Unknown system attacks

At the 2014 Automation Summit, experts discuss the big areas of attack for hackers.


You are under attack and you don't even know it. That was the subject of a demonstration and talk Tuesday entitled "ICS Security Today Awareness and Practice" at the 2014 Siemens Automation Summit.

"We are trying to protect people, production, property, environment and the economy," said Marc Ayala, senior technical advisor at security provider Cimation. He talked about how many people are qualified and actually know something about enterprise security and the number he came up with was 50,000 true experts. When it comes to Industrial Control System (ICS) or Supervisory Control and Data Acquisition (SCADA) security, Ayala said there were "500 people that know ICS security."

The industries most likely targeted, Ayala said, were energy and transportation.

One of the first things a user needs to accomplish is to evaluate risk, said Eric Forner, ICS/SCADA security engineer at Cimation.

Threats are coming from hackers that could be conducting automated attacks, or from nation states that develop exploits and know how control systems work, Forner said. A third area is from internal attacks, "which is more of a threat than the other two."

Another area that is a big attack area and has the potential to get bigger is social media attacks, Ayala said. All you have to do is send a person a malicious email with an attachment from a person they may be familiar with and that person now becomes a victim. "That is the pivot point where an attacker can then go in and start viewing the system," Ayala said. "You have to be very careful with who you connect with."

Keeping bad guys out of the system is vital as the demonstration by Forner proved. In the demo, Forner was able to bypass a firewall and jump right into a system and take it over.

Most firewalls are usually in place because a standard has told people to put them in, but they end up having an "allow anything command," Forner said. That ends up being important as Forner was able to use various commands to work his way through a PLC without too much of a problem. But the way in to any system is through IP addresses found on the Internet, the researchers said.

One of the problems, Forner said, was the industry's reliance on incredibly old Modbus/TCP protocol. Port 502 is the Modbus TCP port and it is one of the top ports under attack," Ayala said.

In the demo, there was a level transmitter that would shut the system down when the fluid reached a certain level, but when they issued a few commands to get into the system, they essentially owned the process. When that happened all indicators showed the operator the tank was not at an overflow level and is actually decreasing, but in reality the tank ended up overflowing. They were able to override the safety interlock and take down the process.

As an extra added bonus, after overflowing the tank, the researchers then took command of the HMI in the system and downloaded a game of solitaire. Yes, this was a demo at a conference, but that could be a real life experience that could cause an incident.

"Cyber security in ICS/SCADA is a life safety issue and must be treated as such," Ayala said. "Safety is everywhere and it is constant. With all our total interconnections safety is all the time now."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. Edited by Brittany Merchut, Project Manager, CFE Media, bmerchut@cfemedia.com 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Motor specification guidelines; Understanding multivariable control; Improving a safety instrumented system; 2017 Engineers' Choice Award Winners
Selecting the best controller from several viewpoints; System integrator advice for the IIoT; TSN and real-time Ethernet; Questions to ask when selecting a VFD; Action items for an aging PLC/DCS
Robot advances in connectivity, collaboration, and programming; Advanced process control; Industrial wireless developments; Multiplatform system integration
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
click me