Breaking News
News & Analysis

BlackEnergy Malware Targeting Industrial Control

SCADA attacked
11/5/2014 09:55 AM EST
8 comments
NO RATINGS
1 saves
More Related Links
View Comments: Newest First | Oldest First | Threaded View
elizabethsimon
User Rank
Author
Re: Caveat emptor
elizabethsimon   11/6/2014 5:45:02 PM
NO RATINGS
We track products by serial number to know what was installed when they left the factory and what customer it was shipped to. I'm not sure how the individual modules are tracked or who does it since that's not my department. It IS a big job and i wouldn't be suprised if, even with the best intentions and proceedures, somethign got missed. One of the reasons that we also advocate strong firewalls separate networks and multiple levels of security.

 

RichQ
User Rank
Author
Re: Caveat emptor
RichQ   11/6/2014 4:46:39 PM
NO RATINGS
... we would send out a notice to our customers if we discovered that a vulnerability affected them...

Sounds like a responsible approach, elizabethsimon, and I too would hope other vendors do the same. So, how do you maintain a watch on all these modules and track who to notify about what? It seems to me you would need someone in the field service department who gets a list of all the software modules used in each product as it is released, tracks the security notices to see if any of those modules has been affected, has a list of all the customers for affected products, and contacts them to let them know. That's a big job.

elizabethsimon
User Rank
Author
Re: Caveat emptor
elizabethsimon   11/6/2014 4:33:07 PM
NO RATINGS
In the case of my company, we would send out a notice to our customers if we discovered that a vulnerability affected them even if it was in aa third party module. I would hope that other vendors would have a similar mechnaism.

 

MClayton200
User Rank
Author
Re: Who tracks this at the factory?
MClayton200   11/6/2014 2:46:17 PM
NO RATINGS
In my industrial controls expeience, these systems were NOT directly on the internet until very recent years, when they got smarter and added ethernet links to allow sensor data collection and control recipe downloads from PCs inside the plant.   

Those plant networks had firewalls to outside world, but those were not perfect, and in some case, they had machine vendors with login privs for troubleshooting.   

But biggest problems with shutdowns were caused by people within the factory making mistakes, or in some case, being fired but not "walked out" very fast.  

So the older the control systems the safer they may be for now.  

Harder to hack 20mA current loop or RS232 connectivity.  Some control systems are designed for remote recipe download and machine sensor data upload and those may be hacked I am sure unless the plant network is totally physically isolated from the web.   That is an option that some have taken, an internal private network...as long as someone in IT does not add a weak link to that system, like wireless office system where people also have access to secure internal network, both hooked to their office PC physically.  Does that make sense?  The word "remote" can mean office to factory at same site, rather than site to site connections over internet.

RichQ
User Rank
Author
Caveat emptor
RichQ   11/6/2014 9:43:42 AM
NO RATINGS
So, if it's the customer's responsibiliity to ensure security of their systems, what mechanisms are in place to let them know what 3rd-party software or open-source software is incorporated in their system so that they know if a discovered vulnerability like this affects them? Does the documentation that comes with the package tell you all the code blocks and origins?

I'm thinking of the Heartbleed vulnerability, which was found to be in many open-source code blocks. How does the customer know that a vulnerable code block is in their system?

TonyTib
User Rank
Author
Re: Who tracks this at the factory?
TonyTib   11/5/2014 8:46:42 PM
NO RATINGS
From my limited knowledge of what our customers do, it's their responsibility (and they certainly don't allow us remote access).  They're also heavy PC-based, not PLC-based, and so don't use HMI or SCADA systems.

elizabethsimon
User Rank
Author
Re: Who tracks this at the factory?
elizabethsimon   11/5/2014 8:23:32 PM
NO RATINGS
As far as I know, it's the responsibility of someone at the factory. I don't believe that any of these systems have a method whereby the manufacturer cha send out updates. At least I hope there snoone doing that. I'c think that would be one of the first things to get hacked.

The company I work for sells networking and security hardware that works with SCADA systems. We strongly advocate that SCADA systems should NOT have a direct connection to the internet. I belive that our security systems use a "whitelist" approach where the system can only send or recieve data from authorized locations.

RichQ
User Rank
Author
Who tracks this at the factory?
RichQ   11/5/2014 1:34:10 PM
NO RATINGS
Given that this attack campaign has been going on for some years, it causes me to wonder who is taking responsibility for the security of installed systems. Does the factory have a security guru who is tracking these alerts and making sure the systems are updated and patched? Or is the equipment designer keeping tabs on all their customers' installations?

Anyone know what standard practice is in the industry?

Most Recent Comments
rick merritt
 
Saturation
 
DCH0
 
realjjj
 
traneus
 
realjjj
 
realjjj
 
Doug_S
 
spike_johan

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed