Monday, March 17, 2014

Critical Stuxnet-level Vulnerabilities Discovered in UK Power Plants

It was reported on Friday that three critical vulnerabilities were discovered in UK power plants.

"The security and integrity of Industrial Control Systems (ICS) should be a global concern," said TK Keanini, chief technology officer of Lancope. "The reality is that if these systems were ever vulnerable and reachable via the Internet, they are likely already compromised – simple as that.  Not only should these companies patch the system but care should be taken to investigate the systems integrity. Advanced malware can sometimes install itself and fooling the patching software into thinking it has already been patched – like a Jedi mind-trick "These are not the droids you are looking for" manner.

"Infiltration of these systems is just one step of the larger picture. These industrial facilities must also make it harder for the adversary to remain hidden as they perform their operations. Raising the cost for your adversary to operate is the critical factor these days as infiltration is almost inevitable. Remember the people attacking these ICS systems are the type of people who do not want to be identified."

"These are critical vulnerabilities that allow a remote attacker to gain complete control over systems running Yokogawa CENTUM CS3000 by sending just a few packets to the vulnerable system," said Tom Cross, Lancope's director of security research. "The availability of functioning exploits in the Metasploit framework means that its easy for attackers to target these vulnerabilities. It is extremely important that operators of Yokogawa CENTUM CS3000 install the available security updates immediately.

"It's important to emphasize that the software that controls industrial plant facilities can have serious security vulnerabilities just like any other kind of software. Although we like to think that these systems aren't connected directly to the Internet, it has happened, and often, there are indirect links through back office networks that exist because of the need for the business to monitor its plant operations. Ultimately, its valuable for vulnerabilities like these to be discovered, disclosed, and patched. Identifying and fixing vulnerabilities is part of the process of making these systems more resilient to attack. Frankly, there is much more work to be done in the Industrial Control Systems area before we can have a high degree of confidence that these systems are well protected."

For more on ICS and SCADA security, see these books and articles:

Handbook of SCADA/Control Systems Security

Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS

Smart Grid Security: An End-to-End View of Security in the New Electrical Grid

Security and Privacy in Smart Grids

"SCADA Security: What Is an Industrial Control System?"

"SCADA Security"