If one can ping an industrial controller, one can stop it

12 November 2016

On Wednesday I watched the Indegy webinar “How a new PLC Simulator vulnerability can compromise SCADA/ICS networks?“. The webinar dealt with a recently detected vulnerability in a simulator software.

Simulators are used for verification and validation of changes to process control systems (PCS) before the changes are applied to the PCS. If the changes passes the tests it is very likely that the changes will have no negative impact on the PCS and thus to the safety of the process. Simulators are executed on the Engineering Station which is directly connected to the control system and to the production network.

PCS are very specialized realtime industrial computer systems. All PCS are lacking of the security features we know from the office IT, e.g. authorization, authentication and malware protection.

The slide below brings it straight to the point:

The Center of Gravity in the ICS Domain

The Center of Gravity in the ICS Domain

With this, the isolation of the Engineering Stations and the PCS in separate network zones is the key to security in the ICS domain. Access to these networks must be limited to authorized staff and through few strictly controlled access paths.

And with this, the first commandment of the Office IT Security, “Thou Shall Patch“, becomes less important in Industrial IT (OT) Security. “Thou Shall Isolate“, across the entire OSI stack, is the first commandment of OT Security.

Have a good weekend, and enjoy the webinar.

Advertisements