This talk will provide an overview of the most common SCADA components, known malware and incidents. As part of the presentation, we will disassemble and reverse engineer a PLC and its protocol.

Researchers have discovered multiple unpatched vulnerabilities in radiation monitoring devices that could be leveraged by attackers to reduce personnel safety, delay detection of radiation leaks, or help international smuggling of radioactive material. Ruben Santamarta, a security consultant at Seattle-based IOActive, at the Black Hat conference on Wednesday, saying that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities. There are many kinds of radiation monitors used in many different environments. IOActive concentrated its research on portal monitors, used at airports and seaports; and area monitors, used at Nuclear Power Plants (NPPs).

Critical Vulnerabilities Found in Nuke Plant Radiation Monitors
http://www.securityweek.com/critical-vulnerabilities-found-nuke-plant-radiation-monitors

In a paper (PDF) delivered by Ruben Santamarta, principal security consultant at Seattle-based IOActive, at Black Hat Wednesday, it was disclosed that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities.

Patching will be difficult since these are design flaws rather than software bugs; and the vendors’ early response to IOActive’s discoveries was, in each case, to decline to work on patches. Since then, Digi has told IOActive that it is collaborating with Mirion to patch the critical vulnerabilities.

Nevertheless, IOActive concludes, “we should acknowledge these issues are not currently patched, so increasing awareness of the possibility of such attacks will help to mitigate the risks.” It is likely that the same flaws will be present in other vendors’ radiation monitoring devices.

“the initial analysis revealed a complete lack of security in these devices, so further testing wasn’t necessary to identify significant vulnerabilities,” notes the report.

In the Ludlum Model 53 personnel portal, IOActive found a backdoor password that granted the highest privilege. With this, malicious personnel could bypass authentication and take control of the device, preventing the triggering of proper alarms.

In the Ludlum Model 4525 gate monitor, IOActive discovered a complete lack of security in the communication between the gate and the controller Windows device.

In fact, adequately resourced attackers could fine-tune their malware, says IOActive, to deploy “an advanced payload that hides specific isotopes from detectors, while providing the expected readings for others.”

In the first, under normal working conditions, attackers could simulate a radiation leak by inserting a dataset of falsified readings. Although this on its own is unlikely to cause a reactor shutdown (because of the need for human intervention), it could lead to an evacuation of the site.

While a majority of industrial companies claim they are well prepared to handle a cyber security incident, many have admitted experiencing at least one incident in the past 12 months, and the annual cost can be as high as half a million dollars, according to a new report from Kaspersky Lab.

The security firm has conducted a survey of 359 industrial cybersecurity practitioners across 21 countries, mainly from the manufacturing, construction and engineering, and oil and gas sectors.

A majority of the respondents (83%) said they were prepared to deal with cybersecurity incidents within their industrial control systems (ICS) environment, and 86 percent claimed they had a dedicated policy or program in place.