This critical industrial device is a target for hacking
- November 14, 2019
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyberattack, Cyberattack, Hacking, Industrial Control System Security, Posts with image, Power Grid, Power Grid, Vulnerabilities
You rely on PLCs for your water, your gas, your drive to work and more.
Now hackers are focusing on these critical industrial devices — programmable logic controllers — to see how they can break in and do damage.
White hat hackers hope they can find the security holes before attackers get in to the PLCs — and take them over or shut them down.
What PLCs Do
A clean car.
A full tank.
A green light.
All thanks to PLCs, or programmable logic controllers, small computers that translate your computer commands into physical action in the real world.
“You can’t drive to work in the morning without running into a PLC doing something for you,” said Daniel Lance with cybersecurity company Nozomi Networks. “People don’t realize how much they do for us.”
But researchers around the world are finding more security holes in PLCs.
For example, reports of new PLC vulnerabilities came out in January, April, May, August and November.
And if attackers use these vulnerabilities to get in, some say the results could be catastrophic.
Life Without PLCs?
It’s not just a dirty car and stale coffee.
PLCs help run water plants, power plants and factories that process your food, among many other things.
“In the absence of their ability to function, you don’t have traffic lights. You can’t get a glass of water in the morning,” explained Lance. “They’re embedded into everything we do. Every time we interact with the physical world or we use some type of utility, they’re going to be impacting us if they’re not available.”
The number of security holes reported in industrial machines is going up year after year, according to Trend Micro.
Kaspersky Lab counted 47 vulnerabilities found in PLCs last year alone.
“It’s very important that we find all of these issues in advance of the attackers finding them,” said Lance.
The Industrial Control Systems Computer Emergency Response Center, or ICS-CERT, released an advisory today about a PLC vulnerability reported by researcher Ali Abbasi with Ruhr-Universität Bochum in Germany.
The advisory says an attacker with low skill level could control the Siemens S7-1200 CPU PLC used in critical infrastructure sectors like chemical, critical manufacturing, energy, food and agriculture, water and wastewater systems.
Siemens gave Archer News a statement.
“Siemens is aware of the research from Ruhr University concerning hardware-based special access in SIMATIC S7-1200 CPUs. Siemens experts are working on a solution to resolve the issue. Siemens plans to publish further information regarding the vulnerability with a security advisory. Customers will be informed using the usual Siemens ProductCERT communication channels (e.g. the ProductCERT website at https://www.siemens.com/cert),” the statement said.
Siemens released a security advisory on November 12.
“Generally, when attackers target a network, they take an attack path of least resistance,” Abbasi told Archer News.
“Various security shortcomings within PLCs, combined with the increasing number of protection mechanisms deployed in general-purpose computers, make PLCs among the least resistant machines within an ICS [industrial control systems] network,” he added.
Why are these crucial machines so vulnerable?
They came into use in the 1960’s, when factories, power plants and industrial systems were not connected to the Internet.
Now, just about everything is connected — and hackable.
With your phone or your laptop, you can apply an update as soon as you get it.
But with industrial computers, an update could shut down water, power or production, at a cost of thousands of dollars.
Some companies choose not to update, or patch, their devices, to keep the systems running.
“This means that it is not unusual to find a PLC device in a plant that has an old known vulnerability,” Abbasi said. “This situation makes PLC devices interesting targets for attackers.”
On the Attack
Researchers are likely not the only ones looking for PLC vulnerabilities.
You might ask, if attackers are finding these PLC security holes, too, why aren’t they shutting down industrial systems, like gas and water or food production?
We asked researcher Roee Stark, who presented the PLC vulnerability he found in Rockwell CompactLogix PLCs at the S4 cybersecurity conference in Miami in January.
He referred us to his company, Indegy.
His colleague, Senior Director of Product Marketing Michael Rothschild, said attackers may be holding on to potential PLC attacks like a ‘nuclear button,’ something they can use in case of extreme situations, like war.
“We know the nuclear capacities of many countries,” he told Archer News. “Thank God there has never been an incident, a real incident, of a nuclear attack and retaliation.”
And with PLCs, the building blocks that run our world and could cause damage or even death if manipulated the wrong way?
“Thank God nobody has ever really rolled out that full potential of what could happen if you disable the wrong thing at the wrong time,” he said.
In today’s advisory, the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, recommends organizations take steps to protect their PLCs.
* Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
* Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Main image: Traffic lights in fog. Traffic signals are often controlled by PLCs. Image: ans on/iStock