Check out all of our upcoming events

Blog

Get news about our products, which events we are attending plus industry insights and commentary

ICS Networks: How secure are they?

on Monday, 19 August 2019. Posted in Cyber

ICS Networks: How secure are they?

A major topic discussed at BlackHat 2019 was the vulnerability and attack vectors exposed in Industrial networks, which also gave an eye opening insight into the possible repercussions of a successful attack.

Industrial Control Systems (ICS) covers a wide range of machinery including anything from factory conveyor belts and fraction distillation sensors to CNC equipment.

Nearly all of these devices and their sensors are connected the internal network in some way to give statistical feedback, maintenance information or to obtain configuration information. Some of these sensors and devices are even connected to the internet to allow remote management in an ever expanding and distributed industry, making an IOT network stretching across the globe. This is often referred to as Industrial IOT, IIoT or Industry 4.0 which is predicted by 2020 to reach 20.8 billion connected devices Barracuda.

However the connection to the network and the internet can make this technology a perfect surface area for attack and with a large majority of these systems being mission critical, a successful attack can cost the industry Billions or bring a country’s industrial production process’s to its knees.

Attack Vectors

A physical access attack would be the most efficient attack vector for already established networks. Presence on the physical network allowing for the visibility of the internal traffic moving across the network, showing protocols moving from machine to controller and back again passing the earlier mentioned information.

As shown in the grab of the Wireshark trace conversations from an ICS network (Figure 1), the conversations are loud and plentiful, with a good percentage being made up of Modbus protocol traffic which is a commonly used TCP communications protocol between controllers and industrial sensors and devices.

Figure 1 - Wireshark trace conversations from an ICS network

A very simple way cause a denial of service to this type of network would be to aggressively scan the endpoints on the network. Although not the most subtle technique, it is relatively effective, potentially disrupting the communication between endpoints and their controllers and bringing a stop to production.

Another area of vulnerability is the Human Machine Interface (HMI), these direct user interfaces to the machines mostly run embedded Windows operating systems (a lot of which are quite old and possibly minimally patched) and this allows a whole host of pre-written vulnerabilities via exploit frameworks.

What does this all mean??

The Operational Technology (OT) industry has a lot of surface area for attack and has mostly gone unchecked and unchallenged in their security practices. This piece highlights only one possible attack vector with many more viable methods available.

As Industry 4.0 approaches and IT and OT environments converge, this sector needs more focus and support on its Cyber Security because this is a hugely lucrative and effective target for hacktivist groups trying to disrupt production, cyber-criminal groups looking to gain data to sell on the dark web or APTs to potentially undermine our Critical National Infrastructure.

Leave a comment

You are commenting as guest.

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.