NSTB Report: Control System Weaknesses

Wednesday, August 4, 2010 @ 05:08 PM gHale

The most significant vulnerabilities in industrial control systems are those that allow unauthorized control of the physical system.
Compromise of the industrial control system’s availability and ability to function correctly may also have significant consequences, according to a report from the Idaho National Laboratory (INL).
INL performs cyber security assessments of industrial control systems under private sector and government programs.
INL’s report applies to assessments conducted on behalf of the Department of Energy Office of Electricity Delivery & Energy Reliability (DOE-OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program. The mission is to help industry and government improve the security of the industrial control systems used in critical energy infrastructure installations throughout the United States. A key part is assessing industrial control systems to identify vulnerabilities that could put critical infrastructure at risk from a cyber attack.
The likelihood of a successful attack must also undergo consideration when assessing risk. Understanding exposure to attack, attacker awareness of vulnerability, and exploitation knowledge help assess the probability of a successful attack.
“During the last few years, the number of vulnerabilities being discovered in applications is far greater than the number of vulnerabilities discovered in operating systems,” according to the SysAdmin, Audit, Network, Security (SANS) 2009 Top Cyber Security Risks report. “As a result, more exploitation attempts are recorded on application programs.”
Overall, operating system patch management support has improved to the point where operating system patching is trivial for most situations. Industrial control system vendors now provide timely patch test results. On the other hand, application patching is not as rigorous and users often ignore it. Operating system and application patching is not a trivial effort by industrial control system users since they need to test patches in a development environment prior to incorporation in their production systems. Application patching can be even more difficult if security fixes change the way the industrial control system software must interface with application.
This INL document presents results from 24 industrial control system assessments performed under the NSTB program from 2003 through 2009. NSTB assessments reported large industrial control system attack surfaces created by excessive open ports allowed through firewalls and unsecure and excessive services listening on them.
Well-known unsecure coding practices account for most of the industrial control system software vulnerabilities, which result in system access vulnerability or Denial of Service. However, poor patch management provides more likely attack targets because the vulnerabilities are public and attack tools are available for them. Once an attacker gains access to the industrial control system network access, status data and control commands can undergo manipulation.
Perimeter defenses cannot mitigate threats associated with required services between security zones. Vulnerabilities in Web services, database applications, and data transfer protocols can provide attack paths through firewalls. Weak authentication and integrity checks allow unauthorized control or data manipulation, once a hacker obtains industrial control system network access.
To download the full report, click on NSTB Idaho National Labs.

Leave a Reply

You must be logged in to post a comment.