SCADA Articles on SCADA World

Protecting ICONICS GENESIS SCADA HMI System from Security Vulnerabilities

2011-05-09 16:37:23views: 794Joel Langill CSO,

Protecting ICONICS GENESIS SCADA HMI System from Security Vulnerabilities

Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products (the complete list of vulnerabilities and companies is provided in the earlier article). Eric Byres and Joel Langill have tested the vulnerabilities and today they are releasing a White Paper that analyses the ones regarding ICONICS GENESIS32 and GENESIS64 products. The paper summarizes both the current known facts about the vulnerabilities and the actions that operators of SCADA and ICS systems can take to protect critical systems. While there are no known viruses, worms, attack tools or automated exploit modules using the ICONICS GENESIS vulnerabilities, they do represent a significant threat. At a minimum, they can be used to crash a server, causing a denial-of-service condition and loss of view in the control system. More serious consequences could occur if an experienced attacker exploited them to gain system access and then injected additional payloads or malicious code into key control system servers.

Though these vulnerabilities do not compromise any mechanical or process equipment directly, subsequent payloads could be used to damage the underlying plant, including equipment sabotage. The White Paper provides six actions (also known as compensating controls) that users of ICONICS GENESIS products should take to protect their systems. Operators of other HMI products are advised to consider similar measures. You will have to download the paper to read all the recommendations, but there is one aspect of the vulnerabilities that is important to understand - any malware or attack exploiting these vulnerabilities would be difficult to detect or prevent since they would be using "valid" communications with the targeted server. Interestingly, this was also a feature of Stuxnet – that worm made use of the same protocols that the Siemens PCS7 systems used for normal communications, allowing the worm to “stay under the radar” and not be detected.

In a typical ICS network environment, additional risk comes from the fact that once inside the primary ICS firewall, any device on the network can send messages that exploit the vulnerabilities. For example, a contractor laptop with no valid reason to access the GENESIS computers could still send messages to the vulnerable servers if it is attached to the control network. If the laptop was infected with a worm designed to exploit these vulnerabilities, a successful attack would be trivial. For this reason, I am recommending that industrial firewalls are installed in-line between the GENESIS host computer and the nearest switch. Specifically, an industrial firewall is recommended, due to the high-risk exposure of these services from both less-trusted remote networks and from the local and trusted control system network.

The firewall should be configured with a rule set that allows traffic only from authorized GENESIS hosts using the specific services/ports needed for the ICONICS product to operate. In case you don’t know what ports are in use by the GENESIS system (or even what TCP ports are), a firewall with automated learning features is highly recommended. The Tofino Security Appliance installed with the Tofino Firewall and Tofino Secure Asset Management LSMs (Loadable Software Modules) is specifically designed to provide this level of protection from unknown threats. If OPC communication is used in the control network, then the Tofino OPC Enforcer LSM is also recommended.


SCADA Articles

Using Free Tools To Detect Attacks On SCADA Networks
2015-05-09 14:28:25views: 1740

ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations. Operators at Natanz nuclear facility in Iran might well have caught Stuxnet before it spread and sabotaged operations at the plant if they had been watching the wires for anomalous network traffic, a pair of ICS/SCADA experts say.

Hackers gain full control of critical SCADA systems
2015-05-09 14:04:07views: 1806

Russian researchers have found vulnerabilities in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. The vulnerabilities were discovered by researchers who over the last year probed popular and high-end ICS and SCADA systems used to control everything from home solar panel installations to critical national infrastructure.

SCADA Attacks Double in 2014
2015-05-06 07:17:15views: 1620

Annual threat report from Dell Security shows not only a significant surge in the number of attacks on retail credit card systems, but industrial SCADA systems as well, which are much more likely to go unreported.
For Dell to report an annual surge in point-of-sale (POS) attacks aimed at payment card infrastructures might not be such a surprise to people who pay any attention to the news.

The Industrial Software Revolution Begins Now
2013-10-16 11:33:59views: 2193

Invensys is kicking off the conference “The Industrial Software Revolution Begins Now” and underscoring the ‘revolution’ concept with the release of its Wonderware InTouch 2014 and Wonderware System Platform 2014 software.

Integrating Video into HMI/SCADA
2012-06-29 10:19:55views: 2492

The useful integration of video with industrial control systems has been a reality for a few years, but a burst of applications and installations is on the horizon. Cheaper bandwidth, wide availability of Internet protocol (IP) cameras, and greater familiarity with industrial Ethernet networks seem to be driving user interest.

AdvancedHMI - a different approach to HMI development
2012-06-14 10:46:48views: 1793

AdvancedHMI base package is a free software used to build HMIs that display information residing in a PLC. You will find it to be one of the fastest platforms to build an HMI with. The software takes advantage of the Visual Basic .NET development environment so effort is focused on the core software and not reinventing a development environment.

Web Services and SCADA
2012-06-12 23:06:33views: 1372

Web services can be another method for connectivity to SCADA and MES systems. They can retrieve tomorrow's weather, the price of stocks or commodities, the time of sunrise and sunset, and a slew of other publicly-available resources.

SCADA virtualisation with WinCC Version 7
2011-12-21 12:01:11views: 1312

As automation solutions become increasingly complex, it follows that the effort required to maintain both hardware and software will also increase. PCs must be provided with suitable specification and operating systems to support the applications.

Cloud-Based SCADA Systems: The Benefits and Risks
2011-12-20 22:57:31views: 929

Cloud computing is a hot topic. As people become increasingly reliant on accessing important information through the Internet, the idea of storing or displaying vital real-time data in the cloud has become more commonplace. With tech giants like Apple, Microsoft, and Google pushing forward the cloud computing concept, it seems to be more than just a passing trend.

An alternative to DCS or PLC/SCADA
2011-10-04 13:46:22views: 875

Traditionally, users have had a choice between a DCS or a PLC/SCADA approach when selecting a control system for use in process control applications. A key benefit of traditional DCSs was that the suppliers took a ‘systems approach’ and it was designed for large scale applications.