This post is also available in: Slovenian
The energy industry is the only one that don’t knows economic crisis, on the contrary, the crisis or not, the demand is still growing. Competition of various energy sources is becoming increasingly fierce, so it’s very important that the process control and management systems (SCADA) are well protected.
In the case of a worm virus Stuxnet it was proved that SCADA systems, who manage such important industrial systems such as power plant and a nuclear power plant, are not well protected. The first attack of Stuxnet was way back in 2009 with the use of Autorun vulnerability, but massive success it was the second wave exactly one year ago. In March 2010, they managed to insert a worm in Iran and put nuclear power plants in danger using lnk vulnerability. This has slowed down Iran’s nuclear program. I first wrote about SCADA vulnerability and Stuxnet worm last year in Is your SCADA system secured enough?
The worm hit in India and Pakistan too, although the real number of infections cross the world we will never know because this is very sensitive area for countries. They were only affected SCADA systems WinCC by manufacturer Siemens. WinCC is by far the most common industrial control system.
What can cause Stuxnet?
From a distance they can remotely take over controls for example to increase or decrease the speed of centrifuges, you can think what can happen after, what disastrous consequences may occur. The worst case scenario is like the scenario of a nuclear power plant Fukushima. Kevin Hogan, Symantec Security Response senior manager, said that the Stuxnet is first virus that hit the real world. Until now it was always injury or loss of data in the digital world.
The appearance of Stuxnet increased interest in the safety of SCADA systems. What evokes mass interest, of course evokes more serious interest of “bad world” makers of virus.
Discover a new critical vulnerability
Several security researchers and laboratories revealed recently a good number of security holes not only for Siemens but also at other providers of SCADA / ICS applications.
Gleg, the Russian company that deals with security offers a packet of Agora SCADA + showing and solving 35 vulnerabilities.
Italian security researcher Luigi Auriemma has announced there are 34 serious security holes for the following applications; Tecnomaxtix Siemens FactoryLink (6 vulnerabilities), and Iconics GENESIS32 GENESIS64 (13 vulnerabilities), 7-Technologies IGSS (8 vulnerability) and dating RealWin (7 vulnerability). All four applications have a web remote access vulnerability.
US-Cert revealed vulnerabilities in the following SCADA / ICS applications; Cation IntegraXor (discovered by Dan Rosenberg), Siemens Technomaxtix Factory Link and BroadWin WebAccess (Ruben discovered Santamarta).
The possibility SCADA systems to crash
SCADA systems typically manage the old industry systems and app upgrades and patches could cause not only delay in service, but it’s a possibility that the system collapsed and power plants or any other product lines would be endured. This is the real reason that the SCADA / ICS security systems are not updated. A nuclear power plant as Fukushima operated for 40 years and certainly did not change often SCADA system, let’s says that they do every 10 years. In the meantime, the IT field certainly did change a lot. Just look how evolved internet in 10 years. Something must be done in this area, but it requires a lot of money. In the past it was a low security risk, but this is no longer the case.
At present, I suggest that you do next:
• prevent access to the Internet from computers where operates the SCADA /ICS application
• separates the process from business network
• access to computers with SCADA allowed outside the corporate network only via a secure VPN connection
By following these three points, you certainly reduces the risk of remotely take over management of SCADA systems.
Is your company arranged so as to my advice?