A backdoor vulnerability in Programmable Logic Controls has been uncovered by Reid Wightman from security firm ioActive and the Industrial Control Systems team from the US Department of Homeland Security has asked the vendor for confirmation & to identify mitigation.
The vulnerabilities are within the embedded code supplied by German firm 3S-Software CoDeSys and pre-loaded on over 200 PLCs. Hackers can:
- Exploit the software weakness and obtain a shell directly on the PLC without password authentication. The protocol uses TCP to gain access to the command-line interface.
- A hacker with the basic understanding of PLC control & command syntax can transfer files to and from the PLC, be it relay ladder logic or any other type of IE 61136 code. They'll be able to stop, start, reset PLC programs, dump the PLC memory and get information on all tasks. They can even set & delete passwords and more.
Cyber Attack on a PLC
Here's a list of PLCs that run the vulnerable code.
Direct attacks on PLCs became apparent in 2010 when the Siemens PLCs at the Iran Nuclear facility were supposedly sabotaged from a state sponsored attacked. Control system engineers have had two years to beef up security and prepare for more sophisticated cyber-attacks that target industrial control systems, not just the industrial IT network.
Get Defensive with Mitigation Procedures
- Try to minimize the PLC to internet exposure. Basic security means that PLC should not be connected directly to the internet; however, if malware has already infected the control systems network, the hacker already has access to the PLC.
- The industrial control system should be segregated from the business & enterprise network either directly or via a firewall. All firmware & software should be fully upgraded.
- Try to minimize or eliminate remote access. If remote access is necessary, use secure methods such as VPN & proper authentication. Access should be for authorized people only.
- Institute intrusion prevention software that puts a 'security envelope' around the runtime code and requires authentication before any changes can take place.
Before Making Upgrades
Control systems engineers should already have a contingency plan in place for instances where the network is compromised. However, an impact analysis and risk assessment should be done before making any defensive measures are taken.
If any of these PLC are controlling critical infrastructure such as pipelines, machine control, cooling systems or even nautical systems, public safety is put in jeopardy. It's the role of the control system engineer to assess risk and take appropriate actions to protect both people and equipment from cyber-attacks.
The one who controls the industrial PLC is the one who controls the safety & management of the infrastructure.
Contact us about security your industrial control system and infrastructure.