The global site of the UK's leading magazine for automation, motion engineering and power transmission
17 September, 2018

Product and Supplier Search

Facebook

US security firm releases tools that exploit PLC weaknesses

05 March, 2012

Concern about the vulnerability of industrial control systems to cyber-attacks has grown after a US specialist in control system security, Digital Bond, published tools that could be used to exploit weaknesses in PLCs from GE, Koyo, Rockwell Automation and Schneider Electric. One of the tools targets the Ethernet/IP protocol and could affect any device using the protocol, allowing attackers to crash or restart these devices remotely.

Digital Bond says it posted the information to raise awareness about control system vulnerabilities. CEO Dale Peterson says that he has warned controls manufacturers about the vulnerabilities, but they have not addressed the problems adequately. He published the tools “as a kind of shock therapy” to force the manufacturers to deal with the problems.

The day after Digital Bond published the tools, the US Government’s Industrial Control Systems Cyber Emergency Control Team (ICS-Cert) issued an alert, warning of “multiple” threats that are “combining to significantly increase the risk to ICSs” (industrial control systems.

“Hacktivist groups are evolving and have demonstrated improved malicious skills,” ICS-Cert reported. “They are using specialised search engines to identify Internet-facing control systems, taking advantage of the growing arsenal of exploitation tools developed specifically for control systems.”

Control system owners “should take these changes in the threat landscape seriously,” ICS-Cert continued, advising them to take “immediate defensive action to secure their systems using defence-in-depth principles”.

Users “should not assume that their control systems are secure or that they are not operating with an Internet-accessible configuration,” ICS-Cert warned. Instead, they should “thoroughly audit their networks for Internet-facing devices, weak authentication methods, and component vulnerabilities.”

ICS-Cert named two search engines – Eripp and Shodan – that can be used to find Internet-connected control devices. “Combining these with easily-obtainable exploitation tools, attackers can identify and access control systems with significantly less effort than ever before,” it cautioned.

ICS-Cert is encouraging control system owners to use these search engines to audit their own IP (Internet Protocol) addresses. If they find their equipment linked to the Internet, they should remove these items from direct Internet access “as soon as possible”.

♦  A Dutch cyber-security researcher has warned that hackers could flood low-lying parts of his country by accessing Internet-connected systems that the control vital pumping stations and sluices designed to stop areas of the Netherlands that lie below sea level from being inundated by the North Sea. The researcher, Oscar Kouroo, found that the control systems were listed on the Shodan search engine.




Magazine
  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here

    To see the latest Products & Services Directory, click here

     

Exhibition

Birmingham 2020The next Drives & Controls Exhibition and Conference will take place in Birmingham, UK, from 21-23 April, 2020. For more information on the event, visit the Show Web site

Poll

"Do you think that robots create or destroy jobs?"

Newsletter
Newsletter

Events

Most Read Articles