1. Home

How valuable is the ICS-CERT? Is it focused on the right issues?

Feb. 20, 2012

A control system is generally composed of a human-machine interface (HMI) that is often a Windows-based system and field controllers. The HMI is essentially an IT system with IT vulnerabilities. The field controllers generally use proprietary real time operating systems or embedded processors. Field controllers generally have minimal cyber security and minimal cyber

"

A control system is generally composed of a human-machine interface (HMI) that is often a Windows-based system and field controllers. The HMI is essentially an IT system with IT vulnerabilities. The field controllers generally use proprietary real time operating systems or embedded processors. Field controllers generally have minimal cyber security and minimal cyber logging and forensic capabilities.

Bob Radvanovsky has been working on a private project to correlate and analyze data from recent DHS ICS-CERT advisories, alerts, bulletins and notices.  What he found should not surprise anyone, nor is there much information other than what he is revealing from the public-facing U.S. CERT (ICS-CERT page) web site. Bob will be providing a more detailed, more comprehensive report reflecting specific statistical information at a future date (undisclosed and TBD).

Results:

There are 203 reports that have been publicly made available; the first report was made available on 11-Mar-2010 (ICSA-10-070-01 - Rockwell Automation RSLINX Classic EDS Hardware Installation Buffer Overflow) on the U.S. CERT web site. Of the 203 reports that are currently, publicly available (includes all reports from 11-Mar-2010 up to and including the 3 recent update reports from 14-Feb-2012), the breakdown is as follows:

GPS-related                                                             2      0.99%
Malware-related                                                      12      5.91%
Miscellaneous (cannot accurately put into a category) 7      3.45%
Network-related                                                        1      0.49%
Software-related                                                       2      0.99%
SCADA/HMI console-related                                  155     76.55%
Control systems-related (includes PLC, DCS, RTU)   24     11.82%

When I analyze the results of my control system cyber incident database, the most significant U.S. incidents from an impact perspective were control system-related. These include the four control system cyber incidents that killed people, two major-cyber related electric outages, two nuclear plant shutdowns, etc. The SCADA/HMI console-related incidents were generally of low impact other then the 2003 Northeast Outage (which did not damage equipment).

It appears that ICS-CERT seems to be focusing on the lesser important issues.

Joe Weiss

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Most Read

Sponsored