Does industry have a death wish – connecting actuators directly to the Internet is not a good idea

July 6, 2017

Actuators, including motors and drives, control physical processes by monitoring sensors and adjusting pumps (motors), valves, fans, etc. When actuators don’t work as designed for malicious or unintentional reasons, equipment damage, injuries, and deaths can, and have been, a result. Consequently, connecting actuators directly to the Internet is not a good idea.

Actuators, including motors and drives, control physical processes by monitoring sensors and adjusting pumps (motors), valves, fans, etc. Actuators are used in industrial control systems (ICS) and safety systems in all industries and defense applications. When actuators don’t work as designed for malicious or unintentional reasons, equipment damage, injuries, and deaths can, and have been, a result.

Currently, neither actuators nor process sensors are designed to be cybersecure. These devices often have no authentication or endpoint security protection. From a security perspective, having two-way communication from lower security levels to higher security levels is questionable at best. Hackers are increasingly focused on ICS, as evidenced by rising numbers of cyber incidents and attacks involving Internet-connected ICS.  If data or configuration can be compromised via an Internet connection, relying on the actuators to provide control or safety can cause untold harm. Consequently, directly connecting actuators to the Internet is a very bad idea.

“If you’re connected, you're likely infected,” DHS proclaimed in the May-June 2015 DHS Monitor. (p.4.)  DHS emphasizes that connecting ICS systems to the Internet leads to cyber intrusions and attacks, such as the injection of the malicious surveillance software, BlackEnergy, into power grids―a forerunner to the December 2015 and 2016 cyberattacks on the Ukrainian grid. DHS' ICS-CERT is constantly updating its list of cyber vulnerabilities in ICS products and protocols (https://ics-cert.us-cert.gov/alerts) - a list that is far from comprehensive. 

ICS cybersecurity is even less advanced than IT cybersecurity, which itself is still not secure enough.  The recent article in the New York Times - https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html - provides a case history of recently released hacking tools bypassing the latest cyber security technologies.

Is industry listening?  A recent AutomationWorldarticle about “internet-ready” actuators (https://www.automationworld.com/article/technologies/actuators-and-valves/internet-ready-actuators-and-world-motion) makes one wonder.  The article extols the wonders of linking actuators to the Internet, which is precisely the wrong message. The article mentions cyber security only once―in a quote from a marketing manager for a leading ICS equipment vendor.  Imagine a hacker’s glee upon reading the following quotes from Automation World:

-        “…by using actuators with the ability to connect to the Internet, it is easier to see how an individual device is operating from outside the production systems…”

-        “…If an actuator is compatible with the Internet, it may be able to have its own IP address, so data can be viewed on a web page…”

-        “…These devices also have an Ethernet-based protocol that makes it easier to connect them to a network or the cloud…”

-        “One of the advantages of IOT-ready controllers is two-way data exchange. This allows you to share data to a SCADA system or the cloud, but it also makes it easier to push data down to electric or pneumatic devices for parameterization or configuration…”

-        “…Makers of pneumatic systems are getting around the size barrier by using sensors as a bridge to access data….Sensors allow us to manipulate data…”

At what point do we learn? We need increased segmentation, extreme caution about Internet connectivity and two-way information exchanges, and a discussion on the use of Internet access to safety systems. 

Joe Weiss