A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.

A relatively minor glitch in Florida’s electrical grid somehow triggered a chain reaction on February 26, 2008 that caused a nuclear plant to shut down

Operators at the Browns Ferry Nuclear Plant in Alabama were forced to do an emergency shut down after network packet storms caused the drives operating the recirculation system to fail last August.  The network storm impacted both the primary and back-up systems.

The news of an FBI report of a foreign hacker penetrating security at a Harrisburg, Pa. water filtering plant bring the total of ISID and WaterISAC recorded incidents against water systems to ten.

A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with Nato urgently examining the offensive and its implications.

A teenage boy who hacked into a Polish tram system used it like “a giant train set”, causing chaos and derailing four vehicles.

So you don’t think that your company’s manufacturing or SCADA data is valuable to anyone else? Read this fascinating tale of how Schwan’s used production information from a Kraft plant in Sussex, WS. to reshape the store-bought pizza market. It wasn’t cyber driven, but it sure could have been

Communications in Computer and Information Science - Computer Network Security, Proceedings of the Fourth International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, St. Petersburg, Russia, Springer, 2007, pp. 213-227.

The majority of control system cyber threats are unintentional, as discussed in this article that summarizes data from the Repository of Industrial Security Incidents (RISI).  Tips on how to start reducing the risk of cyber threats are provided.
ARTICLE SUMMARY:
Authors: John Cusimano, Director, Exida Security Services Division and Eric Byres, Chief Technology Officer, Byres Security.
Could Cyber Terrorists Attack Our Company?
Maybe, but perhaps this isn’t the best question to ask. When cyber-related events cause outages and plant shutdowns—whether they were caused by accident, employee, hacker or terrorist—the first question should be, “What made our system unstable and susceptible, and what can we do to prevent it from happening again”?
Some recent headlines have read: “Electricity Grid in U.S. Penetrated By Spies,” “China and Russia Hack into U.S. Power Grid,” “Russian Hackers Vandalize BTC Pipeline Data Servers,” and most recently, “CIA Director Says Cyber Attack Could Be Next Pearl Harbor.” With news like this how can anyone sleep at night?
The reality is that most of what is published regarding control system cybersecurity in mainstream media is over-dramatized. While the scenarios painted in these stories may be valid, they are often void of detail regarding these so-called incidents. The result is that the government, public, media and control system operators can end up focusing on possible “long shot” perpetrators and not on the very real day-to-day risks of modern network-based control systems…..

InTech Magazine, December 2007

Over the past 10 years, the industrial controls (IC) world has borrowed substantially from the world of information technologies (IT)

InTech Magazine, January 2005.  (Winner of the 2005 ISA Keith Otto Award)

The move to open standards is letting hackers take advantage of the control industry’s ignorance

SafetyBase.com, October 2009

Traditionally, safety and security in process control adhered to a philosophy of separate but equal. Today, that approach is changing.

InTech Magazine, October 2007

Anyone reading InTech over the last five years will have seen many articles on the need to secure control systems from cyber attack.  Nearly all include descriptions of actual security incidents that will concern even the most hardened control specialist.

5th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November 2006.

The recent introduction of information technologies such as Ethernet® into nuclear industry control devices has resulted in significantly less isolation from the outside world. This raises the question of whether these systems could be attacked by malware, network hackers or professional criminals to cause disruption to critical operations in a manner similar to the impacts now felt in the business world.

In this second whitepaper of the OPC Security Series, we describe the vulnerabilities typically found in OPC hosts, based on OPC’s current architecture and the typical underlying operating system. We also investigate common misconfiguration vulnerabilities found in OPC server or client computers both at the operating system and OPC application level. Finally, using these vulnerabilities, we propose four possible risk scenarios for OPC-based attacks.

This sample of scenarios suggests several interesting conclusions. First, they highlight the fact that attacking OPC deployments does not require special skills or esoteric process controls knowledge. All the tools and information needed to carry out attacks can be downloaded from the Internet.

The second conclusion is that two core vulnerabilities, namely excessively open firewalls and overly permissive DCOM access rights, lay at the heart of many scenarios. If either vulnerability is addressed, then the chance of these scenarios occurring is significantly reduced. What is especially interesting is that these vulnerabilities could be considered within the control of the knowledgeable OPC end user. Finally, since the typical OPC host configuration is strongly influenced by the guidance provided by the software vendor, we discuss the quality of installation utilities and guidance provided to end-users by the OPC vendor community. In general, we find that the guidance from vendors on OPC security could be significantly improved.

The good news is that there are well-proven operating system hardening practices in the IT security community which we believe can be adopted by the controls community to significantly reduce these risks. In addition, there are a number of DCOM specific security settings that can also be applied by the knowledgeable end-user.

Plant Engineering, October 2009

As a relative newbie to the world of control system cyber security (who isn’t?) but an old-timer to control system functional safety, there are two things I have noticed. One, the best performing companies approach safety and security as an engineering discipline. Two, they maintain discipline by having a deeply embedded safety and security corporate culture.

E.J. Byres, J.Cusimano; “Safety and Security: Two Sides of the Same Coin.” ControlGlobal , April 2010
“According to Merriam-Webster, the primary definition of safety is, “the condition of being free from harm or risk.” This is essentially the same as the primary definition of security, which is, “the quality or state of being free from danger.” However, another definition for security is, “measures taken to guard against espionage or sabotage, crime, attack or escape.”
Using these definitions, we can better understand the relationship between safety and security. The relationship is such that a weakness in security creates increased risk, which in turn creates a decrease in safety.  As a result, safety and security are directly proportional, but both are inversely proportional to risk.

Not that long ago, the move towards “open systems” and the resulting incorporation of off-the-shelf technologies represented a huge step forward in control system design. System integration became easier, product development by manufacturers was accelerated, and training leveraged common tools and concepts. While the benefits have been tremendous, open technology has made control systems open to security vulnerabilities, putting production and human safety at risk. Nothing has made that risk more evident than the Stuxnet virus which has made headlines since it was discovered in July 2010. Countering these threats requires organizations to develop a better understanding of their process control system security risks and how to address them. In this webinar, we will discuss the seven things that every plant manager and automation professional should know about industrial control system security. We will also discuss how to apply best practices from standards such as ISA 99.02.01 to mitigate these risks.

InTech Magazine, January 2006

To ensure the safety and security of the process, company, and staff, find the vulnerabilities and break a negative chain of events

InTech Magazine, March 2005

Corporations and PCN vendors are incapable of taking action to improve the security posture of the current or future process environments without specific solution requirements. Just saying “we need firewalls and encrypted SCADA protocols” is not enough.

CONTROL Magazine, December 2007

We will probably never know how the Slammer worm made it into this facility, but the fact is that once the worm was on the inside, it found a very soft target and really could begin to do its worst

CONTROL Magazine, January 2008

The average corporate desktop is far more secure than the average PLC, yet the PLC is the asset that is far more valuable to company.

This whitepaper provides an overview of the widely-used industrial communication standard and how it is actually used in industry. Based on the results of end-user surveys and interviews, it shows that the way OPC is being used may be putting the operations of major industries at risk. Companies are using it for mission-critical applications, operating it over potentially insecure networks, and don’t understand how to secure properly.

Over a quarter of the end-users surveyed reported that loss of OPC communications would result in a shutdown of their company’s production. While a few users remarked that they had deliberately structured their systems to minimize any safety and operational effects if loss of OPC-based information should occur, others stated the opposite.  “We control the motor drives by OPC with the DCS. If we lose the OPC, we stop the production!”

The other bad news is that approximately 20% of the companies reported deploying OPC over the site business networks and corporate Intranets, and 12% used OPC over the Internet, most without encryption. Since these networks are often connected to the Internet, they are inherently less secure than the control networks found on the plant floor. The use of OPC over non-control systems networks leads to the distinct possibility of DCOM-based attacks disrupting critical operations.

In this third whitepaper of the OPC Security Series, we outline how a server or workstation running OPC can be secured in a simple and effective manner.

Typically, this “hardening” must be conducted in several stages. First the operating system (typically Windows) needs to be “locked down” in such a manner that will make it less susceptible to common O/S based attacks. Next, the specific OPC components must be hardened using the OPC and DCOM configuration tools found in Windows.  Unfortunately, completing this stage successfully is more complex; our testing indicated that there are a number of OPC applications that do not properly follow the DCOM specifications for Windows software.

Next, the system needs to be tested to ensure these changes still allow all OPC applications to function correctly. Since we found a number of cases where OPC vendors were not respecting DCOM security settings and requirements, this testing is critical before any security settings are deployed on live production systems. Lastly, verification of the fortifying effort is required to ensure no serious security holes have been left open.

These stages are expanded upon in a detailed Action Plan for Hardening OPC Hosts within this report. Specific examples are also provided for each task. In all, we believe by following these guidelines, the typical controls technician will be able to create a more secure and robust OPC deployment on their plant floor and OPC can continue to grow as a valuable solution in industrial data communications.