Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Compromising process sensors can, and have, contributed to unintentional and malicious cyber events. There is a need to monitor process sensors to validate process conditions and know whether malware or other issues have caused impacts to the process.
If large equipment such as generators or transformers are damaged in a cyber attack, not only can it take many months to build new equipment, it could take weeks just to get it to the facility site because of the size of the equipment.
I did a podcast for Security Ledger on my thoughts about the recent hacking of Wolf Creek and other “ICS” facilities. The bottom line is the “means” exist for hacking control systems and causing damage. The question is the motive to do so. The podcast can be found at https://soundcloud.com/securityledger/joe-weiss-on-grid-attacks-and-critical-infrastructure-security.
Actuators, including motors and drives, control physical processes by monitoring sensors and adjusting pumps (motors), valves, fans, etc. When actuators don’t work as designed for malicious or unintentional reasons, equipment damage, injuries, and deaths can, and have been, a result.
Given the recent spate of cyber attacks including those against ICS applications, IIOT World ran the following blog on the need for IT and IOT convergence for IIOT applications - http://iiot-world.com/cybersecurity/industrial-cyber-security-why-it-ot-collaboration-is-no-longer-an-option-but-a-necessity/. The blog was co-authored by myself and Richard Ku from TrendMicro to illustrate the need for this convergence.
The ExxonMobil Open Group advanced controls initiative through The Open Group’s Open Process Automation Forum has some of the largest process controls companies in the world and their vendors participating. However, as of yet, no power utilities.
With ICSs, we are in a very uneven battle. ICSs were not made to be cyber secure and often cannot be upgraded to provide what many in the cyber security community would consider to be a minimal level of protection.
Tuesday June 13, 2017 I am giving a paper/presentation at the American Nuclear Society Conference in San Francisco on “The Implications of the Ukrainian Cyber Attacks to Nuclear Plants”. The paper will focus on the impact of compromising protective relays but will also touch on the cyber insecurity of process sensing.
The assumption that network anomaly detection is correlated to physical process anomalies is only true if there is a direct look into the “raw” process. However, network anomaly detection cannot address potential sensor anomalies that occur before the serial-to-Ethernet convertors leading to a false sense of security.