Industrial control systems security

Why SCADA security?

Numerous instances of security breach and data exfiltration at the SCADA/ICS environments the world over have caused more than a flutter, these attacks have happened in quick succession as if a string of beads has been broken. There are numerous pathways for intruding the haven of control systems environment.

pathways to controlsys

Let us take a look at the highlights of this critical vertical and the ones that made headlines.

  • It was a Trojan program inserted into SCADA system software that caused a massive natural gas explosion along the Trans-Siberian pipeline in 1982. A newspaper reported the resulting fireball yielded “the most monumental non-nuclear explosion and fire ever seen from space.”
  • A former hacker interviewed by PBS Frontline advised that “Penetrating a SCADA system that is running a Microsoft operating system takes less than two minutes.”
  • Stuxnet one of the most successful Malwares specifically targeting industrial control systems compromises the Iran nuclear centrifuges.
  • Stuxnet variants are released in succession in the form of Flame, Duqu, etc. The extent of the damage caused by these worms is still unknown as the security vendors are yet to completely analyze these sophisticated worms.
  • Chinese hackers working regular business hours shifts stole sensitive intellectual property from energy companies for as long as four years using relatively unsophisticated intrusion methods in an operation dubbed “Night Dragon,” according to reports from security vendor McAfee.
  • Italian researcher Luigi Auriemma published 34 ICS vulnerabilities. The documentation also includes a section on “Fix” and this is filled with “No Fix” for certain products, there is exploit code in the wild that will compromise systems housing these vulnerable systems.
  • Stuxnet revisited the Russian Nuclear program in Nov 2013.
  • Hacktivists like SEA, Anonymous, lulzsec are targeting Oil and gas industry and a country wide alert has been flagged by the Oil and gas giants and nations to secure and constantly scrutinize their SCADA networks.
  • The NSA toolkit published by der Spiegel consists of so-called “implant” items, such as Nightstand, an 802.11 wireless exploitation and injection tool; Jetplow, a “firmware persistence implant” for taking over Cisco PIX and ASA firewalls.
  • Several key vulnerabilities have been discovered in the Honeywell SCADA/ICS systems previously for example, a vulnerability of CVSS score 7.5 was discovered on May 21, 2012 (source: http://scadahacker.com/vulndb/ics-vuln-ref-list.html) Honeywell took 1 year to release a patch to fix this vulnerability.
  • A new vulnerability, CVE-2013-0108, was discovered in Honeywell industrial control systems (ICS), continuing the growing trend of SCADA and building control issues on March 12, 2013. Exploitation of this vulnerability could allow partial loss of availability, integrity and confidentiality, and could be exploited remotely to affect systems deployed in the government facilities and commercial facilities sectors, as reported by security vendor Rapid7/Metasploit (source: http://www.infosecurity-magazine.com/view/31203/another-honeywell-ics-vulnerability-rears-its-head-in-building-control

“The Risks involved in integrating SCADA with Business Network are numerous and it needs to be driven by a strong business need and justification.”

The challenges in securing ICS/DCS networks are numerous and daunting, the primary concern being the lack of personnel who understand control systems engineering and IT security at the same time, this mix is quite unique and rare.

controlsys cybersec

The other concerns that remain are-

  • SCADA or ICS Systems are not designed with Security in Mind.
  • It is not about securing just the PHD servers but the entire ICS network.
  • Limited number of professionals with right competency are available. IT needs to know control systems environment and Plant operations need to understand the IT perspective.
  • Collaboration and support from professional community is still in its nascent stages.
  • Can’t use existing security infrastructure to secure ICS. There are multiple access points in ICS by design…radio, wireless, Fieldbus, etc.
  • It is difficult to implement or change anything with the ICS network without affecting real-time systems. Time lines, time stamped data and availability are crucial
  • Terminal devices have limited computing and memory resources

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s