SCADA systems security issues

SCADA systems are used to monitor and control critical installations in oil and gas refineries, water and power distribution plants, manufacturing plants and other industrial facilities. There has been a lot of discussion about malware and security in industrial automation systems after Stuxnet. Widely viewed as the most complex piece of computer malware ever created, Stuxnet is believed to have been designed to sabotage uranium enrichment centrifuges at the Iran’s Natanz nuclear plant. If nasty malware can do that, other similar malware can do something else nasty as well.

Attacks against SCADA systems can have potentially very serious consequences. I think that we have been quite lucky that we have not seen any big disasters yet. Even though the attacks are rare at the moment, security researchers are confident that their number will increase, especially since the Stuxnet industrial sabotage worm set a successful precedent. And now there are many news on Dugu worm.

News around one month ago told that SCADA hack shut down a US water plant at 8 November 2011. This hacking attack at a US water plant has been credited to an unknown attacker (handle “pr0f” took credit) who according to hacker sources managed to access a SCADA controller and take over systems. Once again caused security experts to question the security of SCADA systems. Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System. “This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this,” he wrote. “You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely (expletive) the state of national infrastructure is. I’ve also seen various people doubt the possibility an attack like this could be done,” he wrote in a note on the file sharing Web site On the other hand Federal officials said there’s no evidence to support a report that hackers destroyed a pump used by an Illinois-based water utility after gaining unauthorized access to the computer system it used to operate its machinery. What is the truth in this case it is hard to say.

What is known that many industrial systems are vulnerable. Siemens Simatic is a common SCADA product and has been the subject of other warnings from security researchers according to Siemens industrial control systems are vulnerable to attack that can cause serious problems. The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned earlier that Siemens’ SIMATIC S7-1200 programmable logic controllers (PLCs) are vulnerable to so-called replay attacks that can interfere with the normal operations. An attacker with access to the PLC or the automation network could intercept the PLC password and make unauthorized changes to the PLC operation. ISO-TSAP protocol is functioning to specifications; however, authentication is not performed nor are payloads encrypted or obfuscated.

White Paper On Industrial Automation Security In Fieldbus And Field Device Level is an interesting white paper (from Vacon, Nixu and F-secure) that focuses on presenting a generic overview about security in industrial automation. Security aspects of traditional fieldbuses, Ethernet-based networks and wireless communication technologies are presented. Challenges regarding data security in the field of industrial automation are discussed. The properties of industrial automation devices are described with a focus on security, tampering possibilities, and risk mitigation methods.

Many protocols used in industrial control systems were intentionally designed to be open and without security features. As long the the networks that run those protocols are kept physically separate from public network you are quite safe. For the most part SCADA systems are not necessarily designed to be connected to the internet, but engineers can put in workarounds for remote access. Anytime you do this you put in a pathway where someone can get in. And there are often case where remote devices are accessed using those non-secure protocols though unsafe networks (public telephone network, cellular network, radio waves, even Internet).

There has been long time the belief that SCADA systems have the benefit of security through the use of specialized protocols and proprietary interfaces (security through obscurity), networks are physically secured and disconnected from the Internet. Today those beliefs all do not hold anymore. There are nowadays you can find many tools on Internet to work with standard SCADA protocols (for example Wireshark can be used to decode several commonly used SCADA protocols).

The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks. Modern SCADA systems should be designed so that they can be withstand the situation they are accidentally connected to Internet (it will happen sooner or later). In addition to making SCADA system itself secure, you should separate it from Internet (no connection at all or very strictly configured series of firewalls). FACT CHECK: SCADA Systems Are Online Now article tells at nearly everything is connected now. Nearly all SCADA systems are online. The addition of a simple NAT device is far from bulletproof security access control.

Most of SCADA systems in use are are old computer systems. They are usually horribly patched (“if it ain’t broken, don’t fix it”) and often run very old operating system version. Windows is very commonly used operating systems on SCADA applications, because only few SCADA-packages support other than Windows operational systems. It seems that there are many people who are not happy with the security stance being taken within their organizations around SCADA hosts. Even if you have patches up to date and current anti-malware on a host, all you have done is eliminated some of the risk (and maybe created new risks caused by fact that anti-malware software can sometimes disturb normal system operation). Add a firewall and you have reduced some of the risk. Pile on as much security as you want and people are going to find ways to disable it and make themselves vulnerable.

I wish no one had to worry about hackers in any application, but we do. Unfortunately, data security is never a non-issue.

FACT CHECK: SCADA Systems Are Online Now article mentions an interesting story on Boeing 747 (For those who do not know, modern 747′s are big flying Unix hosts with lots of Ethernet). They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 – VLANs. The security researchers managed to break the VLANs and access other systems (including Engine management systems). The issue here is that all that separated the engine control systems and the open network was VLAN and NAT based filters.


  1. Security trends for 2013 « Tomi Engdahl’s ePanorama blog says:
    [...] SCADA security was hit hard in 2012. Some of the big manufacturers hit hard have learned their lessons and test their devices more now. But how are some smaller manufacturers security testing? Metasploit has special category for SCADA devices. Good idea to test your devices against it. [...]
  2. Danial Putz says:
    I think it’s better not to provide social security number.Do they called you ans ID?
  3. Tomi Engdahl says:
    CanSecWest Presenter Self-Censors Risky Critical Infrastructure Talk

    A presenter at this week’s CanSecWest security conference has withdrawn his scheduled talk for fear the information could be used to attack critical infrastructure worldwide.

    Since his lab is under supervision of the French government, he was required to review his findings with authorities.

    “They told me that this presentation was unsuitable for being public,” Filiol said in an email

    Filiol said his methodology—a combination of information gathered through open source intelligence means, mathematical modeling and infantry techniques—could damage critical infrastructure in the United States, and likely worldwide.

    “With a small unit of around 10 people, it is possible in an invisible way to cause major national disruptions,” Filiol said.

    Filiol said his research is now classified.

  4. Tomi Engdahl says:
    Lack of US Cybersecurity Across the Electric Grid

    “Meghan McGuinness of the Bipartisan Policy Center writes about the Electric Grid Cybersecurity Initiative, a collaborative effort between the center’s Energy and Homeland Security Projects. She points out that over half the attacks on U.S. critical infrastructure sectors last year were on the energy sector.”

    “Cyber attacks could come from a variety of sources, and ‘a large-scale cyber attack or combined cyber and physical attack could lead to enormous costs, potentially triggering sustained power outages over large portions of the electric grid and prolonged disruptions in communications, food and water supplies, and health care delivery.’ “

  5. Tomi Engdahl says:
    A new organization for cybersecurity across the electric grid

    Cyber attacks are an increasing risk for the US electric sector and have eclipsed terrorism as the primary threat, according to the Federal Bureau of Investigation. The Industrial Control Systems Cyber Emergency Response Team responded to 256 incidents that targeted critical infrastructure sectors in fiscal year 2013, and 59 percent of those incidents involved the energy sector.

    A large-scale cyber attack or combined cyber and physical attack could lead to enormous costs, potentially triggering sustained power outages over large portions of the electric grid and prolonged disruptions in communications, food and water supplies, and health care delivery.

    It is probably impossible to protect the electric grid from all cyber attacks, particularly given the rapid pace at which cyber threats evolve. Therefore, industry and policymakers must consider how to most effectively manage the risks, taking steps to reduce the likelihood of cyber attacks and to limit the impacts of a successful attack.

    Beyond mandatory standards. In many ways, the electric power sector is in a stronger position than other critical infrastructure sectors to address cyber threats, because it already has mandatory, federally enforceable standards: The North American Electric Reliability Corporation, with oversight from the Federal Energy Regulatory Commission, develops and enforces standards that apply to the bulk power system (generally, generation and transmission), and the Nuclear Regulatory Commission develops and enforces standards for nuclear power plants. However, while these standards provide a useful baseline level of cybersecurity, they do not create incentives for the continual improvement and adaptation needed to respond effectively to rapidly evolving cyber threats. Furthermore, focus on compliance with standards may draw attention and resources away from comprehensive security.

  6. Jayne says:
    І appreciate, lead to Ӏ discovered just what I was having a
    look fοr. You have ended mmy 4 day lengthy hunt!

    God Bless you man. Have a nice day. Bye

  7. boca raton cpa's sum says:
    This small window of time is simply not enough for you
    to study all your materials from beginning
    to end, so be sure you have a complete set of study notes that you can memorize during the last few valuable days before
    your exam. yet with an Internet-age spin that he describes is like “putting lipstick on a pig. But if the church or religious institution is providing accommodation, then the Parsonage is calculated as the market value of the home, yard, furnishings and other utilities.
  8. Tomi Engdahl says:
    Machine safety labeling standards can lower manufacturing risk

    Creating effective product safety labels can dramatically reduce accidents and improve safety communication while poorly designed product safety labels can increase the dangers and hazards for both the worker and the company, according to safety standards.

    If your company manufactures machinery which has potential hazards associated with its transportation, installation, use, maintenance, decommissioning, and/or disposal, you most likely have a very strong need to create effective product safety labels. This task must be done right. Simply put, the stakes are too high for this job to be done incorrectly-people’s lives and your company’s financial well-being are on the line. Based on standards committee experiences over the past 25 years, safety labels can do one of two things:

    If properly designed, they can dramatically reduce accidents. This improves a machine or other product’s overall safety record and adds to a company’s bottom line by reducing product liability litigation and insurance costs.
    If poorly designed, needed safety communication does not take place and this can lead to accidents that cause injuries. When such accidents happen, companies spend hundreds of thousands (if not millions) of dollars settling or fighting lawsuits because their products lacked “adequate warnings.”

    Tool number one: The standards
    Tool number two: Risk assessment
    Tool number three: Global warnings that use symbols
    Lower risk, save lives, avoid litigation

  9. Tomi Engdahl says:
    Trojan variant making big attack push
    A wave of attacks pushing a new variant of Pushdo Trojan compromised more than 11,000 systems in just 24 hours.

    Indian PCs lead in terms of attacks, but systems in the UK, France and the U.S. have also suffered hits, according to security software firm Bitdefender. As one case in point, the Romanian firm said 77 machines suffered infection in the UK via the botnet in 24 hours, with more than 11,000 infections reported worldwide in the same period. Other countries heavily affected by the Pushdo variant include Vietnam and Turkey.

    The Pushdo Trojan also distributed secondary malware strains such as ZeuS and SpyEye, but over the years its main use has been for spam distribution.

  10. copper repiping pompano beach real estate says:
    Check the maker’s site for further information and tips on the appliance in your home.
    ” I asked my friend who’s got a busy family and a full-time people-oriented job. With conscientious use, a programmable thermostat can save about $150 year in energy costs.
  11. b&b vaticano says:
    Appreciating the hard work you put into your site and detailed information you present. It’s great to come across a blog every once in a while that isn’t the same old rehashed information. Wonderful read! I’ve saved your site and I’m adding your RSS feeds to my Google account.
  12. Ongoing says:
    Hi, I believe your web site may be having internet browser compatibility problems.
    Whenever I look at your blog in Safari, iit looks
    fine however when opning in Internet Explorer, it’s got some overlapping issues.
    I simply wanted too provide you with a quick heads up!
    Aside from that, excellent blog!
    • Tomi Engdahl says:
      What is your specific problem with IE and which version do you have this?
      I have tested the my site with IE and I have not seen any issues on using the site with it.
  13. Tomi Engdahl says:
    Serious Vulnerabilities Found in Schneider Electric’s ProClima Solution

    The ProClima configuration utility developed by Schneider Electric is affected by several command injection vulnerabilities, the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) reported on Tuesday.

    ProClima is a thermal management software used in sectors such as energy, commercial facilities, and critical manufacturing, mainly in the United States and Europe. The solution processes thermal data, such as temperature and humidity, in order to define the right thermal management choice (ventilation, control, heating and cooling functions) for installed equipment.

    The security holes, which according to Schneider Electric are ActiveX Control vulnerabilities, were discovered by researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc, and reported through HP’s Zero Day Initiative (ZDI). Successful exploitation could allow a remote attacker to execute arbitrary code.

    The vulnerabilities can be exploited even by an attacker with a low skill level. However, ICS-CERT says there’s no evidence that they are being exploited in the wild.

    Since Schneider Electric’s products are widely deployed, they are targeted by many researchers who specialize in ICS security.

  14. Tomi Engdahl says:
    Vulnerabilities Found in Schneider Electric SCADA Product Line

    A total of three security holes have been identified in Schneider Electric’s StruxureWare SCADA Expert ClearSCADA products, ICS-CERT reported this week.

    Schneider Electric SCADA Expert ClearSCADA solutions are Web-based systems deployed in industries such as energy, water and commercial facilities, mainly in the United States and Europe.

    According to security advisories published by ICS-CERT and Schneider Electric, the flaws include an authentication bypass issue, a weak hashing algorithm and a cross-site scripting (XSS) vulnerability. Independent security researcher Aditya Sood, who has been credited for identifying two of the vulnerabilities, clarified for Kaspersky’s Threat Post that he actually reported a cross-site reference forgery (CSRF) flaw, not an XSS vulnerability.

    By leveraging this vulnerability (CVE-2014-5411), an attacker could remotely shut down the ClearSCADA server by tricking a victim with system administrator privileges logged in via the WebX client interface to unknowingly execute arbitrary code, the vendor said.

  15. Tomi Engdahl says:
    Computer intrusion inflicts massive damage on German steel factory — A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.

    Computer intrusion inflicts massive damage on German steel factory
    Blast furnace can’t be properly shut down after attackers take control of network.

    A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.

    The attackers took control of the factory’s production network through a spear phishing campaign, IDG said, citing a report published Wednesday by the German government’s Federal Office for Information Security. Once the attackers compromised the network, individual components or possibly entire systems failed. IDG reporter Loek Essers wrote:

    Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,”

    The incident is notable because it’s one of the few computer intrusions to cause physical damage. The Stuxnet worm that targeted Iran’s uranium enrichment program has been dubbed the world’s first digital weapon, destroying an estimated 1,000 centrifuges. Last week, Bloomberg News reported that a fiery blast in 2008 that hit a Turkish oil pipeline was the result of hacking, although it’s not clear if the attackers relied on physical access to computerized controllers to pull it off. The suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb. Critics have long argued that much of the world’s factories and critical infrastructure aren’t properly protected against hackers.

  16. Tomi Engdahl says:
    Cyberattack on German steel factory causes ‘massive damage’

    A German steel factory suffered massive damage after hackers managed to access production networks, allowing them to tamper with the controls of a blast furnace, the government said in its annual IT security report.
    Featured Resource
    Presented by Jive Software
    10 Commandments of Collaboration for Exceptional Customer Service

    Read this whitepaper to discover best practices that drive brand affinity, repeat business and
    Learn More

    The report, published Wednesday by the Federal Office for Information Security (BSI), revealed one of the rare instances in which a digital attack actually caused physical damage.

    Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.”

    The attack involved the compromise of a variety of different internal systems and industrial components

    The hack sounds similar to attacks involving the Stuxnet worm.

  17. Tomi Engdahl says:
    Iranian hackers compromised airlines, airports, critical infrastructure companies

    For the past two years, a team of Iranian hackers has compromised computers and networks belonging to over 50 organizations from 16 countries, including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies.
    Featured Resource
    Presented by Jive Software
    10 Commandments of Collaboration for Exceptional Customer Service

    Read this whitepaper to discover best practices that drive brand affinity, repeat business and
    Learn More

    The attacks have collectively been dubbed Operation Cleaver after a string found in various malware tools used by the hacker group, which is believed to operate primarily out of Tehran.

    “We discovered over 50 victims in our investigation, distributed around the globe,” said researchers from IT security firm Cylance in an extensive report released Tuesday. “Ten of these victims are headquartered in the US and include a major airline, a medical university, an energy company specializing in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation.”

    The attackers used publicly available attack tools and exploits, as well as specialized malware programs they created themselves.

  18. Tomi Engdahl says:
    No evidence of such sabotage by the group exists so far, but Cylance believes this could be the campaign’s end goal, as retaliation by Iran for the Stuxnet, Duqu and Flame malware attacks. Stuxnet, which is viewed as the world’s first cyberweapon, is believed to have been created by the U.S. and Israel to sabotage Iran’s uranium enrichment efforts and set back its nuclear program.


  19. Tomi Engdahl says:
    US Gas Stations Exposed to Cyberattacks: Researchers

    Malicious actors could theoretically shut down more than 5,300 gas stations in the United States because the automatic tank gauges (ATGs) used to monitor fuel tanks are easily accessible via the Internet.

    ATGs are electronic devices that monitor fuel level, temperature, and other parameters in a tank. The devices alert operators in case there is a problem with the tank, such as a fuel leak.

    “Many ATGs can be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board. In order to monitor these systems remotely, many operators use a TCP/IP card or a third-party serial port server to map the ATG serial interface to an internet-facing TCP port. The most common configuration is to map these to TCP port 10001,” Rapid7’s HD Moore noted in a blog post.

    Based on an Internet-wide scan targeting the TCP port 10001, Rapid7 has determined that roughly 5,800 ATGs are accessible via the Internet and without a password to protect them against unauthorized access.

    According to Moore, malicious hackers who have access to the serial interface of an ATG can spoof reported fuel levels, generate false alarms, and perform other actions that could lead to the gas station being shut down.

    The Internet of Gas Station Tank Gauges

    How serious is this?

    ATGs are designed to detect leaks and other problems with fuel tanks. In our opinion, remote access to the control port of an ATG could provide an attacker with the ability to reconfigure alarm thresholds, reset the system, and otherwise disrupt the operation of the fuel tank. An attack may be able to prevent the use of the fuel tank entirely by changing access settings and simulating false conditions, triggering a manual shutdown. Theoretically, an attacker could shut down over 5,300 fueling stations in the United States with little effort.

    What can be done to mitigate or remediate?

    Operators should consider using a VPN gateway or other dedicated hardware interface to connect their ATGs with their monitoring service. Less-secure alternatives including applying source IP address filters or setting a password on each serial port.

  20. Tomi Engdahl says:
    New Technology Detects Cyberattacks By Power Consumption

    Startup’s “power fingerprinting” approach catches stealthy malware within milliseconds in DOE test.

    A security startup launching early next week uses trends in power consumption activity, rather than standard malware detection, to spot cyberattacks against power and manufacturing plants. The technology successfully spotted Stuxnet in an experimental network before the malware went into action.

    PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the Defense Department, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance.

    Joe Cordaro, advisory engineer with SRNL, says the PFP system right away found small changes to the code on the PLC while it was dormant.

  21. Tomi Engdahl says:
    Siemens sighs: SCADA bugs abound
    Wimax network kit vulnerable

    Another security advisory covering Siemens industrial kit has reached the public, this time covering wireless industrial networking hardware.

    ICS-CERT advises that the Ruggedcom range of 802.16e (Wimax, for those with long memories) switches from the company carries a range of vulnerabilities that let attackers scam admin privileges for themselves.

    Products impacted are in the company’s WIN 51xx, WIN 52xx, WIN 70xx and WIN 72xx series. These are Wimax base stations designed for harsh environment deployments.

    The ICS-CERT note puts the kit in a wide range of industries worldwide, including chemical, communications, critical manufacturing, dams, defence, energy, food and agriculture, government facilities, transportation systems, and water and wastewater systems.

    Siemens is asking customers to get in touch (online support request to get a firmware update.

  22. Tomi Engdahl says:
    Connecting buildings via the Internet of Things
    The Internet of Things offers engineers ripe opportunities to take the lead with clients.

    The Internet of Things (IoT) is not aspirational technology. It’s here. It’s not a question of “if,” but of “how much” and “how fast.” And what it means to consulting engineers day to day. The answer could be: “A lot.”

    The reason is that IoT is taking by storm many of the technologies engineers include when designing, specifying, and building projects: building and industrial automation systems, backup power, lighting, asset management, and testing and measurement.

    A number of prestigious organizations already have weighed in on IoT:

    Gartner projects there will be about 25 billion connected devices by the end of this decade
    McKinsey Global Institute has reported that IoT could potentially generate an economic impact of $2.7 trillion to $6.2 trillion annually by 2025
    International Data Corp. (IDC) estimated that organizations spent $113 billion worldwide in 2013 on relevant information management, access, and analysis technologies and services.

    The industrial version of IoT (IIoT) makes a good business case for consulting engineering clients. It also is good business for engineering firms to be their clients’ IIoT go-to source of expertise.

    Specifying, designing, and building IIoT capabilities require skillsets already offered by engineering firms: deep understanding of facility spaces and the knowledge to connect legacy systems with new technology. That makes IIoT a low-hanging fruit. The opportunities to enable clients to achieve higher efficiencies and reliability by better managing, controlling, maintaining, diagnosing issues, and optimizing their facilities are ripe.

    The overall business case for consulting engineers lies in the compelling insights produced when big data are analyzed quickly. Such insights empower clients to know what’s happening 24/7. Call it heightened situational awareness or contextual insight in real time.

    Specifying, designing, and building IIoT capabilities into critical power management systems need to accommodate such requirements as power demand, integration, lifecycle value, and security considerations.

    Improving efficiency and reliability, for example, can be accomplished with more data points and faster response times, which are at the heart of IIoT.

    The variety of data often has to be combined from many sources that will almost always have different structures and meet various standards.

    For critical systems, such as backup power, data is streamed in real time at speeds measured in milliseconds. It’s monitored, stored, and if it signals out-of-parameter operating conditions, displayed graphically and perhaps annunciated.

    For IIoT, cluster management is a group of sensing devices on related equipment. A prime example is the coexistence of devices for building management systems, supervisory control and data acquisition, data center infrastructure management, and critical power management systems. The devices have local intelligence and compatible, two-way communication pathways, and, ideally, streamlined network topology protocols that eliminate repetitive wrapping and unwrapping of data.

    Such clusters integrate legacy equipment and new technologies into an interoperable, distributed ecosystem that can be fairly autonomous and remotely controlled. A top 10 global banking firm, for example, monitors and controls a critical power management system more than 900 miles from the firm’s control center. Near-term, it plans to manage such systems globally.

  23. Tomi Engdahl says:
    7 things control engineers should know about management

    How to communicate effectively with management and accelerate your career: Engineers should know these 7 things about management today. Don’t wait for others to delegate the needed resources or complain that they haven’t. Leadership can be innate, earned, learned, or situational, but knowing these strategies and tactics and reviewing these examples can help you succeed.

  24. Tomi Engdahl says:
    Moving to the cloud with mobility technology

    Human machine interface (HMI) applications and industry are connecting to the rapidly expanding cloud to cut costs, speed implementation, and provide worldwide access to data. To assist, use these simple series of steps to set up, operate, and maintain a safe and secure cloud-based data distribution system to improve efficiency through mobility.

    Accessing manufacturing and other industrial data in the cloud via mobile devices such as smartphones, tablets, and laptops provides many benefits, but security must be carefully considered. Although the cloud’s enabling technologies have been around for quite some time and are proven in use, particularly in the commercial sector, many in the industrial world have questions and concerns when it comes to using the cloud. To assist, use these simple series of steps to set up, operate, and maintain a safe and secure cloud-based data distribution system.

    Mobile technology and the cloud can provide instant access to production and process data while adhering to security policies, and can be implemented by users with limited experience.

    Cloud technology can be thought of as many redundant and physically separate central repositories of data, some free and some provided as a service. These repositories can be off-site, as with a public or hybrid cloud, or on-premise, as with a private cloud. Explanations here will focus on public cloud implementations, by far the lowest-cost solution among cloud technologies, and much less expensive than purchasing, implementing, and maintaining similar computing infrastructure on premise.

    Perhaps a firm’s biggest fear when it comes to implementing the cloud and mobility is loss of control. If a server or other IT hardware owned and maintained by a firm fails, action can be taken internally to correct the problem. In the cloud, the firm, or more precisely its IT department, doesn’t have the same level of visibility and control. However, there are ways to make the cloud more resilient, as high availability and redundancy are achievable but must be planned.

    If one cloud service provider goes down, a second one can be kept ready, with the speed of transition depending on the criticality of the firm’s business. For the quickest switchover, data should be sent from the HMI to the two cloud service providers simultaneously. This is the most expensive solution. A lower cost alternative is uploading data to a second provider only after the primary provider experiences an outage. The speed of recovery in this case will depend on just how long it takes the HMIs to upload data to the second provider.

  25. Tomi Engdahl says:
    Toward simpler and faster control system implementations

    Control system hardware and architectures will look much different going forward: Less customized, more automated.

  26. Tomi Engdahl says:
    The role of industrial networks in energy usage

    Energy costs big dollars for manufacturers, and most plants don’t know where energy is used, said Eric Scott of Molex Inc. Industrial network groups are working on interfaces to help. See the video.

    In today’s world energy costs big dollars for manufacturers and the fact is most plants don’t know where their energy is being used. To help with this problem the industrial network communities are providing common interfaces to gather and control energy in the industrial space. This presentation will focus on aspects of energy where it relates to industrial automation and some of the challenges companies face. It will also cover upcoming initiative for interfacing to the Smart Grid for demand response request.

  27. Tomi Engdahl says:
    Embedded server software development kit is Embedded OPC server compliant

    Version 2.0 of Matrikon OPC’s Embedded Server Software Development Kit (SDK) has been certified to be compliant with the Embedded OPC Server profile and is configurable and scalable from microcontrollers to high-end embedded systems.

  28. Tomi Engdahl says:
    Distributed power control

    Results from distributed power control include integrating power users with power suppliers with Smart Grid technologies and storing energy for peak load shifting, and evening the load from renewable (non-baseload) power sources.

  29. Tomi Engdahl says:
    A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever

    Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.

    I’m referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage.

    This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet

    It’s not clear when the attack in Germany took place. The report, issued by Germany’s Federal Office for Information Security (or BSI), indicates the attackers gained access to the steel mill through the plant’s business network, then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attack

    Once the attackers got a foothold on one system, they were able to explore the company’s networks, eventually compromising a “multitude” of systems, including industrial components on the production network.

    “Failures accumulated in individual control components or entire systems,” the report notes. As a result, the plant was “unable to shut down a blast furnace in a regulated manner” which resulted in “massive damage to the system.”

    “The know-how of the attacker was very pronounced not only in conventional IT security but extended to detailed knowledge of applied industrial controls and production processes,” the report says.

    The report doesn’t name the plant or indicate when the breach first occurred or how long the hackers were in the network before the destruction occurred.

    The report also illustrates the need for strict separation between business and production networks to keep hackers from leaping from one network to another and remotely accessing critical systems over the internet. Although a network can only be considered truly air-gapped if it’s not connected to the internet and is not connected to other systems that are connected to the internet, many companies believe that a software firewall separating the business and production network is sufficient to stop hackers from making that leap. But experts warn that a software firewall can be misconfigured or contain security holes that allow hackers to break through or bypass them nonetheless.

  30. Tomi Engdahl says:
    Industrial PLC market actually collapsed in 2012, when economic uncertainty coagulated investments in production facilities. Now the market has returned to a growth path. The logic of the modules, however, need to develop smaller and more efficient investment in order to justify itself.

    Frost & Sullivan research institute predicts that in 2018 PLC is sold for 14.6 billion dollars. This covers the services, software and hardware solutions that, in particular the so-called. micro size range of modules is increasing.

    Frost & Sullivan to bring security one of the key features of the new logic control system. Mills networks are no longer separate from the Internet, so they must be protected with the same seriousness and care as other business networks.


  31. Tomi Engdahl says:
    Schneider Electric Fixes Vulnerabilities in HMI Products

    Schneider Electric has released software updates to address several vulnerabilities affecting the Wonderware InTouch Machine Edition 2014 and InduSoft Web Studio product lines.

    Wonderware InTouch Machine Edition is designed for the development of secure, intuitive and highly maintainable human-machine interface (HMI) applications for embedded devices, intelligent machines, and industrial panel computers. InduSoft Web Studio is a development and runtime software that is used to create supervisory control and data acquisition (SCADA) HMI applications, overall equipment effectiveness (OEE) interfaces, and dashboards.

    According to ICS-CERT, the vulnerabilities can be exploited from an adjacent network.

    Organizations are advised to update their installations as soon as possible, especially since even an attacker with low skill can exploit the vulnerabilities, and ICS-CERT says public exploits for these flaws might exist.

  32. Tomi Engdahl says:
    Siemens Patches DoS, Other Vulnerabilities in SIMATIC HMI Products

    Researchers have identified three vulnerabilities in Siemens’ SIMATIC HMI devices. The German engineering giant has started releasing software updates to address the security holes in affected products.

    The most severe of the issues is a resource exhaustion vulnerability (CVE-2015-2822) that can be leveraged by an attacker positioned between the HMI panel and a programmable logic controller (PLC) to cause a denial-of-service (DoS) condition in the HMI panel. The flaw can be exploited by sending specially crafted packets on TCP port 102, ICS-CERT and Siemens explained in advisories.

    The fact that a malicious actor can launch this kind of man-in-the-middle (MitM) attack by positioning himself on the network path between a PLC and its communication partner is a separate vulnerability that has been assigned the CVE identifier CVE-2015-1601. An attacker can leverage this vulnerability to intercept or modify industrial communications, Siemens said.

  33. Tomi Engdahl says:
    US government report: planes with avionics and passengers on same network could theoretically be vulnerable to hackers

    GAO: Newer aircraft vulnerable to hacking

    Washington (CNN)Hundreds of planes flying commercially today could be vulnerable to having their onboard computers hacked and remotely taken over by someone using the plane’s passenger Wi-Fi network, or even by someone on the ground, according to a new report from the Government Accountability Office.

    One of the authors of the report, Gerald Dillingham, told CNN the planes include the Boeing 787 Dreamliner, the Airbus A350 and A380 aircraft, and all have advanced cockpits that are wired into the same Wi-Fi system used by passengers.

    “Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems,” according to the report, which is based on interviews with cybersecurity and aviation experts.

    The government investigators who wrote the report say it is theoretically possible for someone with just a laptop to:

    – Commandeer the aircraft

    – Put a virus into flight control computers

    – Jeopardize the safety of the flight by taking control of computers

    – Take over the warning systems or even navigation systems

    Dillingham says although modern aircraft could be vulnerable, there are a number of redundancy mechanisms built into the plane systems that could allow a pilot to correct a problem.​

    The report explains that as the air traffic control system is upgraded to use Internet-based technology on both the ground and in planes, avionics could be compromised. Older planes systems aren’t highly Internet-based, so the risk for aircraft 20 years and older is less.​

    Commercial pilot John Barton told CNN, “We’ve had hackers get into the Pentagon, so getting into an airplane computer system I would think is probably quite easy at this point.”

    Experts told investigators, “If the cabin systems connect to the cockpit avionics systems and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin.”

    He says that the Federal Aviation Administration “must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system. That’s a serious vulnerability.”

    Washington went on to say “It is also important to note that the FAA had already initiated a comprehensive program to improve the cybersecurity defenses of the NAS (National Airspace System) infrastructure, as well as other FAA mission-critical systems. We are significantly increasing our collaboration and coordination with cyber intelligence and security organizations across the federal government and in the private sector.”

    “The Dreamliner and the A350 were actually designed to have the technology in it going forward to be able to have remote control intervention between the pilot and the ground or if an emergency were to happen in the air,” Barton said. But he quickly added, “It’s going to take a long time before we get to the point where that technology is safe and secure.”

    Boeing said it is committed to designing secure aircraft.

    “Boeing airplanes have more than one navigational system available to pilots,”

  34. Tomi Engdahl says:
    Your city’s not smart if it’s vulnerable says hacker
    Major vendors block hackers from testing insecure IoT kit

    “Real world hacker” Cesar Cerrudo has blasted vendors, saying they’re stopping security researchers from testing smart city systems, and as a result they’re being sold with dangerous unchecked vulnerabilities.

    The warning will be detailed at RSA San Francisco this week, and comes a year after the IOActive chief technology officer found some 200,000 vulnerable traffic control sensors active in cities like Washington DC, London, and Melbourne.

    Vendors don’t want their kit tested, Cerrudo said, although there are now 25 major cities across the world taking the lead in deployment, such as New York, Berlin, and Sydney.

    In An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks (pdf), the hacker warns that attack surfaces in smart city technology are plentiful given its complexity and integration with legacy systems, and says the woeful security shortfalls with internet-of-things devices are creeping into city tech.

    “In our research at IOActive Labs, we constantly find very vulnerable technology being used … for critical infrastructure without any security testing,” Cerrudo says.

    “Technology vendors impede security research: New systems and devices used by smart cities are difficult to acquire by the security research community – most are expensive and are usually only sold to governments or specific companies, making it difficult for systems to be rigorously tested.”

    He added that “a simple problem can have a large impact due to interdependencies and associated chain reactions [which] highlights the need for threat modelling.”


Leave a Comment

Your email address will not be published. Required fields are marked *