Outbound notifications can be handled by a serial connection with the inside hosts Rx line cut so that it can ONLY send outbound communications.
Re:From what I understand (Score:5, Insightful)
There isn't much to do with SCADA regarding security - The systems themselves are inherently insecure...
As somebody that worked at a SCADA software company for a few years, and saw (1) the skill level of the core development team and (2) what customers did with our systems, I heartily endorse this viewpoint.
Re: (Score:2)
Re: (Score:2)
You don't necessarily need an airgap. You just need the network so that you can read SCADA status info and alert based on that.
http://www.stearns.org/doc/one-way-ethernet-cable.html [stearns.org]
Be able to read from WAN->SCADA, but never be able to write.
Pointers (Score:2, Funny)
Having done this... (Score:2)
...I will say that training is going to be your biggest hurdle. But I'm sure you know this. Water and waste water technicians are, in my experience, terrified of technology. This manifests as an unwillingness to use technology and a hostility when forced to do so.
Other than that, treat it as you would any other service that could potentially kill people, or more importantly, lose your next election ( I know how politicians think ); Lock down the subnet, do not provide access to this remotely on equipment
Do NOT connect to the Internet! (Score:3, Informative)
It's simple......
Do NOT, under any circumstances, connect the SCADA systems, including workstations which can control or monitor them, to anything which touches or has access to the Internet. Make SURE that your control and monitor workstations have current AV in place. Do NOT connect them to the net to update the AV, figure out how to do it with sneakernet.
Further, make SURE you use RFC 1918 addressing for the SCADA systems so that they are not readily routable to the 'net.
Map the interfaces, and have a AAA (Authentication, Authorization and Accountability) strategy for each. Log EVERYTHING.
If you use a carrier to link remote sites into a WAN, make them prove to you that their pipes are clean and secure.
Have Fun......
Red...
Re: (Score:3, Interesting)
Do NOT, under any circumstances, connect the SCADA systems, including workstations which can control or monitor them, to anything which touches or has access to the Internet.
When that's not possible due to management pressure, there are options that are better than just giving in and connecting systems up to the internet.
The simplest of such options is a "data diode" -- its a device that physically only permits data to flow in one direction. For example, optical network connections have a transmit fibre and a receive fibre. A data diode would physically connect just one fibre.
Implementing a data diode - say to run your monitoring software on an internet connected PC so as to
Re: (Score:2)
Re: (Score:2)
With rare exceptions, all network protocols require two-way traffic. So this idea of a "data diode" is not possible to implement in practice. People who claim otherwise are trying to sell you snake oil.
I suggest you do some research. Data diodes tend to be application specific and the good ones "know" enough of the protocols involved in order to spoof the necessary handshaking.
Re: (Score:2)
With rare exceptions, all network protocols require two-way traffic. So this idea of a "data diode" is not possible to implement in practice. People who claim otherwise are trying to sell you snake oil.
Who said anything about a network protocol?
A "data diode" receiver just needs to monitor an optical sensor, which could be pulsed at a fixed clock rate to provide a baseline. Monitor the on/off/brightness-level of your optical sensor, you can then write the output to a file. No need for a 2-way protocol.
An example demonstrates the practicality of this:
Timex DataLink watch: early models fed data to the watch by flashing bars of light on your monitor, while holding the watch's optical sensor in front of the
Re: (Score:3, Interesting)
Oblig XKCD [xkcd.com]
If you're putting AV on it, you're doing it wrong.
Re: (Score:2)
If you use a carrier to link remote sites into a WAN...
... run your own encrypted vpn connection over the link. Then you don't care if the wire is ever hacked into.
Ask the NSA (Score:2)
This answer assumes you're in the US. If not, replace the relevant government agency with your own government.
Since your engineers are 'oblivious about security', you're going to have to hire somebody to evaluate your system. NSA should be able to point you towards government contractors that do this kind of thing. You could try DHS since they're supposed to help civilian infrastructure such as your operation, but their "cyber" operation isn't really set up yet.
No, it won't be cheap. You'll have to bala
Well... (Score:2)
Data Diode (Score:2)
You have to fix this (Score:2)
The operational engineers are oblivious to security
Its like saying Our bus drivers are oblivious to road safety. If they don't know how to do their jobs then you are screwed.
Put an air gap between your SCADA system and the internet.
Scared yet? (Score:2)
Is anyone else terrified by the fact that this question even had to be asked?
Re: (Score:3, Interesting)
Now, the fact that said official appears to have strong reason to distrust his engineers, and no ready internal supply of expertise, suggests that any script-kiddie with a copy of Telnet and 10 minutes will be able to quite literally put some poor town up shit
Attacking and Defending the Grid (Score:2, Insightful)
I recently went to a Belgian OWASP meeting where Justin Searle talked about "Attacking and Defending the Grid".
This guy knows what he's talking about. Among other things, he also mentioned SCADA vulnerabilities.
I recommend you contact him or his company for professional advice (I am in no way affiliated with him or his company - just thought you might be interested)
If you google for the subject of this reply in combination with "OWASP", you'll find more info about the talk.
VPN (Score:3, Informative)
I'm working with an international firm on Scada - we use a VPN to provide a secure private network.
Re: (Score:2, Insightful)
FTFY
Re: (Score:2)
SCADA and Security are not yet integrated (Score:4, Insightful)
SCADA systems are not designed, implemented, or operated with network and application level security concerns in mind. :)
(Usually. The exceptions know who they are
Your compensating control is physical security to limit access to SCADA elements and programming. It costs more, but you have no sane alternative.
And before you get too cocky about that restricted air gap, consider Stuxnet turning such a strength into a weakness for exploit. At some point SCADA systems will be security conscious; that day is not today...
Re: (Score:2)
And before you get too cocky about that restricted air gap
This is the fundamental problem right here. The kind of mind that thinks airgap and be done with it is usually the kind of mind that doesn't think about security, and will fall for exactly the likes of Stuxnet. This illusion that everything is fine because there's no internet can often be worse than a well designed remote access system built from the ground up with security in mind. They do exist and the ability to remotely see what is going on can pull you out of the shit, or put you in the shit depending
Re: (Score:3, Insightful)
And before you get too cocky about that restricted air gap
This is the fundamental problem right here. The kind of mind that thinks airgap and be done with it is usually the kind of mind that doesn't think about security, and will fall for exactly the likes of Stuxnet. This illusion that everything is fine because there's no internet can often be worse than a well designed remote access system built from the ground up with security in mind. They do exist and the ability to remotely see what is going on can pull you out of the shit, or put you in the shit depending on how it's implemented.
The fundamental problem is that good security is a process, not a state, and you cannot have good security by any fire-and-forget solution.
Re: (Score:2)
Process Not Project (Score:2)
Here is the most important thing to know: security is a process not a project. No systems ever "achieve" security. Rather, better-protected systems beat the attackers by having well-thought-out-and-executed security processes.
You're asking about this on Slashdot ? (Score:2)
Some thoughts (Score:2)
hire a consultant (Score:2)
If you don't understand the issues well enough to do an audit yourself, insist on an outside audit by a company that does, *and* does not sell any security products or services themselves.
Asking Slashdot is just going to get you a whole lot of uninformed suggestions from mostly well-meaning people with the occasional good suggestion buried in the noise. But you don't know enough about the subject to know which ones are the good suggestions and which are not.
First rule: air gap (Score:2)
First advice: do not connect the network that runs the SCADA systems to the Internet or to any network that connects to the Internet. Leave an air gap between your control systems and the outside world. It's OK to network them, but make it an isolated, stand-alone network. It's much harder to attack a network when getting access to it requires physically going to one of your offices or plants. It may make it less convenient, but remember you're making it less convenient for the bad guys too and the conseque
Stuxnet as a case in point (Score:2)
You will then have a measure of how vulnerable your network is to Stuxnet in particular. It's only a circumstantial indicator of how vulnerable your network is generally, which is why I'm not in favor of pen testing except as part of a more comprehensiv
Controlled Interfaces (Score:2)
The U.S. Government fully understands the need for isolation and just how impossible it really it. There are niche companies out there that make systems that comply with specific DCID 6/3 requirements to make the system match a Protection Level. They use mandatory access control with Solaris 10 Containers, Trusted Solaris/Irix before that, and SELinux nowadays.
Here's their problem though. In order to be effective, an organisation must clearly know what must come in or out, network wise. It is difficul
I too work with SCADA systems (Score:2, Insightful)
The town I work for has a SCADA system for it water treatment plants and lift stations. A lift station pumps sewage to the wastewater treatment plant. SCADA (at least in my town) has two main components. The first component is a control station which is a Windows XP SP2 PC. A read-only monitoring terminal is also a Windows XP SP2 PC. The second components are several small boxes inside cabinets to which various sensors and radio links are attached. Each lift station, water treatment plant, pump house,
From a Control System Engineer's point of view. (Score:2)
You need to hire a control system or SCADA engineer to assist you to evaluate the overall requirement.
Depending on your operation you might just need a isolated network to more sophisticated requirement. You mention that you are in a small town and runs a small water treatment plant, so that tells me that a. you have a smaller size facility with only a few components (versus big facility for a big city), and b. seems that this is your only facility to operate, or one of very few. The requirement depends
A view from the trenches (Score:2)
This is Slashdot. There are many self styled experts here. Some know what they're talking about. Many do not. Tread with care.
I am a registered professional engineer with 25 years of experience integrating, fixing, and designing several generations of SCADA and plant control systems for a large water and sewer utility. I not only design and build these things, I live with my creations through the entire life-cycle. If it does anything unexpected, they call me; no matter how old it is. I have worked on ever
Re: (Score:2)
This is Slashdot. There are many self styled experts here. Some know what they're talking about. Many do not. Tread with care.
Right.
You have some things going for you here. First, your problem is controlling water and sewerage plants. Those don't need to be connected to external systems. In contrast, power grid control systems do, because there are financial systems which interconnect to the operational systems. (Read PJM 101 [pjm.com] to get a sense of what that's like for the nation's biggest power grid.)
Check out the University of Idaho (Score:2)
The University of Idaho has a research lab dedicated to this. They have SCADA systems set in a lab. There's a grad class in the subject you can take via video. And there are quite a few papers they have helped published. Search the IEEE document library for some good info.
Air Gap (Score:2)
Make security a top priority. (Score:2)
Every computer system that was ever designed, every software that was written was done to share information, not to secure it. That is until recently. It wasn't until we built all these systems and got them all working that we then went 'aw CRAP, what about security...'
The internet was designed by engineers. Software was written by engineers. They both shared the same flaw. Engineers build things. Nearly every engineer I've met operates on the principle of "If it ain't broke, don't take it apart and find
The whole article is more then likely a troll but, (Score:2)
Simply put..
A. Do not under any circumstances connect this thing to the internet. no if, ands or buts about it.
B. If outside access is required it is by call-back ONLY.
C. EVERYTHING is logged, 100% no exceptions. Every keystroke, every entry, every response, every everything, and the logging is hard connected and encrypted.
D. Nothing is interconnected to your main business network. Place secure terminals that boot from the SCADA network that have NO media devices in them, no USB, No DVD/CD drives, no seria
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Rather; rumble rumble shake shake brrrrrrrrrrr.... WOOOOSSSSSHHHHH!!!!!!!!!
The sound you can hear is the nuclear exploding joke rushing past your ears as your SCADA systems fail to spot the humor in the great grandparent because they had been disabled by a hack. Lucky you were standing behind a very solid earth and granite barrier so you didn't even notice it.
Re: (Score:2)
I'm confused, since when are operational engineers managers?
Re: (Score:3, Insightful)
Remember Suxtnet? Not too long ago?
It spread by usb drives, which Gleefully jump the "air gap".
It's slightly more complicated than simply keeping an air gap, and probably requires the consultation of someone who's had experience securing these types of networks.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not as good as they think it is, but a little better than nothing. An appliance can't secure the network, but as a gateway to the SEL network it might make sense.
Re: (Score:2)
Air gap, it should not be connect to the internet in any form or fashion. it should only be networked with other scada computers and nothing else. Physically seperate networks than the rest of your systems. The Department of Homeland security will come out and interrogate you about it if you ask them. google SCADA site:dhs.gov for there guidelines.
There, I fixed it for you...
Re: (Score:3, Informative)
Re: (Score:2)
invite Russian, Asian, and Middle eastern hackers to attempt to bring down the network and system then find all the points they attacked and fix em
Once you've fixed all of those points, you can start looking for the various hidden back doors the hackers installed while they were inside. Maybe you can hire some other hackers to help you find them?
Re: (Score:2)
OK. Try doing that 600 lines with ice cube relays instead... and hope nothing changes.