Computer Solutions
misunderstandings and incorrect assumptions, particularly in relation to responsibility for security and difficulties with operating system (OS) and software versions and patches that differ between IT and control systems. Enforcing IT patches and software updates on control
systems without testing and validation can cause significant disruption to production.
Automation security
Automation security is an issue for organisations that do notAutomation security is an issue for organisations that do not necessarily consider their systems as critical, but that view a loss of system availability as a risk. Intentional wrongdoing might not be considered a
significant threat; however, the actions of well-intentioned or disgruntled employees or former employees might be a more prominent risk. In addition, viruses can cause major disruption even
without targeting control systems, and Stuxnet has made people realise that there is a new and significant threat to industrial control systems, being the first virus to target programmable logic controllers (PLCs). The complex nature of Stuxnet makes it unlikely that
similar attacks will happen immediately, but it highlights a potential methodology for future attacks, and one that should be guarded against. According to the USA’s National Institute of Standards
and Technology (NIST) Guide to Industrial Control Systems (ICS) Security, potential incidents may include:
l Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation.
l Unauthorised changes to instructions, commands or alarm thresholds, which could damage, disable or shut down equipment, create environmental impacts and/or endanger human life.
l Inaccurate information sent to system operators, either to disguise unauthorised changes or to cause the operators to initiate inappropriate actions, which could have various negative effects.
Stuxnet infection routes S
tuxnet is a Trojan virus that spans two distinct knowledge domains, IT and industrial control systems, with the IT element providing the means of delivery and the control system element providing the ‘weapon payload’. Since PCs used for control system programming are not normally connected to the internet, Stuxnet replicates via removable USB drives by exploiting an auto-execution vulnerability. It then spreads across the LAN via a Windows Print Spooler vulnerability and a Windows Server Remote Procedure Calls vulnerability. It copies and executes on remote computers through network shares
and Siemens WinCC SCADA database servers. It also copies itself into Siemens Step 7 PLC program projects and executes when a project is loaded. Version updates are spread by peer-to-peer communication across a LAN. Stuxnet communicates with two command and control servers for code download and execution. Stuxnet fingerprints specific PLC configurations that use the Profibus industrial fieldbus for distributed I/O. If the fingerprint does not match the target configuration Stuxnet remains benign but, if the fingerprint matches, the code on the Siemens PLCs is modified with the infected
Step 7 programming software and the changes are hidden. The modified code prevents the original code from running as intended and causes the plant equipment to operate incorrectly, potentially sabotaging the system under control.
This is achieved by interrupting processing of code blocks, injecting network traffic on the Profibus network and modifying output bits of the PLC I/O. How this affects the plant depends on how the control system is connected via Profibus to the PLC, distributed network I/O and drives. l
www.engineerlive.com 63
l ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects.
l Interference with the operation of safety systems, which could endanger human life.
A new approach
Since the emergence of Stuxnet, the Trojan virus targeted Since the emergence of Stuxnet, the Trojan virus targeted at Siemens WinCC SCADA (supervisory control and data acquisition) software and Simatic PLCs, a fresh approach to industrial control system security has been necessary. This is because only a combination of physical security, correct processes, training and application of the right technologies could have prevented the Stuxnet infection. ‘Security by obscurity’ - the hope that industrial control
systems are simply not understood or targeted by hackers - has now been shown to be unreliable. One of the infection methods used by Stuxnet was auto-
execution of programs held on USB memory sticks to infect programming PCs not normally connected to the network (see panel and Fig. 1). With the control system manuals and protocol
specifications freely available on the internet, and control system hardware readily available to purchase, only a lack of motivation could prevent an attack - which is an inadequate basis for defence There has been criticism of vendor responses to identified vulnerabilities, though this is not restricted to the industrial sector - consider the reputational damage recently suffered by Sony, for example. End users, control system designers and equipment
vendors therefore need to consider potential suppliers’ responsiveness to vulnerabilities, as swift action can prevent or limit damage to equipment and operations.
Security best practice
Control system designers should follow best-practice guidance starting with a defence-in-depth strategy. This includes the physical security of systems, as well as the security of networks,
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68