Thoughts on the on-going global cyber attacks as they affect industrial control systems (ICSs)

June 30, 2017

With ICSs, we are in a very uneven battle. ICSs were not made to be cyber secure and often cannot be upgraded to provide what many in the cyber security community would consider to be a minimal level of protection. On the other hand, the hackers are dedicated to finding and exploiting vulnerabilities and have been given access to the latest zero-day exploits. As I believe it is a losing battle to secure ICSs, we need to be able to detect cyber attacks that affect operational system performance and we need to have a resilience/recovery plan.

For many years, there have been warnings about the cyber vulnerability of multiple infrastructures world-wide. Yet, those warnings are still not being adequately addressed. In 2004, the Idaho National Laboratory (INL) provided a glimpse of what we’re seeing today with CrashOverride, etc. As a demonstration for the 2004 ICS Cyber Security Conference, the white hat hackers at INL exploited a recently disclosed vulnerability. The demonstration used the vulnerability to open and close breakers as well as change breaker operator status from hundreds of miles away. At the same conference, a US utility disclosed how they had their SCADA system shut down for 2 weeks by a cyber attack that installed root kits in their SCADA system. The attack was traced to Eastern Europe and from there the trail got cold. A presentation was given at the 2014 ICS Cyber Security Conference about how the Russians cyber attacked the US grid using Havex and Black Energy. Yet, to this day, neither the NERC CIPs nor NEI-0809 require that malware be removed. Additionally, both NERC CIP and NEI-0809 exclude many systems (as not being “critical”) that could have BlackEnergy, or other, malware installed. At the 2014 Conference, we also had a presentation by a Russian researcher on hacking the HART protocol – the protocol for 4-20 milliamp analog sensors used in multiple industries world-wide.  The TrendMicro ICS honeypot program emulated a small water utility in rural Missouri demonstrated how cyber attackers world-wide are ready to pounce on inadequately secured control systems regardless of the size or importance of the facility. In this case, cyber attackers from all over the world targeted this “utility” including the ICSs within an hour of it appearing on the Internet.

As mentioned in previous blogs, a number of auto assembly plants were shut down because of fear of the malware. The radiation monitoring system (not the sensors) was compromised at Chernobyl and the system had to be operated in manual. A US nuclear plant's business network was hacked by foreign attackers. A chocolate factory in Australia halted production because of the malware.  As process sensors are still not authenticated or secure, consider the implications of hacking the actual sensors and the attendant damage.

With ICSs, we are in a very uneven battle. ICSs were not made to be cyber secure and often cannot be upgraded to provide what many in the cyber security community would consider to be a minimal level of protection. On the other hand, the hackers are dedicated to finding and exploiting vulnerabilities and have been given access to the latest zero-day exploits. As I believe it is a losing battle to secure ICSs, we need to be able to detect cyber attacks that affect operational system performance and we need to have a resilience/recovery plan. This has been demonstrated in the Ukraine with the ability to operate the systems in manual operation for an extended period of time. We also need to reconsider whether critical control and/or safety systems should be connected to the Internet.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...