Analyzing "Big Data" provides decision makers with tools to make better operational decisions impacting efficiency, costs, security, and ultimately contribute to greater profits. Download this white paper to learn the role of smart instrumentation, and find out how data is not only shaping business but changing the future of instrumentation
What the 3S CoDeSys vulnerabilities are and what an attacker can do with them
How to find out what control/SCADA devices are affected
The risks and potential consequences to SCADA and control systems
The compensating controls that will help block known attack vectors
A number of security vulnerabilities in the CoDeSys Control Runtime System were disclosed in January 2012. In October 2012, fully functional attack tools were also released to the general public.
While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers. Many vendors are potentially vulnerable, and include devices used in all sectors of manufacturing and infrastructure. As a result, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain.
This White Paper summarizes the currently known facts about these vulnerabilities and associated attack tools. It also provides guidance regarding a number of mitigations and compensating controls that operators of SCADA and ICS systems can take to protect critical operations.
Get the highlights here. See the best of the many presentations from the November event. Topics cover everything from finding workers for tomorrow's factories to 21st-century SCADA systems, safety, sustainability and the newest products from Rockwell Automation. Download the "Smart. Safe. Sustainable" Special Report.
Simple network management protocol (SNMP) is a communications protocol built into most of the IT infrastructure around us. From printers to UPS systems, routers and the PCs we use in automation, virtually everything in the IT world supports SNMP communications. It is already there, waiting for your use. And, it is supported over the Ethernet you are already using. The plant engineer has been leveraging this type of functionality with automation equipment for years! All that is needed is the addition of another communication driver or two, enabling the integration of IT infrastructure equipment via SNMP, with the other protocols currently being monitored by your existing HMI/SCADA. The return on this investment is likely to be the lowest hanging fruit that you'll find for a long time.
Is Moving Your SCADA System to the Cloud Right For Your Company?
Cloud computing is a hot topic. As people become increasingly reliant on accessing important information through the Internet, the idea of storing or displaying vital real-time data in the cloud has become more commonplace. With tech giants like Apple, Microsoft, and Google pushing forward the cloud computing concept, it seems to be more than just a passing trend.
Recently the focus of cloud computing has started to shift from consumer-based applications to enterprise management systems. With the promise of less overhead, lower prices, quick installation, and easy scalability, cloud computing appears to be a very attractive option for many companies.
Common questions surround this new technology: What is the "cloud"? What kind of information should be stored there? What are the benefits and risks involved? Is moving toward cloud computing right for your company?
Cloud computing is not a "fix-all" solution. It has strengths and weaknesses, and understanding them is key to making a decision about whether it's right for your company. We'll explore the major benefits and risks involved, and give you a set of factors to consider when choosing what information to put on the cloud.
Ethernet is everywhere. If you standardize on Ethernet for all your communications, you can improve safety and reduce costs in ESD/SIS applications and pipeline and in-plant SCADA. Ethernet can also, and probably already does, connect the plant to MES and ERP systems, as well as VoIP and all other network needs, such as email and file transfer. Using a single communications protocol reduces complexity and improves the robustness of your industrial communications. This white paper is focused on midstream oil and gas operations, but can be useful to any plant engineer or operator.
When adding, modifying or upgrading a system, many critical infrastructures conduct a Factory Acceptance Test (FAT). A FAT includes a customized testing procedure for systems and is executed before the final installation at the critical facility. Because it is difficult to predict the correct operation of the safety instrumented system or consequences due to failures in some parts of the safety instrumented system, a FAT provides a valuable check of these safety issues. Similarly, since cyber security can also impact safety of critical systems if a system is compromised, it naturally makes sense to integrate cyber security with the FAT, a concept that brings extreme value and savings to an implementation process.
An Integrated Factory Acceptance Test (IFAT) is a testing activity that brings together selected components of major control system vendors and Industrial Control System (ICS) plant personnel in a single space for validation and testing of a subset of the control system network and security application environment in an ICS environment. Conducting an IFAT provides important advantages and benefits including: time savings, cost savings, improved ability to meet compliance requirements, and increased comfort level with integrated security solutions.
With the current trend of more intelligent ICSs and increased regulatory compliance, the best practice to achieving ICS and IT integration is by conducting an IFAT. A common problem that occurs in the industry is the unanticipated work associated with implementing security controls which can result in production issues. Performing an IFAT avoids costly redesign and troubleshooting during outage operations saving time and money that leads to an enhanced, sound security solution.
Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst, Burns & McDonnell
A number of previously unknown security vulnerabilities in the ICONICS GENESIS32 and GENESIS64 products have been publically disclosed. The release of these vulnerabilities included proof-of-concept (PoC) exploit code.
While we are currently unaware of any malware or cyber attacks taking advantage of these security issues, there is a risk that criminals or political groups may attempt to exploit them for either financial or ideological gain.
The products affected, namely GENESIS32 and GENESIS 64 are OPC Web-based human-machine interface (HMI) / Supervisory Control and Data Acquisition (SCADA) systems. They are widely used in critical control applications including oil and gas pipelines, military building management systems, airport terminal systems, and power generation plants.
Of concern to the SCADA and industrial control systems (ICS) community is the fact that, though these vulnerabilities may initially appear to be trivial, a more experienced attacker could exploit them to gain initial system access and then inject additional payloads and/or potentially malicious code. At a minimum, all these vulnerabilities can be used to forcefully crash system servers, causing a denial-of-service condition. What makes these vulnerabilities difficult to detect and prevent is that they expose the core communication application within the GENESIS platform used to manage and transmit messages between various clients and services.
This White Paper summarizes the current known facts about these vulnerabilities. It also provides guidance regarding a number of possible mitigations and compensating controls that operators of SCADA and ICS systems can take to protect critical operations.
The purpose of this paper is to explore the particular ways in which operators can tightly integrate wireless instrumentation networks with SCADA and realize.
Integrating wireless instrumentation with SCADA systems can drive operational efficiency and reduce deployment costs.
The use of wireless instruments in pipelines and gas production operations has been gaining momentum over the past few years. Driven by cost cutting measures and the need to gain more operational visibility to meet regulatory requirements, wireless instruments eliminate expensive trenching and cabling while providing access to hard-to-reach areas using self-contained, battery-powered instruments. However, SCADA engineers and operators are facing the challenge of integrating wireless instrumentation networks with other communication infrastructure available in the field. Managing and debugging dispersed wireless networks presents a new level of complexity to field operators that could deter them from adopting wireless instrumentation despite the exceptional savings.
This paper will look into the particular ways in which operators can tightly integrate wireless instrumentation networks with SCADA and realize the full benefits of such an integrated solution.
Whitelisting is described by its advocates as "the next great thing" that will displace anti-virus technologies as the host intrusion prevention technology of choice. Anti-virus has a checkered history in operations networks and control systems many people have horror stories of how they installed anti-virus and so impaired their test system that they simply couldn't trust deploying it in production.
While anti-virus systems detect "bad" files that match signatures of known malware, whitelisting technologies identify "good" executables on a host and refuse to execute unauthorized or modified executables, presumably because such executables may contain malware. This is a least privilege approach of denying everything that is not specifically approved.
In this paper the Industrial Defender team performs an independent analysis of a variety of whitelisting solutions for their applicability to control systems. The paper closes with some recommendations related to this technology and areas for further research.
TVIS is a heat transmission company for the Trekantomradet geographical area of Denmark. It takes care of excess heat from the industries and power plants in the area and redistributes the heat in pipelines to households, public institutions, offices, shops and other facilities in the area. ABB in Denmark has supplied TVIS a SCADA solution based on System 800xA for controlling the district heating network. Read this white paper to learn how TVIS, in conjunction with ABB's new SCADA solution system, monitors heat transmissions remotely and safely.
Protecting your HMI/SCADA system is critical but can be challenging due to complex, multilayered technologies, cyber threats and other risks. This white paper describes where vulnerabilities within an HMI/SCADA system may lie and how companies can take proactive steps to address susceptible areas through securitybased software capabilities.
Integrators frequently use OPC technology to connect one Industrial Automation system (PLC, DCS, SCADA, HVAC, etc) with another so data can be shared between the two systems. Because OPC technology is based on the Client/Server architecture, the challenge is that two OPC Servers cannot communicate with each other directly. A variety of vendors provide an intermediate software solution, generically called an OPC Bridge, to facilitate this sort of communication. This whitepaper discusses the concept of the OPC Bridge, the solution architecture, required software components, and various features to help Integrators differentiate between different OPC Bridge products.
This white paper describes how SNMP is applied to asset management and transportation of "shadow data," information on equipment maintenance and security within the SCADA system. Since SNMP has emerged as a very efficient vehicle for transportation of this information, it is feasible for addition to existing systems. The white paper includes descriptions of smart function blocks, which significantly reduce programming efforts when used with Semaphore's T-BOX RTU and Kingfisher RTU product lines.
The industrialized world relies on a broad spectrum of vital critical infrastructure sectors. In addition to physical safety and security, network security for critical infrastructure is crucial because of reliance on electronic systems for operational control.