If one can ping an industrial controller, one can stop it

12 November 2016

On Wednesday I watched the Indegy webinar “How a new PLC Simulator vulnerability can compromise SCADA/ICS networks?“. The webinar dealt with a recently detected vulnerability in a simulator software.

Simulators are used for verification and validation of changes to process control systems (PCS) before the changes are applied to the PCS. If the changes passes the tests it is very likely that the changes will have no negative impact on the PCS and thus to the safety of the process. Simulators are executed on the Engineering Station which is directly connected to the control system and to the production network.

PCS are very specialized realtime industrial computer systems. All PCS are lacking of the security features we know from the office IT, e.g. authorization, authentication and malware protection.

The slide below brings it straight to the point:

The Center of Gravity in the ICS Domain

The Center of Gravity in the ICS Domain

With this, the isolation of the Engineering Stations and the PCS in separate network zones is the key to security in the ICS domain. Access to these networks must be limited to authorized staff and through few strictly controlled access paths.

And with this, the first commandment of the Office IT Security, “Thou Shall Patch“, becomes less important in Industrial IT (OT) Security. “Thou Shall Isolate“, across the entire OSI stack, is the first commandment of OT Security.

Have a good weekend, and enjoy the webinar.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s