Wolves at the Door(s) of the House of Straw

In the control system world, engineers believe that as long as they have some sort of device separating the control network from the business network, they are safe.

2 of 2 1 | 2 > View on one page

Now control system networks may not have laptops moving around, but they do have a lot of interconnections that we tend to forget about. Besides the usual link to the business LAN, there can be a myriad of other connections into the control system, including serial links, wireless systems, third-party maintenance connections, remote-site connections over leased public telecommunications networks and dial-up modems. In fact, when ARC Advisory Group recently surveyed control engineers about the types of connections that their automation networks had to the outside world, this is what it found:

  • 47.5% — Company Intranet/Business Network
  • 42.5% — Direct Internet Connections
  • 35% — Direct Dial-up Modems
  • 20% — Wireless Modems
  • 17.5% — No Connection
  • 8.0% — Other Connections

Notice that the percentages in the ARC study do not add up to 100%, indicating that most facilities have multiple pathways into the control system. One security survey of a large refinery uncovered 14 different pathways. The bottom line is that modern control systems are so complex that expecting every single byte of information flowing in or out of the automation network to be inspected by a single firewall is just no longer realistic.

So if the bastion model of security won’t protect our control systems, what will? One place to look is in the work of a little-known, but influential, non-profit foundation called the Jericho Forum.

Eric J. Byres, PE, is principal at Byres Security, Inc. He can be reached at eric@byressecurity.com.

The next installment of this series will discuss the Jericho Forum and its approach to control system security.


When Good Firewalls Go Bad

Numbers of Critical Errors in Professionally Configured Firewalls
Source: Courtesy of Avishai Wool, IEEE Computer Magazine, June 2004.
While technologies used inside boundary firewalls are well understood, research indicates that configuring them correctly is still more of an art than a science. In a landmark paper on firewall configuration errors, Avishai Wool showed that even core firewalls in major corporations can be enforcing poorly written rule sets and vulnerable to attack. In the study, Wool defined 12 serious firewall configuration errors (each very general in nature) and then inspected the firewall configurations of 37 major corporations. He found an average seven serious errors per firewall, with some having as many as 12 errors. The results clearly indicate the complex nature of firewall management and that many SCADA/PCN firewalls may be little more than dangerous placebos, offering protection more illusionary than real.
2 of 2 1 | 2 > View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments