Archer

This critical industrial device is a target for hacking

You rely on PLCs for your water, your gas, your drive to work and more.

Now hackers are focusing on these critical industrial devices — programmable logic controllers — to see how they can break in and do damage.

White hat hackers hope they can find the security holes before attackers get in to the PLCs — and take them over or shut them down.

Watch here:

What PLCs Do

A clean car.

A full tank.

Fresh coffee.

A green light.

All thanks to PLCs, or programmable logic controllers, small computers that translate your computer commands into physical action in the real world.

“You can’t drive to work in the morning without running into a PLC doing something for you,” said Daniel Lance with cybersecurity company Nozomi Networks. “People don’t realize how much they do for us.”

But researchers around the world are finding more security holes in PLCs.

For example, reports of new PLC vulnerabilities came out in January, AprilMayAugust and November.

And if attackers use these vulnerabilities to get in, some say the results could be catastrophic.

 

PLC or programmable logic controller
An example of a PLC for industrial control systems such as chemical, oil and gas, and power plants. Image: ETAJOE/iStock

Life Without PLCs?

It’s not just a dirty car and stale coffee.

PLCs help run water plants, power plants and factories that process your food, among many other things.

“In the absence of their ability to function, you don’t have traffic lights. You can’t get a glass of water in the morning,” explained Lance. “They’re embedded into everything we do. Every time we interact with the physical world or we use some type of utility, they’re going to be impacting us if they’re not available.”

Trending Up

The number of security holes reported in industrial machines is going up year after year, according to Trend Micro.

Kaspersky Lab counted 47 vulnerabilities found in PLCs last year alone.

“It’s very important that we find all of these issues in advance of the attackers finding them,” said Lance.

 

Traffic lights often use PLCs
Traffic lights are often controlled by PLCs. Image: LEMANN to/iStock

Advisory

The Industrial Control Systems Computer Emergency Response Center, or ICS-CERT, released an advisory today about a PLC vulnerability reported by researcher Ali Abbasi with Ruhr-Universität Bochum in Germany.

The advisory says an attacker with low skill level could control the Siemens S7-1200 CPU PLC used in critical infrastructure sectors like chemical, critical manufacturing, energy, food and agriculture, water and wastewater systems.

 

An image of the Siemens SIMATIC S7-1200 PLC. Image: Siemens

Siemens gave Archer News a statement.

“Siemens is aware of the research from Ruhr University concerning hardware-based special access in SIMATIC S7-1200 CPUs.  Siemens experts are working on a solution to resolve the issue.  Siemens plans to publish further information regarding the vulnerability with a security advisory.  Customers will be informed using the usual Siemens ProductCERT communication channels (e.g. the ProductCERT website at https://www.siemens.com/cert),” the statement said.

Siemens released a security advisory on November 12.

“Generally, when attackers target a network, they take an attack path of least resistance,” Abbasi told Archer News.

“Various security shortcomings within PLCs, combined with the increasing number of protection mechanisms deployed in general-purpose computers, make PLCs among the least resistant machines within an ICS [industrial control systems] network,” he added.

 

Researcher Ali Abbasi presents research about PLCs and industrial device security at S4 Europe in Vienna in 2017. Image: S4 Events

More Connected

Why are these crucial machines so vulnerable?

They came into use in the 1960’s, when factories, power plants and industrial systems were not connected to the Internet.

Now, just about everything is connected — and hackable.

Updates

With your phone or your laptop, you can apply an update as soon as you get it.

But with industrial computers, an update could shut down water, power or production, at a cost of thousands of dollars.

Some companies choose not to update, or patch, their devices, to keep the systems running.

“This means that it is not unusual to find a PLC device in a plant that has an old known vulnerability,” Abbasi said. “This situation makes PLC devices interesting targets for attackers.”

 

industrial plant
Factories, power plants and other industrial facilities use devices like PLCs to automate processes that were once manual. Image: Danielazoc is/iStock

On the Attack

Researchers are likely not the only ones looking for PLC vulnerabilities.

You might ask, if attackers are finding these PLC security holes, too, why aren’t they shutting down industrial systems, like gas and water or food production?

We asked researcher Roee Stark, who presented the PLC vulnerability he found in Rockwell CompactLogix PLCs at the S4 cybersecurity conference in Miami in January.

 

Rockwell CompactLogix PLCs. Image: Rockwell Automation

He referred us to his company, Indegy.

His colleague, Senior Director of Product Marketing Michael Rothschild, said attackers may be holding on to potential PLC attacks like a ‘nuclear button,’ something they can use in case of extreme situations, like war.

“We know the nuclear capacities of many countries,” he told Archer News. “Thank God there has never been an incident, a real incident, of a nuclear attack and retaliation.”

And with PLCs, the building blocks that run our world and could cause damage or even death if manipulated the wrong way?

“Thank God nobody has ever really rolled out that full potential of what could happen if you disable the wrong thing at the wrong time,” he said.

Fixes

In today’s advisory, the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, recommends organizations take steps to protect their PLCs.

They should:

* Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

* Locate control system networks and remote devices behind firewalls, and isolate them from the business network.

* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

 

See also “What is a PLC?”

 

Main image: Traffic lights in fog. Traffic signals are often controlled by PLCs. Image: ans on/iStock



Leave a Reply