Supervisory Control and Data Acquisition (SCADA) systems are used for remote monitoring and control in the delivery of essential services products such as electricity, natural gas, water, waste treatment and transportation. SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and control industrial processes.
This blog post will introduce SCADA systems fundamentals that will help analyze security considerations.
Remote monitoring is widely considered one of the most difficult applications to do in a cost-effective way. Remote monitoring using SCADA systems has traditionally been a very difficult and expensive task. SCADA systems have traditionally used their own communications networks, and the security has been largly based on keeping the SCADA network separate from public networks and fact that not many people know the special protocols used on those systems (=security by obscurity).
Internet technologies have made the remote monitoring easier and more cost effective in many applications, but on the other hand has created new set of risks related to hacking. If you connect a remote monitoring system that uses insecure communications protocol to Internet, sooner or later somebody can figure out how to hack into your system. If your system is just doing monitoring, somebody hacking can stop our communications or worse can feed you with false data. If your remote monitoring system is also used to control something, then risks are far greater.
There isn’t a single security solution capable of addressing all existing and future risks. It’s necessary to implement a series of different defenses across the system. Deploy safeguards throughout the platform to provide a robust protection against the vast majority of attacks.
Modern SCADA systems are typically designed for security using platforms similar to typical networked clients, such as laptops and workstations. There are also some specific considerations. Security systems easily become complicated. Unfortunately as the complexity of securing devices increases, so does the risk of vulnerabilities slipping past equipment manufacturers and IT organizations. Industrial control systems (ICS), distributed control systems (DCS), supervisory control and data acquisition systems (SCADA) have all been around for decades, but thanks to Stuxnet, DuQu and other major incidents, these systems have recently began receiving serious security consideration.
Cyber security is war. You have to defend your systems from all sorts of outside attackers, and if one that’s skilled and determined gets you in his sights, defending yourself may be tougher than you think. Once an attacker breaks through a hardened perimeter, moving around inside is usually pretty easy. That’s why defense in depth with incident detection, response, and attribution is so important.
Security is all about layers. You can’t ever block everything on one place so you need layers of security to protect yourself. The enterprise can put lots of devices and layers to protect themselves and customers, because you can’t be 100 percent protected against everything with only one solution.
Want it Secure? Target Both Design and Data Security article says that in today’s increasingly connected world, security applies to servers as well as mobile and remote embedded devices. The latter are often exposed to physical tampering while data travelling over networks is exposed to compromise and hacking. Security depends on securing the complete connected universe.
How safe is your network? Is Your Network Safe? article tells that just a few years ago, plants didn’t have to worry about the safety of their networks. From an IT point of view, plants were silos — succinct and secure. That changed over the past decade. To improve efficiency, plants connected out to the company’s back office and beyond to suppliers and customers. Most of the connectivity runs along Internet connections. This extended network prompted a battle between the organization’s IT team and the control folks on the factory floor. If your plant is running 24/7, you can’t add patches and reboot without shutting down the plant. In addition, the plant is now vulnerable to hacking (terrorists, hackers, competitors and disgruntled employees).
Six Ways to Improve SCADA Security blog article tells that when it comes to securing SCADA networks, we are usually years or even decades behind when compared to securing typical IT networks. The article presents some of the SCADA security’s most daunting challenges along with some recommendations to secure SCADA networks.
1. A SCADA network is inadvertently connected to a company’s IT network or even to the internet
2. ‘Data presentation and control’ now runs off-the-shelf software
3. Control systems not patched
4. Authentication and authorization
5. Insecure ‘datacommunication’ protocols
6. Long life span of SCADA systems
Understanding cyberspace is key to defending against digital attacks article tells that in recent years, there has been one stunning revelation after the next about how such unknown vulnerabilities were used to break into systems that were assumed to be secure.
Growing numbers of other kinds of machines and “smart” devices are also linked in to Internet: security cameras, elevators and CT scan machines; global positioning systems and satellites; jet fighters and global banking networks; commuter trains and the computers that control power grids and water systems. “We have built our future upon a capability that we have not learned how to protect,” former CIA director George J. Tenet has said.
“Companies want to make money” “They don’t want to sit around and make their software perfect.” Many of vulnerabilities are related to errors in code designed to parse data sent over the Internet. The software makers often failed to heed the warnings from security researchers and some vulnerabilities remained for a long time. And even in cases where the manufacturer has a fix, the customer might hot apply it any time soon because in many cases you can’t add patches and reboot without shutting down the plant.
Want it Secure? Target Both Design and Data Security article says that adding robust security features to a design can substantially impact the complexity, power consumption and cost of a system. These challenges include supporting the computational complexity required to run advanced cryptographic algorithms; providing secure insertion and storage of encryption keys, and authenticating and encrypting data exchanged over public network connections.
344 Comments
Tomi Engdahl says:
Mitigate cyber security hazards in smart grids
http://www.edn.com/design/wireless-networking/4437144/Mitigate-cyber-security-hazards-in-smart-grids?elq=154061b26c17454397df1aead6e3340d&elqCampaignId=20152
Smart grids employ information and digital communication technology to gather information (such as about the usage demands of consumers) in an automated fashion, and they act upon it to bolster the reliability, economy, efficiency, and sustainability of generation and distribution of electricity. In the process, they advance consumer participation in grid operations, thereby facilitating the integration of all involved. The whole concept of smart grids addresses environmental issues and power delivery constraints and disturbances
The security of smart grids is one of the most daunting issues. Gaining access to the entire network has never been easier, for nodes (mostly meters) in case of such grids, cannot be all guarded by secured servers or be kept under surveillance all the time. Imagine the colossal amount of losses a fame-hungry hacker could cause to the utility, if he were to exploit any of the vulnerabilities of these grids. All that one has to do to attack is to become a customer of the utility. Not only does this provide ease of access to the nodes, but the existing state of lack of security of the supervisory control and data acquisition (SCADA) systems, which are the very heart and soul of these grids, is of great concern
Traditional Network Objectives
The four main objectives that traditional information technology (IT) and SCADA networks focus on are confidentiality, availability, integrity, and timeliness.
Confidentiality means that only the authorized person should have any access to information related to the specific systems (or the users of the grid). Any user’s information could be readily available in the grid network, and if this data is not secured, it could easily spell a disaster in the attacker’s hands.
Availability means that any component of the system should be available for use as and when it is needed. In the context of a smart grid, it could simply mean that power supply is available in an uninterrupted fashion to the user.
Integrity or authenticity implies that any correspondence received from the user’s end (or any node of the grid) should be thoroughly authenticated, and only then shall it be acted upon. This means that not only the contents of each message should be verified and authenticated, but the source of the message shall also be confirmed.
Timeliness expresses the time criticality of control systems. It includes the timeliness of any related data being delivered in its specific, given time period, i.e., the data is only valid in its given time period, and the responsiveness of the system. Hence, it should be made sure that only the right data is processed at a given time.
Threats and Vulnerabilities
Vulnerabilities gives attackers access to the network, enabling them to break the confidentiality and integrity of the transmitted data, destroy the timeliness of the service, and/or make the service unavailable.
Types of Attacks
Attackers can affect the system in many ways, which are mainly classified as attacks on components, protocol systems, or topologies.
New Challenges
Unfortunately, a rubric security solution such as one used for an IT network, cannot be used for smart grid applications because there are many dissimilarities in terms of usage, topology, etc. between the two. IT networks have a flexibility of rebooting or updating in case of any malfunctioning whereas this is not possible with Smart Grids as a system cannot shutdown even for a small duration
The following points should be considered while developing such solutions:
• It should be compatible with any kind of operating system.
• System performance should not be hampered.
• It should be easily upgradeable without much hardware changes.
• It should be tolerant to minor instances of misuse by the operator.
• Security solution should not be as large or expensive as to make its use prohibitive.
Looking Ahead
Security systems for future smart grids should:
Inculcate the Internet protocol version 6 (IPV6) as a smart grid communication protocol along with synchrophasor security, behavioral economics, and remote controllability of energy sources.
Use PKI in the smart grid, as discussed above.
Resolve privacy concerns regarding customer information and the power system data transfer via the smart grid.
Implement a robust security approach for the smart grid as a future priority to achieve proper authentication in any device communication via the smart grid.
Secure the trusted device profile and implement and develop the smart grid certificate lifetime.
Address all the newly created vulnerabilities of the smart grid.
Tomi Engdahl says:
Automating automation: Why do smart devices have to be configured manually?
http://www.controleng.com/single-article/automating-automation-why-do-smart-devices-have-to-be-configured-manually/d1274dee29643ecfec65420ee2f5b558.html
While smart instrumentation and field devices have highly sophisticated capabilities, configuration is still a mostly manual process. Users want to know why they still have to perform this action (and many others) the hard way. This is the Control Engineering October 2014 cover story for the print and digital edition.
Over recent years, Control Engineering has discussed developments in smart field devices from time to time. Mostly the discussion has concentrated on capabilities being added to the transmitters, but there have also been considerations of how difficult it can be for that information to get to the control system because older device-level networks can’t handle it.
Some of that has to do with the reality of industrial networks in actual manufacturing plants. Most process units that are more than a few years old operate with a mish-mash of automation equipment installed at different times since the plant was first built. When that happens, most systems end up working in a lowest-common-denominator mode where overall performance is not any better than its oldest part. This is often visible in the networks that talk to field devices if they’re just plain analog.
Control system vendors have offered more sophisticated capabilities beyond plain analog I/O for quite a while. Native HART-enabled I/O has been around for years, although many companies with older systems have yet to implement it. (Companies that see no reason to improve and are happy with what they have using dumb I/O are not the concern of this discussion.) Most of what has been deployed in the way of HART devices and infrastructure (HART-enabled I/O and multiplexer installations) uses HART 5, which has been around since the early 1990s. More recently, several of the major system vendors have introduced configurable I/O that can be changed via software or a hardware module.
Many users are very enthusiastic about the new configurable I/O systems that are now on the market. They see such systems as evidence that vendors do listen, and want to take advantage of this huge move forward in flexibility.
Tomi Engdahl says:
How many people will be running your plant?
http://www.controleng.com/single-article/how-many-people-will-be-running-your-plant/605bfd7ed93a1606f50e38e247924de3.html
Process manufacturers have to deal with basic head count challenges. The answer may be fewer people than you think, but how do you find the right number?
Tomi Engdahl says:
Support-focused enterprise controls series
http://www.controleng.com/single-article/support-focused-enterprise-controls-series/662b0c8044f5525389df824cf7ad804c.html
This article is the introduction for a series of five articles that explore the critical components of a support-focused controls system.
Since the development of PLCs, manufacturers have shed the use of relay-based control systems, reaping the panel space and diagnostic benefits. However, manufacturers have not realized significant maintenance savings costs. This is a result of machine suppliers providing chaotic PLC applications that offset the maintenance costs by increasing support costs. The cost increase is directly associated with how PLCs make it possible to increase the sophistication and flexibility of automated machines. As a result, there is an increased need for technicians to support many uniquely formatted PLC applications coming from various machine suppliers and system integrators. Each application is customized to fit the perceived needs of each machine. Unlike simple relay-controlled machines that have a small number of circuits, new PLC applications have thousands of custom logic circuits. These circuits must be understood before technicians can safely change them to support the manufacturing process. Understanding the many different circuits becomes the maintenance-related support problem. The problem surfaces when technicians are pressured to quickly identify device failures or make repairs, or the logic changes before restoring a machine to an operational state. The cost of production delays increases maintenance-related support costs.
Another indication of the maintenance-related support problem comes from the ongoing debate about whether control systems should be PC-based or PLC-based applications. PC-based advocates argue that computer environments help designers to produce structured applications that are easier to support, whereas those wanting PLC-based controls explain why logic circuits are needed to support the agile nature of flexible machines. Both sides have valid points. So what is the answer? There are PC-based designs running in industry today. However, under close examination these applications function in support of machines that have rigid sequences. Therefore, the answer is likely a hybrid solution where a PC-based application enables a standard design and the operational support of PLC-based logic circuits. It is not hard to understand that the current development methods are expensive to execute and the finished products are difficult for technicians to support. Furthermore, it is hard to imagine that the design process used in the 20th century to produce, debug, and reproduce logic circuits will continue indefinitely into the future.
For a support-focused enterprise control system to be widely accepted, it must force designers to shed many of the bad programming practices found in today’s applications. These bad practices are typically associated with shortcuts designers take to replicate their designs. Some of the practices have been unknowingly enabled by PLC manufacturers that equip controllers with advanced features. The misuse of these features is just one of many reasons designs go off in chaotic directions. Other aspect are related to logic styles preferred by different designers. The misused features and erroneous styles only act to conflict with a support-focused design. This is mostly a result of support personnel not understanding the reason for various rung constructs to enable similar tasks. The basic logic design premise targets technicians understanding logic over original equipment manufacturer (OEM) designers providing logic based on quick replication and configuration processes.
The control system designs for these machines included the following types of applications.
Event-based application: a software program that uses a specific event to launch a logical series of examinable steps that either pass or fail.
State-based application: a software program that examines many discrete variables to identify the physical state of mechanisms before enabling movement.
The control system programs for these multistation machines included both event- and state-based applications. The event-based applications were simple circuits used to move data, and latch and unlatch Boolean signals. The state-based applications sequentially enabled outputs to control a set of machine mechanisms. Each machine state is a set of examinable signals that are in a known pattern before the mechanism moves. The idea was to divide the machine’s mechanisms into sequential motion groups. These were the mechanisms that sequentially cycled together, asynchronously from other machine mechanisms.
The design process included constructing a matrix for each motion group. The matrix had columns to represent a mechanism’s movement, and rows to represent the state of sensors and interlocks from other sequential motion groups.
Most engineers are occupationally biased and fall into one of the following expert categories:
Start-up expert: a person who is responsible for making a machine, conveyor, and all associated applications work in the field.
Controller expert: a person who works for a specific industrial automation controller manufacturer as a hardware and/or application engineer.
Controls expert: a person who works for a machine or conveyor supplier as a controls engineer.
Plant expert: a person who works for a manufacturer as an automation engineer in support of plant-specific manufacturing processes.
Many start-up experts do not have engineering degrees but have a wealth of controls-related field experience.
Most discrete part manufacturers do not recognize the differences between controls and start-up experts. Both types of experts work on machines or conveyors but during different phases of a project.
Support-focused controls system overview
All PC-based design tools provide a common approach for modeling manufacturing processes and generating associated control applications. Most use block flow diagrams that define the start, decision, and end points of a process. The actual code structures are usually built into the various execution blocks. This is contrary to the way PLC-based designers produce their programs. Most simply cut-and-paste a previous design to create the next. Many simply visualize the process and then tackle the area of the application that will allow them to quickly generate a high percentage of logic. Until now, there were no rules critical to generating a PLC-based application. To enable others to recognize the rules of a support-focused control application, strategists and/or designers of the tool need to understand the critical steps and components to this new development process
A support-focused control system reduces integration costs by providing an application environment that standardizes triggers and applications. This means both control and upper-level system applications can be tested and placed into production. This eliminates the time and cost associated with using program emulators, and debug-related deployment delays. Overall, a product of this nature would eliminate the need for system integrators who typically layer controller-based applications while producing redundant or custom trigger circuits to enable upper-level system applications.
Tomi Engdahl says:
Achieving Real-Time Performance on a Virtualized Industrial Control Platform
http://www.techonline.com/electrical-engineers/education-training/tech-papers/4432343/Achieving-Real-Time-Performance-on-a-Virtualized-Industrial-Control-Platform?_mc=NL_EDN_EDT_EDN_designideas_20141118&cid=NL_EDN_EDT_EDN_designideas_20141118&elq=8d7fac3a771b48ee807e71167866bca2&elqCampaignId=20230
Virtualization has increased equipment utilization and lowered costs in data centers. Now the technology is making its way into industrial controllers. Equipment developers can consolidate real-time and non-time-critical applications onto a single board to streamline operations, improve productivity, and reduce cost and complexity, thanks to advances in real-time operating systems (RTOSs), lightweight hypervisors, and hardware-assisted virtualization that boost system responsiveness. There is a concern these platforms cannot deliver the real-time and deterministic response required by advanced automation processes.
Tomi Engdahl says:
Whitelist Helping Identify Industrial Control Malware
http://www.eetimes.com/document.asp?doc_id=1324859&
Cyberattacks on industrial controls systems (ICS) such as SCADA have been increasing, as the discovery of the Blackenergy and Havex malware this year indicates. And the increase has been dramatic. According to a recent report from NSS Labs, reports of ICS cyberattacks have risen 600% since 2010.
Unfortunately, according to Billy Rios, a security specialist and the founder of Laconicly, much of the binary code in ICS systems is not digitally “signed,” making it difficult to determine which code segments have been corrupted or simply do not belong. To ease that determination task, Rios started a personal project to create a whitelist of SCADA installation files that are known good, gathered from original installation media and running systems. He has released that whitelist as a free online service under the name WhiteScope.
The WhiteScope project gives users the ability to compare the file contents in their systems against the files in the whitelist using file hashes. It can be a tedious process,
However, Rios says that WhiteScope is not a fully comprehensive database, so a miss when seeking to compare a file does not necessarily mean that the subject file is invalid.
WhiteScope – An Online ICS/SCADA Whitelist
http://www.icswhitelist.com/static/about.html
WhiteScope is a free service that compares file contents and file hashes with “known good” files from ICS/SCADA installation media.
WhiteScope maintains a database of file hashes, registry changes, processes, and loaded modules for ICS/SCADA software. These artifacts were gathered from installation media and running systems. The whitelists can be used for initial triage during incident response engagements, security assessments, intrusion detection/prevention products.
Tomi Engdahl says:
Monitoring power and energy to control service costs
http://www.controleng.com/single-article/monitoring-power-and-energy-to-control-service-costs/36991c62ea0242ea29183941281c7631.html
Technology Update: Increased operational efficiency and lower energy costs can result from gateways that provide data acquisition and protocol translation capabilities that enable original equipment manufacturers (OEMs) to select the level of functionality required to reduce equipment support costs. Smart meters, relays, and other monitoring devices on power distribution and manufacturing equipment can show real-time power quality and energy use.
Tomi Engdahl says:
Integrated HMI, Control and Communications Platform for Industrial Automation
http://rtcmagazine.com/articles/view/103650
The advance of integration and the standardization of system interfaces significantly increases the performance and efficiency of industrial control systems. The next step is the integration of control and interface functions onto a single die that unites CPU with FPGA.
Tomi Engdahl says:
Automating automation: Why do smart devices have to be configured manually?
http://www.controleng.com/single-article/automating-automation-why-do-smart-devices-have-to-be-configured-manually/d1274dee29643ecfec65420ee2f5b558.html
While smart instrumentation and field devices have highly sophisticated capabilities, configuration is still a mostly manual process. Users want to know why they still have to perform this action (and many others) the hard way. This is the Control Engineering October 2014 cover story for the print and digital edition.
Tomi Engdahl says:
Highly Integrated Micro PLC
http://www.eeweb.com/company-blog/maxim/highly-integrated-micro-plc
Maxim Integrated recently releases a new white-paper which features a highly integrated micro PLC device that enables factory of the future. To explore more about the Industry 4.0 and PLCs, this document will be of great help.
Industry 4.0 is creating new opportunities in the equipment market, as manufacturers transition from traditional programmable logic controllers (PLCs) to Micro PLCs and Embedded PLCs. Learn new strategies to meet customer demands for more functionality in less space in a recently published white paper from Maxim Integrated Products, Inc.
Tomi Engdahl says:
Serious Vulnerabilities Found in Schneider Electric’s ProClima Solution
http://www.securityweek.com/serious-vulnerabilities-found-schneider-electrics-proclima-solution
The ProClima configuration utility developed by Schneider Electric is affected by several command injection vulnerabilities, the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) reported on Tuesday.
ProClima is a thermal management software used in sectors such as energy, commercial facilities, and critical manufacturing, mainly in the United States and Europe. The solution processes thermal data, such as temperature and humidity, in order to define the right thermal management choice (ventilation, control, heating and cooling functions) for installed equipment.
The security holes, which according to Schneider Electric are ActiveX Control vulnerabilities, were discovered by researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc, and reported through HP’s Zero Day Initiative (ZDI). Successful exploitation could allow a remote attacker to execute arbitrary code.
The vulnerabilities can be exploited even by an attacker with a low skill level. However, ICS-CERT says there’s no evidence that they are being exploited in the wild.
As always, ICS-CERT advises organizations that use ProClima to minimize the network exposure of control systems and devices, and isolate them from the Internet. For cases where remote access is required, the use of virtual private networks (VPNs) is highly recommended.
Since Schneider Electric’s products are widely deployed, they are targeted by many researchers who specialize in ICS security.
Tomi Engdahl says:
Machine Safety: Risk of an actuator wired to general machine control versus safety controller
http://www.controleng.com/single-article/machine-safety-risk-of-an-actuator-wired-to-general-machine-control-versus-safety-controller/df3b49218dc62d1c94ffb08eb6da02e2.html
When deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period. For machine hazard mitigation, review these four points when considering risks and reliability of controllers versus safety controllers, defined by IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements).
There are generally several devices on a machine to actuate a safety function. When safety-related devices are wired to general purpose control will they achieve their intended safety function reliably? My initial answer is NO! What’s yours?
This discussion generally comes about when someone looks at the functions of a machine and is trying to identify safety-related functions. This is actually the recommended course of action by many safety experts. And, sometimes this approach is part of a larger safety assessment of a machine. By identifying the safety functions, someone is determining the machine’s hazards and the possible mitigation steps for each hazard.
So, in my opinion, when deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period.
4 considerations: general controller versus safety controller
1. A general controller is designed and programmed to accomplish many functions as it scans the entire program and control system.
2. A safety controller is designed according to IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements) and must include redundant processes for all safety-related functions.
3. No redundancy: General purpose controllers are not required to have redundant processes or an interrupt capability to immediately actuate a demanded safety function as do safety controllers.
4. In a queue: An input from an e-stop device connected to a general purpose controller can go into a queue of many things for the controller to do, and at some undetermined point in time (which may or may not reduce risk for the employee) stop the machine.
It’s difficult to measure and mitigate risk to life and limb with a “maybe.”
Tomi Engdahl says:
Factory acceptance testing with system simulators
http://www.controleng.com/single-article/factory-acceptance-testing-with-system-simulators/82a5f83b7a417b04dad4fae9075c281b.html
System simulators allow developers to test most of a new control system, but not the entire system. See 6 tips for the factory acceptance test (FAT) phase of your project.
Virtual machines and control system simulation have been a great help in checking out systems during development. These have allowed the developer to be able to check out the control system code prior to installation. Most factory acceptance tests (FATs) are conducted using a simulated system or part of the real system that will be used for final installation.
I have heard several times during the site acceptance test (SAT) or commissioning phase of the project: “I thought the system was completely tested during the FAT.” One should remember that usually the instrumentation is not present during the FAT. Unless the testing team follows a rigorous test plan that includes checking signal ranges, controller loading, etc., the commissioning team may run into surprises during startup. Although issues that arise are not usually show stoppers, they do take time to resolve.
Tomi Engdahl says:
Rockwell: Security a business enabler
http://www.controleng.com/single-article/rockwell-security-a-business-enabler/fb7f9fd02b72649b8db0f7b6404c03ab.html
Security awareness is on the rise throughout the industry. Security is becoming a business enabler that can provide manufacturers more than just an insurance policy.
Security is truly a business enabler that can provide manufacturers more than just an insurance policy. It can show real bottom line results by allowing manufacturers to keep their systems up and running and more productive.
That was one of the ideas behind a discussion with Rockwell Automation and Cisco before Rockwell’s Automation Fair 2014 kicked off in Anaheim, Calif.
Security awareness is on the rise throughout the industry, but the idea of security being a business enabler is not resonating yet. But it will.
“Most manufacturing companies don’t get it yet,” said Bryan Tantzen, senior director of discrete manufacturing in the Connected Industries Group at Cisco Systems.
Mitsubishi Electric
“Cyber is a board level issue,” said Rick Esker, senior director of Industry Solutions Group-EcoSystems Global Domain Leader, II and CRE at Cisco. “It is at the top of the shop. Security is a necessary entity.”
“We can’t tell a manufacturing company they have to invest in security by scaring them, that just won’t work,” said Sujeet Chand, senior vice president and chief technology officer at Rockwell Automation. “When they think about security, the change will occur incrementally.”
“More customers are having IT take over networking on the OT side,” Chand said. “I can’t remember any meeting I have had where there was not an IT person in the room.”
Tomi Engdahl says:
ICS attack responses
http://www.controleng.com/single-article/ics-attack-responses/58314381955e5f06452482dbfe761b37.html
Attacks can happen anywhere and anytime and they don’t have to be major attacks by nation states. They could come from inside or outside. Professionals in the control environment need to understand the security lifecycle where the user goes from assessing to implementing to maintaining the system.
For those manufacturers who still feel they are “too small” to suffer from a cyber attack or are not “significant enough” players, should take warning. Attacks can happen anywhere and anytime and they don’t have to be major attacks by nation states. They could come from inside or outside.
In essence, professionals in the control environment need to understand the security lifecycle where the user goes from assessing to implementing to maintaining the system. The catch is, though, security is not a one off solution, so the lifecycle keeps evolving and going in a circular motion.
Whether it is an unintentional cyber incident or a deliberate attack, security continues to be a vital part of the automation industry and it will remain, with safety, a growing area of concern for manufacturers in the coming years.
The team was unable to conclusively determine if the suspected employee had unauthorized access on the date of the overflow or if that access resulted in the basin overflowing. The factors that significantly contributed to the inconclusive findings included:
Each host did not record logon events
Only one username ended up used throughout the network
A lack of network monitoring systems in place could verify the activity
Logging was not enabled or was irrelevant for any of the remote access tools seen on the hosts (pcAnywhere, RealVNC, NetVanta VPN client, WindowsRemote Desktop)
Operating system records ended up eliminated due to the age of reported access event.
This is a perfect example of the importance of detailed logging capabilities and policies related to logging analysis. Also, network administrators should implement least privilege practices and ensure each user has unique logon credentials that provide access to only those systems the employee needs to control.
“Security right now is about short term tactical measures like patch management or installing antivirus,” Langill said. “Security has to get to thinking about strategic controls or long term planning. There are other things that can help solve the issues,” he said. One of those areas he mentioned paying closer attention to logging data.
“We are having to deal with problems today that we didn’t have to deal with yesterday,” Langill said. “Securing against tomorrow’s events means users must improve access control, gain situational awareness, and plan for a cyber incident.” Attacks against industrial sites are continuing
Tomi Engdahl says:
Most used Ethernet protocols
http://www.controleng.com/single-article/most-used-ethernet-protocols/d73fc7d3aaed00e427e44c140e20fc0d.html
Table provides governing organizations and websites for the most-used Ethernet protocols among 200 respondents to the Control Engineering Mobility, Ethernet, and Wireless Study, November 2013.
Ethernet for automation
http://www.controleng.com/single-article/ethernet-for-automation/2628cbf2a8ff06ec7cfa72303b34a5ec.html
Get network infrastructure help, choose the right Ethernet protocol, get along with IT, and integrate. This Control Engineering July print and digital edition article integrates five online articles offering industrial Ethernet advice; link to each article here.
Integrating Ethernet into automation can start at the lowest levels, continue through process control level for controller-to-controller networking, on to the enterprise network level for SCADA and reporting. Ethernet can be the only network used to conduct the business of manufacturing.
EtherCAT: Ethernet for automation, best practices
EtherNet/IP: Ethernet for automation
Profinet: Mediate the rift between control engineering and IT
Tomi Engdahl says:
EtherCAT: Ethernet for automation, best practices
http://www.controleng.com/single-article/ethercat-ethernet-for-automation-best-practices/da33e2e1f250fc7d9d49dcca9a9561c3.html
Integrating Ethernet into automation can start at the lowest levels, continue through process control level for controller-to-controller networking, on to the enterprise network level for SCADA and reporting. Ethernet can be the only network used to conduct the business of manufacturing.
Due to hardware integration in the slave and direct memory access to the network controller in the master, the complete EtherCAT protocol processing takes place within hardware and is fully independent of the run time of protocol stacks, CPU performance, or software implementation. The update time for 1,000 EtherCAT I/Os is only 30 µs, including I/O cycle time. Up to 1,486 bytes of process data can be exchanged in one Ethernet frame, equivalent to almost 12,000 digital inputs and outputs. The transfer of this data quantity takes only 300 µs. One EtherCAT master can communicate with 65,535 slaves in one network.
At the process control level (controller-to-controller or master-to-master communication), EtherCAT Automation Protocol (EAP) is an EtherCAT-based communication protocol using IP, independent of the physical layer. As a result, communication via gigabit Ethernet or even wireless is possible. EAP enables communication between controllers to exchange process parameters, distribute non-real-time parameters and data, and configure lower level devices from upper level systems. With EAP, the exchange of high-performance data can be managed in a millisecond cycle. If data routing between distributed machines is required, process data can also be transmitted via UPD/IP or TCP/IP.
While the EAP protocol is not real-time, it does streamline process control data exchange.
Tomi Engdahl says:
EtherNet/IP: Ethernet for automation
http://www.controleng.com/single-article/ethernetip-ethernet-for-automation/a4c33f1446df4f00ab31dac4bd69fca2.html
In deploying industrial Ethernet, plant engineers and IT departments should use an Ethernet solution designed and established to connect across applications and from the end customer’s IT infrastructure down to assets on the factory floor. EtherNet/IP delivers the real-time performance, resiliency, and security of proven, but technically mature, fieldbus solutions, with the bandwidth, open connectivity, and future-proof adaptability of standard Ethernet, ODVA explains.
Tomi Engdahl says:
Computer intrusion inflicts massive damage on German steel factory — A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.
Computer intrusion inflicts massive damage on German steel factory
Blast furnace can’t be properly shut down after attackers take control of network.
http://arstechnica.com/security/2014/12/computer-intrusion-inflicts-massive-damage-on-german-steel-factory/
A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.
The attackers took control of the factory’s production network through a spear phishing campaign, IDG said, citing a report published Wednesday by the German government’s Federal Office for Information Security. Once the attackers compromised the network, individual components or possibly entire systems failed. IDG reporter Loek Essers wrote:
Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,”
The incident is notable because it’s one of the few computer intrusions to cause physical damage. The Stuxnet worm that targeted Iran’s uranium enrichment program has been dubbed the world’s first digital weapon, destroying an estimated 1,000 centrifuges. Last week, Bloomberg News reported that a fiery blast in 2008 that hit a Turkish oil pipeline was the result of hacking, although it’s not clear if the attackers relied on physical access to computerized controllers to pull it off. The suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb. Critics have long argued that much of the world’s factories and critical infrastructure aren’t properly protected against hackers.
Tomi Engdahl says:
Easily Exploitable NTP Vulnerabilities Put ICS Operators at Risk
https://www.securityweek.com/easily-exploitable-ntp-vulnerabilities-put-ics-operators-risk
Security researchers Neel Mehta and Stephen Roettger of Google’s Security Team recently discovered vulnerabilities in the Network Time Protocol (NTP), a service that helps synchronize system times over a network, including some flaws that could enable an attacker to take control of or crash a system.
According to the disclosures, several vulnerabilities exist, including buffer overflow vulnerabilities (CVE-2014-9295) that could allow a remote attacker to send a specially crafted request packet that could crash the NTP daemon (ntpd) or execute arbitrary code with the privileges of the NTP user.
The biggest concern is that the vulnerabilities can be easily exploited remotely by a low skilled attacker with exploits that are already publicly available.
Tomi Engdahl says:
Siemens issues emergency SCADA patch
Remote exploits plugged in WinCC
http://www.theregister.co.uk/2014/11/27/siemens_issues_emergency_scada_patch/
Got Siemens SCADA? Get patching: the company has issued updates for software using its WinCC application to plug a bunch of remotely-exploitable vulnerabilities.
According to the ICS-CERT advisory, versions of the company’s SIMANTIC WinCC, SIMANTIC PCS7 and TIA Portal V13 (which includes a WinCC runtime) are all vulnerable.
Both vulnerabilities can be exploited with “low skill”, the advisory states, with ICS-CERT adding: “Indicators exist that this vulnerability may have been exploited during a recent campaign.”
Tomi Engdahl says:
‘Things’ on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
http://www.theregister.co.uk/2014/07/30/each_internetofthings_thing_contains_25_vulnerabilities/
Ten of the most popular Internet of Things devices contain an average of 25 security vulnerabilities, many severe, HP researchers have found.
HP’s investigators found 250 vulnerabilities across the Internet of Things (IoT) devices each of which had some form of cloud and remote mobile application component and nine that collected personal user data.
Flaws included the Heartbleed vulnerability, cross site scripting, weak passwords and denial of service.
Tomi Engdahl says:
Why is Modbus TCP not being more regularly discussed as a good protocol for M2M applications? Either technically, politically or commercially? Any thoughts?
https://www.linkedin.com/groups/Why-is-Modbus-TCP-not-108418.S.5876795524283133955
Only thing I can see is that it is a poll / response setup and as such not very bandwidth efficient on costly GPRS networks? That said, I thought the ability to push messages was included Modbus TCP?
HI David – Modbus TCP was good in it’s day, but is really designed for SCADA style applications. As you have identified, it is bandwidth intensive, and also slow in operation due to the polling mechanisms, but more importantly it’s pretty restricting in the volume and type of data it can transport. Crucially, a user has to know a lot about the remote device in order to get any meaningful data from it, which leads to the continued deployment of closed ‘device centric’ architectures, as opposed to the data centric ones we need for IoT style applications.
From a cellular perspective, it doesn’t sit well with remote origination, and needs fixed and public IP addressing, which again is not the best starting point. It is still a huge protocol in terms of legacy deployments (as is serial modbus), so companies do need a strategy to integrate these devices onto more modern IoT style systems, which is where devices like our multiservice gateways come into play. Hope this helps
Probably because most things that tunnel across TCP/IP are niche standards (Serial, SCSI, ModBus, CAN, et al) that are leveraging a transport that uses low cost COTS hardware from Ethernet/WiFi/Wireless to stay relevant. If you have TCP/IP support natively, and have built Ethernet 10/100/1000 on to a board, wouldn’t UDP/TCP sockets, and internet protocols be the way to go?
Thanks for the good comments guys but let me define my reasoning a bit better:
its a defined protocol on TCP port 502
it can move digital or analogue values in a pre-defined fashion
open source stacks are readily available
Server side can be easily squared away with a Modbus map
Legacy serial devices can be easily added by means of a gateway
Its tried and tested
There are 1000s of devices that can be pulled of the shelf and used straight away
Modbus TCP compliant SCADA packages mean little or no server side programming
The biggest challenge is that natively I don’t think it supports transport of remote time stamps, something that is critical in a scenario where comms may be down.
In more detail and probably not exhaustive list but enough:
There is no SOE (sequence of event capability) in Modbus, which needs timestamps as a minimum.
The protocol is not fully deterministic in that it does not add the source address into the packets, which will prevent multi master functionality etc
Overhead, no timestamp, no security, most people would still have to develop a sub protocol, perhaps OK for simple I/O but most people want beyond that now.
Of course you could always add the required functionality, such as every second and third word could be the time stamp etc … BUT then that is not modbus anymore…
Short answer: Modbus TCP is an inherently poll-response based protocol. Polling an unchanging value wastes bandwidth and costs money – a bad thing in the M2M/IoT space. MQTT uses a publish-subscribe pattern and is inherently exception-based. A lightweight exception-based protocol/transport saves bandwidth and money.
David’s question sounds familiar to me.
We are facing a situation where we have equipment talking modbus spread in a wide area.We are testing a gsm device that read modbus on regular basis (every 5, 10 or x minutes) and then transmit the data to a DB if the gsm link is up or store the data locally (including the read’s timestamp) if the link is down and then when it get’s up push all the data collected into the DB.
The main problem for us it that our Scada (and Scadas in general I guess) works pulling info from devices, one read from each variable defined every run period, but this is not our situation. In order to solve this problem I’m developing a software that reads the data from the gsm device DB and then it push it into the Scada, it’s a homemade solution that I don’t like really.
Dave I was wondering if you know a software (Scada/ HMI) that support the pull and the push schema as well.
The problem is not with the SCADA but with the choice of protocol. The protocols designed for telemetry type applications do support exception based comms. ie Where the device can “push” data to the SCADA. The standards are such as IEC-60870-104, DNP 3 (distributed network protocol), the problem with these is that they have all been designed by committees, for good reason but they are very extensive but very “heavy” protocols in terms of data. A lot of RTU manufacturers have developed their own and often then ship some OPC Server to allow the data to get into the SCADA Server. The added problem is that all to often SCADA servers aren’t designed to accept remote and historical time stamps and be able to handle this in terms of historical logs, alarms etc.
Tomi Engdahl says:
Got a GE industrial Ethernet switch? Get patching
Hard-coded RSA keys found in firmware
http://www.theregister.co.uk/2015/01/15/got_a_ge_industrial_ethernet_switch_get_patching/
GE is the latest industrial kit vendor to send users patching to protect against hard-coded credentials in Ethernet switches.
IOActive disclosed the vulnerability to ICS-CERT, which issued this advisory (details here CVE-2014-5418 and here CVE-2014-5419).
The vulnerability occurs in various GE Multilink managed Ethernet switches: the ML800, 1200, 1600 and 2400 versions 4.2.1 and older; and the ML810, 3000 and 3100 versions older than version 5.2.0.
In these switches, the RSA key used to encrypt SSL traffic is hard-coded in the firmware, which needs to be updated (the company has issued patch instructions here). ICS-CERT reckons the skill level needed to remotely exploit the vulnerability is low.
Tomi Engdahl says:
10 tips for Industrial Ethernet/IP deployments
http://www.cablinginstall.com/articles/2015/01/10-tips-industrial-ethernet-cisco-rockwell.html
1. Understand a networked device’s application and functional requirement
2. Enable a future-ready network design
3. Create structure within the plantwide Ethernet/IP network
4. Segment the logical topology into modular building blocks: Create smaller Layer 2 networks to minimize broadcast domains. Use virtual local area networks (VLANs) within a zone to segment different traffic types, such as industrial and nonindustrial.
5. Use managed industrial switches
6. Design and implement a robust physical layer reflecting availability and resiliency requirements
7. Determine application and network security requirements: Establish early dialogue with IT, considering applicable IT requirements. Implement a defense-in-depth security approach at multiple application layers such as physical, device, network and application, using an industrial security policy that’s unique from and in addition to the enterprise security policy.
8. Reduce network latency and jitter by using standard network protocols: Protocols include time synchronization using IEEE 1588 precision time protocol (PTP), quality of service (QoS) for control data prioritization and Internet Group Management Protocol for multicast management.
9. Increase control and information data availability: Implement a redundant path network topology such as a ring or redundant star. In addition, use a resiliency protocol to avoid Layer 2 loops while helping to ensure fast network convergence time.
10. Deploy a hierarchical network model using Layer 3 switches: Layer 3 switches support inter-VLAN routing between cell/area (Layer 2 network) zones and plantwide applications and servers.
Tomi Engdahl says:
Industrial Network Security: IPS Challenges in OT Environments
http://www.securityweek.com/industrial-network-security-ips-challenges-ot-environments
For quite a few years, enterprise IT departments have commonly addressed network security by leveraging Intrusion Prevention Systems (IPS). As we continue the discussion from my previous column (about the paradigm shift needed for designing security for the Operational Technology/OT environment vs. IT), there are interesting lessons learned from IT IPS experiences that OT can benefit from.
The first is to understand how attackers have bypassed traditional IPS IT solutions:
The Use of Smaller Messages – Many attacks evade enterprise IPS by breaking attacks into segments. IPS cannot reassemble these properly, because IPS does not understand the industrial protocol.
Without the ability to understand the significance or potential impact of a message, tuning an IPS to block an attack is virtually impossible without generating an exorbitant number of false-positives.
Leveraging Legitimate Protocol Functionality for Illegitimate Reasons – Attackers can use functions of an intended feature set of a control protocol for malicious purposes. Consider the damage that can be done to plant uptime and production if any of the following functions were used inappropriately:
• turning devices off
• changing IP addresses
• modifying names
• altering settings
• modifying firmware
• restarting devices
As an example, a subcontractor that performs a small portion of a larger process has misconfigured gear that can communicate with your equipment to modify coils, outputs, tags, and other parameters.
Control protocols provide access to a range of equipment functionality such as equipment administration, process control and process monitoring over a single TCP or UDP port.
Process monitoring relies on commands that are read-only, such that they return the state of a device’s memory but do not change the memory’s content or configuration of the device. These read-only commands are the least risky to the continuity and integrity of the process system but can be used by unauthorized users and attackers to gather system intelligence.
Bypass Exploit Signatures – Malicious exploits of code normally have short life cycles, which have traditionally prompted vendors of enterprise IT IPS to take the fastest short cuts in developing signatures. These signatures are very good at detecting known exploits, but insufficient in detecting the source vulnerability that initially led to the exploit. There is a clear danger that attackers can easily modify an exploit to bypass the signatures.
Mandating IPS
The Department of Homeland Security ICS-CERT has long advocated using IPS as a key preventative measure. The key to a successful IPS implementation in OT is implementing solutions and practices designed to meet the key specific security, technical, and business requirements of industrial networks. An industrial IPS must feature these types of vital protections and capabilities to ensure low risk of operational interference and high levels of plant-specific security.
A Deep Packet Inspection (DPI) engine – understands the industrial protocols relevant to industrial control systems. Protocol examples include PROFINET or CIP for industrial automation, IEC 6070-5-104 or IEC 61850 for electrical substation automation. Many others exist
Granular policy control – sets specific parameters to determine when communication is allowed. Actual parameters are highly specific to the industrial protocol.
Protection against vulnerabilities – ensures longer lasting security vs. protection against short-lived exploits. Industrial gear is designed to be in service for decades with minimal interaction from system operators, and device firmware might be on older revisions for extended periods. Protection needs to have high security efficacy to alleviate concerns about frequency of patch times that can disrupt operations.
The Next Step
Because many enterprise IPS solutions are not designed to protect industrial networks, system operators must opt for an industrial security solution approach that includes an IPS that fully understands industrial protocols and the specific context of each industrial command. In addition, knowing that industrial networks are difficult and costly to patch, the optimal solutions must have protection against vulnerabilities vs. exploits to ensure enduring, effective security. Simply leveraging existing IT solutions for an OT environment puts operations at risk of attack and operational disruption.
Tomi Engdahl says:
New Technology Detects Cyberattacks By Power Consumption
http://www.eetimes.com/author.asp?section_id=36&doc_id=1325409&
Startup’s “power fingerprinting” approach catches stealthy malware within milliseconds in DOE test.
A security startup launching early next week uses trends in power consumption activity, rather than standard malware detection, to spot cyberattacks against power and manufacturing plants. The technology successfully spotted Stuxnet in an experimental network before the malware went into action.
PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the Defense Department, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance.
Tomi Engdahl says:
10 tips for Industrial Ethernet/IP deployments
http://www.cablinginstall.com/articles/2015/01/10-tips-industrial-ethernet-cisco-rockwell.html
Tomi Engdahl says:
Industrial Network Security: IPS Challenges in OT Environments
http://www.securityweek.com/industrial-network-security-ips-challenges-ot-environments
For quite a few years, enterprise IT departments have commonly addressed network security by leveraging Intrusion Prevention Systems (IPS).
there are interesting lessons learned from IT IPS experiences that OT can benefit from. The first is to understand how attackers have bypassed traditional IPS IT solutions:
The Use of Smaller Messages – Many attacks evade enterprise IPS by breaking attacks into segments. IPS cannot reassemble these properly, because IPS does not understand the industrial protocol
Without the ability to understand the significance or potential impact of a message, tuning an IPS to block an attack is virtually impossible without generating an exorbitant number of false-positives. Such false alarms distract operators from real events, and unnecessarily add a heavy management burden to staff. Particularly in OT environments, where staff may be scheduled across 24/7 shifts, such a burden is magnified.
Leveraging Legitimate Protocol Functionality for Illegitimate Reasons – Attackers can use functions of an intended feature set of a control protocol for malicious purposes.
Bypass Exploit Signatures – Malicious exploits of code normally have short life cycles, which have traditionally prompted vendors of enterprise IT IPS to take the fastest short cuts in developing signatures. These signatures are very good at detecting known exploits, but insufficient in detecting the source vulnerability that initially led to the exploit. There is a clear danger that attackers can easily modify an exploit to bypass the signatures.
Mandating IPS
The Department of Homeland Security ICS-CERT has long advocated using IPS as a key preventative measure. The key to a successful IPS implementation in OT is implementing solutions and practices designed to meet the key specific security, technical, and business requirements of industrial networks. An industrial IPS must feature these types of vital protections and capabilities to ensure low risk of operational interference and high levels of plant-specific security.
Tomi Engdahl says:
Security platform targets industrial automation
http://www.edn.com/electronics-products/other/4438638/Security-platform-targets-industrial-automation?_mc=NL_EDN_EDT_EDN_today_20150212&cid=NL_EDN_EDT_EDN_today_20150212&elq=72a8cc97f090466193ce720224abf318&elqCampaignId=21615
Icon Labs, provider of embedded networking and security technology, has announced integration of its Floodgate security products with Mentor Graphics’ Nucleus RTOS and Mentor Embedded Linux. The integrated solution creates a secure platform for industrial automation and extends the “Internet of Secure Things” initiative into industrial control systems.
Icon Labs’ “Internet of Secure Things” Initiative defines a platform for developing secure, connected devices. The platform is designed to ensure that security is intrinsic to the architecture of the device itself and incorporates security management and visibility, device hardening, data protection and secure communications. Natively securing the devices simplifies protection, audit, and compliance independent of the secure perimeter, reducing the need for expensive and complicated security appliances.
Mentor states, “Icon Labs’ Floodgate product family provides a comprehensive security platform for developing secure, embedded devices using Nucleus and Mentor Embedded Linux.”
The integration of Icon Labs’ Floodgate products and Mentor Graphics’ embedded OSes provides:
· Security policy management
· Event and command audit log reporting
· Integration with the McAfee ePolicy orchestrator (ePO)
· Integrated embedded firewall
· Firmware and data anti-tamper support
· Integrated solution on both Nucleus and Mentor Embedded Linux
“Today’s modern industrial automation devices and systems are complex connected devices charged with performing critical functions,”
http://www.iconlabs.com/
Tomi Engdahl says:
Machine Safety: Risk of an actuator wired to general machine control versus safety controller
http://www.controleng.com/single-article/machine-safety-risk-of-an-actuator-wired-to-general-machine-control-versus-safety-controller/df3b49218dc62d1c94ffb08eb6da02e2.html
When deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period. For machine hazard mitigation, review these four points when considering risks and reliability of controllers versus safety controllers, defined by IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements).
There are generally several devices on a machine to actuate a safety function. When safety-related devices are wired to general purpose control will they achieve their intended safety function reliably? My initial answer is NO! What’s yours?
This discussion generally comes about when someone looks at the functions of a machine and is trying to identify safety-related functions. This is actually the recommended course of action by many safety experts. And, sometimes this approach is part of a larger safety assessment of a machine. By identifying the safety functions, someone is determining the machine’s hazards and the possible mitigation steps for each hazard.
So, in my opinion, when deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period.
Magnetrol
4 considerations: general controller versus safety controller
1. A general controller is designed and programmed to accomplish many functions as it scans the entire program and control system.
2. A safety controller is designed according to IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements) and must include redundant processes for all safety-related functions.
3. No redundancy: General purpose controllers are not required to have redundant processes or an interrupt capability to immediately actuate a demanded safety function as do safety controllers.
4. In a queue: An input from an e-stop device connected to a general purpose controller can go into a queue of many things for the controller to do, and at some undetermined point in time (which may or may not reduce risk for the employee) stop the machine.
Tomi Engdahl says:
Support-focused enterprise controls: Control system triggers
http://www.controleng.com/single-article/support-focused-enterprise-controls-control-system-triggers/2ae52e760ca1cde1cb0cf496f6259eef.html
Upper-level system applications rely on movement detection circuits to produce dependable triggers when objects enter, stop in position, and exit process stations. This is part 3 in a series on standardizing development of programmable logic controller (PLC) programming for controlling discrete manufacturing processes. See 5 ways to arm a sensing trigger.
Manufacturers cannot expect to be competitive and force control and information system designers to develop applications around the inferior mechanics of machines. Strategists must recognize that mechanical actuator and sensor placements can have a negative effect on all applications. Control system designers must recognize inferior mechanics and work to improve machine designs.
The following names are applicable to each sensed trigger position.
Entering trigger: A signal that activates when one or more sensors detect an object approaching a process station.
In-position trigger: A signal that activates when one or more sensors detect an object arriving at, or stopping in position, at a process station.
Exiting trigger: A signal that activates when one or more sensors detect an object leaving a process station.
Arming a sensing trigger 5 ways
Movement detection circuits are able to arm a trigger in one of the following five ways:
1. Arm when entering — A trigger circuit design that uses a momentary entering event signal to arm an in-position or next-to-exit trigger.
2. Arm when in position — A trigger circuit design that uses a momentary in-position event signal to arm a next-to-enter or a next-to-exit trigger.
3. Arm when exiting — A trigger circuit design that uses a momentary exiting event signal to arm the next-to-enter or next in-position trigger.
4. Arm post-exiting — A trigger circuit design that uses a momentary downstream event signal to arm a station’s next-to-exit trigger.
5. Arm when firing — A secondary trigger circuit designs that uses the firing of a primary trigger to arm another ancillary trigger.
Some control system designs do not adhere to the generic movement detection arming methods described above. Instead, they use hybrid trigger designs.
Tomi Engdahl says:
Machine Safety: Are machine builders shipping unsafe machines?
http://www.controleng.com/single-article/machine-safety-are-machine-builders-shipping-unsafe-machines/8eb1be3c6a796884432ec3c698d21c03.html
Can a U.S. original equipment manufacturer (OEM) ship a machine without safety integrated into or included as part of the machine? Aren’t there regulations requiring machine manufacturers to provide machine guarding? An example of basic machine safety is an emergency stopping device, such as an e-stop.
Tomi Engdahl says:
Intel Security Launches New Critical Infrastructure Security Platform
http://www.securityweek.com/intel-security-launches-new-critical-infrastructure-security-platform
Intel Security (fomerly McAfee) has announced a security platform designed to protect both new and legacy infrastructure within the electric power grid.
Dubbed Intel Security Critical Infrastructure Protection (CIP), the solution was developed in collaboration with the Department of Energy-funded Discovery Across Texas smart grid project including deployment at Texas Tech University, and is a joint project of Intel Security and Wind River.
Intel Security CIP works by separating the security management functions of the platform from the operational applications, allowing the operational layer to be secured, monitored and managed, the company explained.
According to Intel Security, the security platform can be applied with little or no changes to business processes or application software, and can be retrofitted onto many existing systems.
Features include protection such as device identity, malware protection, data protection and resiliency.
Intel believes the solution can be leveraged beyond the power grid and could be equally effective for departments of defense, oil and gas firms, medical applications, and other areas.
According to a study sponsored by Intel, “In the Dark: Crucial Industries Confront Cyberattacks,” of the 200 CIP executives surveyed globally, 32% had not adopted special security measures for smart grid controls. Yet 33% anticipated a major cybersecurity incident within 12 months.
“The risk of cyberattacks on critical infrastructure is no longer theoretical, but building security into the grid is challenging due to the amount of legacy infrastructure and the importance of availability of service,” Lorie Wigle, Vice President of Internet of Things Security Solutions for Intel Security, said in a statement. “Traditional security measures such as patching and rebooting are often inappropriate for the grid, so we set out to design something entirely different that could be non-invasive but simultaneously robust
Tomi Engdahl says:
Industry is undergoing a revolution
The factory halls is ongoing revolution, called the Industry 4.0. It requires more efficient and better performing and more severe packaged automation. Control logic is bound to collapse.
Production is running the correct revolution, which is often referred to as the Industry 4.0.
For manufacturers, this means a huge opportunity. Environment and process variations in the number of sensors is growing all the time. This will accelerate the transition to a distributed control architecture, the mill management to try to get rid of bottlenecks and to shorten the control loops by moving the control logic (PLC, programmable logic controllers) closer to the controlled processes. In the end, improved operational efficiency and productivity, leading to the mill operations in the largest reform since the discovery of the logic control.
For PLC developers to set this big challenge: In order to succeed in this market for system designers to keep to pack more I / O connections, and more features ever smaller dealers in boxes. . Many analog and discrete components, which have worked very well in the previous design, are simply too large to micro-PLC and embedded controllers. 4.0 Industry’s promise can only be realized by increasing the integration of the entire PLC system, all the components.
According to a recent market survey, most designers still believe that digital technology will bring the most opportunities for space savings. And yet, the digital circuits occupy only 15-20 per cent of the PLC module circuit board. The real problem is analog and discrete space occupied by the circuit board. These components consume up to 85 per cent use the cards in the PLC modules. Solving this problem requires a new approach to analog design.
Control logic have been in the industry change unifying factor always Modicon 084′s after the presentation in 1969. Thanks to the digital revolution, they have become more efficient at an accelerating pace over the years. Now they are able to handle more income, longer words and more complex instruction sets.
Today, innovations in analog and sensor technologies to facilitate manufacturers to take full advantage of the massive use of computing resources, as well as the factory lines and in the cloud. Industry 4.0 shows what is possible when you combine this intelligence everywhere to stick his perception, shared governance and sustainable, seamless connectivity.
I / O’s are an essential link in the control logic and a plethora of sensors and actuators between that industry requires 4.0. When manufacturers add sensors around the factory, the machine designers need to increase the channel density, even if the PLC under the guidance of the available space is shrinking all the time.
I / O isolation architecture offers the opportunity to save significant space in use. Traditionally, it is used as optocouplers per channel, wherein each opto-isolator is connected to the output of the microcontroller on a digital input. Today, the multi-channel circuits, such as MAX31911 can reverse, correct, and serialized 24-Volt digital sensor and switch the outputs of micro-controllers required by the 5-volt CMOS compatible levels. This approach may be needed to shrink the number of channels isolated to just three.
The higher I / O density and smaller housing sizes increase their design challenges in the second fundamental way, as a result of the inevitable heat output. The system must be more energy efficient than ever before, so that the control logic does not overheat. This is especially true for applications where cooling fans and air vents are not allowed.
In today’s signal processing, processing and communication circuits require very different power inputs, which often vary only a few volts or even within volts. This compounding the already complex electrical environment. With the addition of increasingly sophisticated energy-saving methods for a variety of power control means, sub-PSU-system price and complexity will increase.
Protect your new security threats
When the plant networks were closed systems, IT security generally related to roistomaisiin employees and internal data theft. These “good old days” are behind us, and they will not return. Today was connected to the control logic needs to be protected from a number of threats, including hackers, malware, and viruses.
The system-level software will bring a basic level of protection, but in many cases it is not enough. Hardware-level security is needed for protection against them
Industry 4.0 is fundamentally changing the rules of the game, according to which the market PLC overcome. Smaller cases, a higher I / O density and advanced features – success requires new strategies in order to manage the competing demands to cram more and more functionality into a smaller space.
Source: http://www.etn.fi/index.php?option=com_content&view=article&id=2550:teollisuudessa-on-kaynnissa-vallankumous&catid=26&Itemid=140
Tomi Engdahl says:
Support-focused enterprise controls: Control system triggers
http://www.controleng.com/single-article/support-focused-enterprise-controls-control-system-triggers/2ae52e760ca1cde1cb0cf496f6259eef.html
Upper-level system applications rely on movement detection circuits to produce dependable triggers when objects enter, stop in position, and exit process stations. This is part 3 in a series on standardizing development of programmable logic controller (PLC) programming for controlling discrete manufacturing processes. See 5 ways to arm a sensing trigger. Link to part 1 and 2,
Tomi Engdahl says:
Artificial intelligence for control engineering
http://www.controleng.com/single-article/artificial-intelligence-for-control-engineering/11461d91396166b8858768018c90f6f0.html
Tomi Engdahl says:
ICS cyber insecurity: Not if, but when
https://www.controleng.com/single-article/ics-cyber-insecurity-not-if-but-when/f11f941274bb5800687445105379a896.html
Think Again: A major cyber security incident will happen to industrial control systems (ICS): not if, but when. Are you and your coworkers ready? Is your organization ready? Do you have the technologies, processes, and procedures ready at every level?
Hackers are knocking at the door daily of facilities with industrial control systems, whether you choose to acknowledge it or not. When someone lets them in, how will you and your organization, customers, partners, and supply chain respond?
Some experts equate today’s cyber security maturity level to where plant floor safety was before OSHA. Ignoring risk will NOT make it go away. Get cyber security help, make multi-layered plans and policies for defense in depth, invest in technologies to promote defense by design, talk about it with employees, and encourage them to talk among themselves.
Many cyber security technologies are available. To name a few discussed at ARC Forum:
Cisco, Shell, and Yokogawa announced a collaborative effort to provide cyber security solutions for about 50 Shell facilities.
Bedrock Automation showed a defense by design automation system, with hardened backplane, I/O modules, power supplies, and programmable logic controller (PLC).
Skkynet introduced its Secure Cloud Service to enable bidirectional supervisory control, integration, and sharing of data with multiple users, and real-time access to selected data sets in a web browser. That service can securely handle more than 50,000 data changes per second, per client.
But think again if you consider technology investments enough.
Computer crimes and fraud often enter via social engineering; the weakest points often are the people behind the computers, according to David E. Nelson, FBI special agent with its cyber division. Part of his job is to help companies with intrusion detection testing in person, over the phone, and via computer; 85% of the time he’s successful. It’s hardly as spectacular as “CSI: Cyber.”
In such a test, Nelson often starts with a receptionist, like this: “This is Joe with IT. I just started last week and have been working with Larry Smith. We patched the computers last night, and yours didn’t take for some reason. I’ll send you a patch link where you can enter your username and password so we can get this taken care of right away.” Nelson said while that sounds ridiculously easy, it often works.
Another useful ploy: “I can go anywhere on site as a Verizon employee and am never questioned.” And if he were, a fake ID and believable story would be easy to produce.
Tomi Engdahl says:
Providing robust security for Industrial Control Systems (ICS) has long been a goal and frequently a mandated requirement in a variety of industrial market segments. Evolving security standards, a limited understanding of security architecture fundamentals and missing technologies to reasonably secure legacy applications has challenged the industry for well over a decade.
Recent advances in multicore processor technology, hypervisor partitioning, and embracement of the IEC 62443 security standard now provide a viable and certifiable approach for ICS systems.
Source: http://www.mentor.com/embedded-software/events/developing-industrial-control-systems-which-meet-security-and-regulatory-requirements?clp=1&contactid=1&PC=L&c=2015_03_18_esd_dev_industrial_control_sys_ws_inv2
Tomi Engdahl says:
Nobody Is Sure What Should Count As a Cyber Incident
http://it.slashdot.org/story/15/03/23/2237233/nobody-is-sure-what-should-count-as-a-cyber-incident
Despite a lot of attention to the problem of cyber attacks against the nation’s critical infrastructure, The Christian Science Monitor notes that there is still a lot of confusion about what, exactly, constitutes a “cyber incident” in critical infrastructure circles. The result: many incidents in which software failures affect critical infrastructure may go unreported.
How cyberattacks can be overlooked in America’s most critical sectors
Across some of the most crucial sectors of the American economy, there’s a lack of consensus of what exactly should be considered a ‘cyberincident’ – and whether technical mishaps, even without malicious intent, should count. That’s a problem.
http://www.csmonitor.com/World/Passcode/2015/0323/How-cyberattacks-can-be-overlooked-in-America-s-most-critical-sectors
The most critical sectors of the American economy were affected by 245 “cyberincidents” last year, according to the Department of Homeland Security. As high as that number seems, however, security experts caution the real number may be much higher.
Turns out, there’s a huge gulf between the Internet-related attacks the department’s Industrial Control System Cyber Emergency Response Team recorded for the country’s critical infrastructure – important areas such as energy, manufacturing, agriculture, and healthcare – and the true number of malfunctions, technological failures, or other happenings within those sectors.
The discrepancy comes down to widespread uncertainty of when something should be classified as a “cyberincident” in the first place.
This lack of consensus, security experts warn, may actually cause many cyberattacks on critical infrastructure to go undetected or unrecognized altogether, especially since a malicious attack could first appear like technical glitches or human error.
Generally, NIST considers a cyberincident to be any situation in which a failure in electronic communications leads to a loss confidentiality, integrity, or availability. Malicious incidents such as a distributed denial of service attack or hacking control system software certainly qualify, but its definition of “incident” is far broader than just cyberattacks or malicious actions.
What’s ‘cyber’ and what’s not
In its annual report for 2014, Homeland Security acknowledged that many malicious cyberincidents go unreported – possibly because critical infrastructure owners are wary of bad publicity, or because they determine that they have the incident under control and do not need outside assistance in managing it.
Those missed reports about malicious incidents are an important source of data about threats to control systems.
“Incidents don’t have to be malicious to cause bad things to happen,” says Weiss, managing partner at the security firm Applied Control Solutions. “In fact, nonmalicious incidents are the most probable and frequent incidents that occur.”
His list includes some of the most deadly and destructive public sector accidents of the last two decades – events that are not generally considered “cyberincidents” by NIST or within critical infrastructure circles. Among them: a 2006 emergency shutdown of Unit 3 at the Browns Ferry nuclear plant in Alabama, the 1999 Olympic Gas pipeline rupture and explosion in Bellingham Washington that killed three people and the 2010 Pacific Gas & Electric gas pipe explosion in San Bruno, Calif., that killed eight people and destroyed a suburban neighborhood.
None of those incidents are believed to be the result of a malicious attack. However, in each of them, there was a failure in Supervisory Control and Data Acquisition (SCADA) software that managed critical infrastructure. That failure contributed – directly or indirectly – to the subsequent accident. In at least one case, the SCADA failure was the primary cause of the accident.
Tomi Engdahl says:
Sonkerin also automation systems for the protection is enormous:
“Automation systems for protecting is woken up until now. In today’s Internet of Things, several automation systems are connected to the Internet. Embedded systems is not updated as frequently as traditional IT equipment and systems for a long life. Who knows what kind of holes from there can not be found? ”
Source: http://summa.talentum.fi/article/tv/uutiset/145896
Tomi Engdahl says:
Cyberphysical Security: The Next Frontier
http://www.securityweek.com/cyberphysical-security-next-frontier
Cybersecurity is positioned as a subset of information security (InfoSec): “Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and availability of data.” This hierarchy and definition, argues one of our R&D specialists, limits the role of protection to that of information (data) only.
In fact, in our industrial network experiences, we have found that commands and system controls require deeper defensive measures. Information security is just one facet, and it’s not the same as the term might imply in information technology (IT) situations.
In operations technology (OT) environments, information protection frequently requires a trade-off among the prioritization of confidentiality, integrity and availability. An example of this prioritization is user account lockout due to failed password attempts. This feature intentionally compromises availability of the system – the user gets locked out – to ensure the confidentiality of data in the case of a password brute-forcing attempt.
Industrial security policies must apply a different priority. Locking out a user account may be acceptable in an enterprise environment, but locking out those who control a gas turbine or oil wellhead during operation – especially during an emergency – is completely unacceptable. System availability and integrity is always the priority, necessitating a more sophisticated approach to access control and separation of privilege than that of an IT system of similar scope. The term cybersecurity, in these situations, must stretch beyond information security, as well as acknowledge the serious digital-physical trade-off considerations that can affect human safety.
In reality, as many a penetration tester knows, a simple USB stick coming through the control room door can present as much risk as any Internet browser. In addition, once a system within the perimeter is initially compromised, lateral movement within the system – leveraging control system specific technology and exfilteration using egress communication, such as OPC-DA – is also possible. From the control system, file shares and DNS via the enterprise can connect to the Internet, but that is not historically what the term “cyber” has implied.
The term “cyber” has been used in at least ten different variants over almost 40 years, reflecting cafes with access to the Internet (cyber cafes) to my company’s raison d’etre (cybersecurity).
Recently, academics and government institutes have started using the term “cyberphysical security” (which is not yet appearing on Ngrams, in case you were wondering). To me, cyberphysical better aligns to our Wurldtech security approach by going beyond embedded systems and “just IT” or “just OT” analysis, to holistically mitigating risk across industrial environments.
As the IEEE describes it, “In contrast to cyber security, the goal of cyber-physical security is to protect the whole cyber-physical system, which uses widespread sensing, communication and control to operate safely and reliably.” And from the National Science Foundation, it represents “engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components.”
Understanding the enormous investment in the Industrial Internet, there is no doubt that previously closed devices, systems and equipment will evolve their connectivity and sensory capabilities. And with this will come advanced levels of risk.
Tomi Engdahl says:
Industrial Ethernet Connectivity
Posted Mar 25, 2015 at 6:30 am
http://www.eeweb.com/company-blog/renesas/industrial-ethernet-connectivity
This article presents the fast and multiprotocol LSI devices as solution for industrial Ethernet connectivity in production machines, sensors, actuators and systems. It describes the improvement of industrial networks by expanding Ethernet connectivity to every system layer, as well as recognizing different industries requiring unique performance and needs for multiprotocol support.
The interview that follows covers the challenges faced by designers of the computer controlled, networked industrial equipment used to produce many types of products. It also highlights why R-IN32M3 LSI devices are destined to accelerate the proliferation of industrial-Ethernet system designs in a multitude of markets.
Underneath the top supervisory level is a controller network consisting of programmable logic controllers (PLCs), robots and motor controllers. At the bottom level of the pyramid, on the factory floor, there are the motors, sensors and actuators that perform and monitor the work that the automation system is doing.
Equipment in the top layer generally uses the standardized, well-proven Ethernet protocol that enables the Internet connectivity necessary for managing multiple facilities and automated machinery installations, while also allowing remote data gathering, productivity monitoring, failure prediction and analysis, etc. By contrast, the implementations and communications standards for the lower layers vary, depending on the firms that built the equipment. Proprietary protocols are typical.
This situation has existed for decades and often results in complex mixes of nonstandard networks. Among other things, it causes installation, maintenance and upgrade problems. It creates flexibility limitations, as well. End users in all types of industrial applications are seeking solutions to these issues.
There is a growing movement to standardize and simplify industrial networks by using Ethernet connectivity for all layers of the system pyramid (see diagram on the right in Figure 1). Using a single, well-established communication protocol to link all of an industrial system’s elements reduces costs and makes it much easier to access information across multiple factories via the Internet, among many other benefits.
Tomi Engdahl says:
SCADA & Industrial Control For Critical Infrastructure
https://www.paloaltonetworks.com/solutions/industry/scada-and-industrial-control.html
Insufficient security and unpatched, highly vulnerable legacy systems combined with a more sophisticated threat landscape targeting critical infrastructure, has made improving cybersecurity in SCADA/ICS networks more important than ever. Asset owners need to control network access, block threats, and reduce the downtime associated with security incidents. Palo Alto Networks unique approach to network traffic control, threat prevention, and central management protects your key infrastructure from cyberthreats and ensures network availability.
IMPLEMENT A LEAST PRIVILEGES ACCESS MODEL BASED ON APPLICATION, USER, AND CONTENT CONTROL
PROTECT VULNERABLE SYSTEMS FROM KNOWN AND UNKNOWN THREATS
CENTRAL MANAGEMENT FOR FLEXIBLE IT/OT ADMINISTRATION AND POWERFUL FORENSICS AND REPORTING TOOLS
AN ARCHITECTURE BUILT FOR PERFORMANCE AND AVAILABILITY
Tomi Engdahl says:
SCADA and Industrial Control Systems (ICS) Industry Solution Brief
http://www.exclusive-networks.fr/wp-content/uploads/2012/02/SCADA-ICS-Solution-Brochure.pdf
CHALLENGES
Critical infrastructure operators face
many challenges in securing SCADA/
ICS Networks
• Improving visibility to network traffic, usage and associated risks
• Protecting unpatchable critical assets from sophisticated threats
• Safely allowing external access and usage of networked applications
• Reducing incident response time and complexity
SOLUTION
Our next-generation security platform
protects SCADA/ICS networks via
• Deep packet inspection technology that provides intuitive and actionable intelligence about network traffic
• Granular control over applications, users, content, and web traffic
• Native threat prevention against both known and unknown threats
• Centralized management that expedites forensics and remediation
BENEFITS
The benefits that come with our network security platform include
• Increased situational awareness that promotes faster incident response and security policy improvement
• Least privilege access model reduces the attack footprint and promotes safe IT-OT integration and use of web/SaaS
• Tightly coupled threat protection that deters modern malware and APTs across their entire attack lifecycle
Tomi Engdahl says:
The Weapon of Choice For SCADA Protection
http://www.securityweek.com/weapon-choice-scada-protection
Here are the ways to leverage a next-generation firewall to protect a SCADA network:
• Networks can be built with a “SCADA” security zone that is isolated and segmented from the rest of the network with a next-generation firewall.
• Access into the SCADA zone can be authenticated by user, not IP address. The ability to tie security policies to user identity provides not only appropriate access to the zone but also a reporting, auditing and logging trail. Non-authorized users are denied. Complementary always-on SSL VPN connectivity can be deployed for users to securely access the SCADA zone.
• Access to specific SCADA applications such as Modbus, DNP3 and ICCP can be safely enabled based on the actual application, not by ports. This eliminates the risks of having to manage multiple open ports that threats may traverse. Management or backdoor applications like RDP and Telnet can be strictly controlled and allowed only for specific users.
• A complete vulnerability protection framework can be deployed to inspect all of the traffic traversing the SCADA zone for exploits, malware, botnet and targeted threats. In particular, protection for SCADA-specific vulnerabilities can be enabled. The ability for next-generation firewalls to understand all traffic across all ports all the time means that evasive, port-hopping threats, encrypted threats can still be identified.
Additional security best practices that should be implemented to complement the next-generation firewall deployments in SCADA networks include organizational processes, such as the establishment of on-going risk-management procedures, routine self-assessments, periodic security audits and reviews.
The ability to have greater visibility, more effective protection and integrated logging and reporting on the next-generation firewalls will make the protection of SCADA networks a much more operationally efficient endeavor. It’s a weapon of choice even Jason Bourne would appreciate.
Tomi Engdahl says:
Hacks on critical infrastructure are more common than you think
54 percent of American firms have seen ‘attempts to manipulate their equipment’
http://www.theinquirer.net/inquirer/news/2402978/hacks-on-ciritcal-infrastructure-are-more-common-than-you-think
HACKERS WHO SEEK to destroy, rather than steal, important data and launch attacks on systems that control major critical infrastructure are more common than widely believed, a report from the Organisation of American States has revealed.
The report was given to Reuters ahead of publication and quoted the results of a poll of critical infrastructure companies and agencies in crucial sectors throughout North and South America.
Almost a third of the respondents were public entities, principally in the communications, security and finance industries.
The figures show that 40 percent of the organisations that responded had battled attempts to shut down their computer networks, while 44 percent had dealt with bids to delete files.
A disturbing 54 percent of those surveyed had encountered “attempts to manipulate” equipment through a control system.
Even more worrying is that just 60 percent of the 575 companies polled had detected any attempts to steal data, long considered the predominant hacking goal.
The report suggests that cyber attacks on infrastructure are not so widely known, but they are certainly not unheard of.
Tomi Engdahl says:
Household and industrial intelligent systems in the firing line
Industry and home automation systems is increasingly more unprotected on the Internet. Information security general practices and principles do not necessarily apply automation systems, as they are sensitive entities. In addition, the automation of its effects in the physical world require extensive risk assessment.
Automation system means the personnel, equipment and computer software of a package, which regulates some of the physical world or in the process of collecting and present information about it.
Most of the additional benefits of automation systems is obtained by connecting them to data networks, in which case they can be remotely managed and their activities can be real time information.
Many smart devices can be considered home automation systems. Automation system means the personnel, equipment and computer software of a package, which regulates some of the physical world or in the process of collecting and present information about it.
Poorly protected home automation systems for controlling the fraction of men can choose their objects of apartments, whose inhabitants are, for example, traveling. In particular, burglar alarms are often connected to the Internet, either directly or through a mobile network.
Building automation system means building equipment controlling information technology. Typically, systems control the ventilation, heating, lighting or automatic access control. The traditional data networks uncoupled building automation the security of information can take care of alone mode security. If the system is connected to the network, there will be cyber expose the surface. Building automation devices are used in a variety of buildings, single-family houses to large commercial real estate.
Potential attackers to building automation systems of interest not only of the physical preparation of a burglary useful information in the system use the data break as an intermediate step.
Industrial automation systems enhance the productivity of work.
Industrial automation systems have been part of the corporate information systems for the past twenty years. Blending is done on the Internet nowadays often used techniques. It is on the one hand to facilitate the implementation of the systems, but also against those attacks and allow the abuse.
The direct cause damage there is only one possible cyber attacks target. Industrial automation systems also contain a lot of confidential information, which can be a valuable to industrial spying.
Industrial automation, information security special features include:
Many serious disturbances in the direct effects of the physical world. Improperly functioning automation system may cause irreversible damage to the environment, for example.
Automation systems, long life cycle and special software. Old hardware and software development is not taken into account in the modern networked world set of security requirements.
To securing the necessary additional arrangements require the application of the protected system. It may not carried out correctly compromise the protected system reliability.
Different groups of users and uses. Automation systems activities are an integral part of the whole work community. The changes must be carefully considered.
Automation systems, information security special feature can also be considered that they have been conceived in a closed system. Therefore, information technology attacks against them have not been considered probable.
Source: https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2015/03/ttn201504011647.html
Tomi Engdahl says:
IT + OT = IoT
A lot riding on things
http://iot.kontron.com/spanning-it-and-ot/it-ot-iot
On the industrial IoT, the stakes are high. Applications often control expensive equipment, essential to the operation of a business. Safety of both employees and the public is paramount. Decision-making with the best information available in real-time reduces inefficiency and increases profitability.
With everything connected in industrial IoT applications, the boundaries between an information technology (IT) and operational technology (OT) network become physically non-existent. Security, availability, and scalability are achieved by integrating IoT capability into IT best practice, virtually managing devices and configurations while maintaining real-time awareness.
At the edge where the digital universe meets physical objects is where OT takes over. Reliability and real-time performance are assumed, but there is more to the IoT. Devices need to be added as the installation grows, or upgraded over their lifetime – either by physical replacement, or by over-the-air (OTA) software updates. Applications should be modular and separable, deployable without adverse effects on the rest of a system under operation.
Tomi Engdahl says:
Need for better security: SCADA/HMI connecting with mobile Internet
http://www.controleng.com/single-article/need-for-better-security-scadahmi-connecting-with-mobile-internet/30fbd5e4a208265f207d4f0a1af1c751.html
Control Engineering China (CEC) interviewed Marcia Gadbois, vice president and general manager of InduSoft, on SCADA/HMI development, factory intelligence, and the company’s recent merger.