ICS refers to a broad class of systems that measure and monitor, control and/or automate processes in a wide range of industries and sectors. Industrial control systems (ICS) are of various types, such as, DCS (Distributed Control Systems), SCADA (Supervisory Control and Data Acquisition Systems), PLCs (Programmable Logic Controllers) and SIS (Safety Instrumented Systems). All of them are used to monitor and control processes in all kinds of industries and sectors.
Many of these systems are legacy systems that have been designed and architected during a time when cyber security threats were almost non-existent. The only way to sabotage these systems is for a perpetrator to physically access them.
This is because generally, these systems are typically located in control rooms that have very good perimeter security and restricted access. These systems consist of either analog or digital hardware input cards, processors that run proprietary embedded software and communications utilising various kinds of proprietary or standards-based buses. Typically, these legacy systems have operator and engineering stations (basically computer terminals) that have some kind of modern operating system based on some flavour of UNIX or Windows (not necessarily the latest version, one can find many that still run on obsolete versions like, Windows CE and Windows XP). The operations personnel, such as, manufacturing plant operators, control and monitor the plant or offshore platform/building/ship, whichever is the equipment under control via these stations. Engineering stations are used to configure the controllers, graphics displays, historical trend displays, etc. The operator stations are from where one can start/stop pumps, open/close valves and monitor and control other aspects, such as, a reactor or a distillation column.
The system architecture consists of lower levels of electronic hardware that comprises of signal conditioners, amplifiers, isolators and so on, that gather analog and digital signals coming from the plant and send it via DCS controllers to the operator stations, where they are displayed in the form of graphical user screens. The commands from the operator stations, likewise, travel from the operator stations via the DCS controllers and so on, until it operates a valve or a motor or pump. Some operations are done manually while others may be done via control logic that uses the Proportional Integral Derivative (PID) or similar algorithms to sense changes in parameters and automatically adjust the outputs so that the parameter remains near the desired value, called the set-point.
Legacy control systems
At the time that many of these systems were designed and built, the personal computer was a novelty, available only in a few homes and the internet was just beginning to become popular. Over the next two decades, there were several developments. The internet became commonplace, as did computers, laptops and mobile phones that were connected to the internet. Likewise, business IT systems also became modern. They moved from old mainframes, running COBOL and DB2, to newer systems like, SAP and Oracle-based systems. The management of many of these manufacturing companies saw value in connecting these business IT systems with the older legacy control systems. Many of the business IT systems had web interfaces. However, either the managers were not informed properly or did not budget for security of the older control systems.
It is also possible that the people in charge of Management Information Systems (MIS) had little clue of even the existence of these legacy control systems or their vulnerabilities. Now, suddenly, legacy ICS were connected to the internet and thus, became vulnerable to cyber-attacks. However, this was not just restricted to systems that were directly connected to the internet.
Even those ICS that were modernised were done so in a very superficial way. To save on upgrade costs, only the operator and engineering terminals were “upgraded” or “migrated” to better looking systems, with plant graphic displays and trends having thousands of different colours, the ability to use pointing devices like, mice and the ease of having USB ports and CD and DVD drives for software backup.
Vulnerable to attacks
However, this became the vulnerable point of these systems because now, malware could enter the system via these means and there was no mechanism that could detect and remove it. There have been several cases where such malware entered the ICS via uncontrolled use of USB drives, quickly leading to panic situations like, blank screens, slow actions and so on, which ultimately led to shutdown of the plant, associated downtime and emergency situations.
These upgrades, in fact, increased the attack surface of these systems because now, malware could also enter the ICS via insecure serial connections, misconfigured firewalls and so on. Sometimes, the IT staff employed to maintain these systems had no idea of how fragile these industrial control systems really were (having little RAM and storage, not much processing power either, as compared to business IT systems) and discovered it the hard way after having inadvertently shutting them down while working on them.
Meanwhile, the news that these systems were old and prone to being attacked got through quickly to unreliable sources and they could now find these systems with insecure internet connections, which could be breached. This led to many more attacks on these systems.
ICS Security: A critical aspect
There are thousands of these legacy DCS, SCADA and SIS systems that are prone to being attacked from various entities, such as, general cybercriminals, cryptocurrency miners, hackeractivists called hacktivists, various terrorist groups and even rogue states. An attack on these systems can cripple critical infrastructure of any country and cause chaos and disruption. Since it will be an enormous task to replace this old insecure automation architecture with a completely new one, such as, an Industrial Internet of Things-based solution, which is next to impossible, it has become critical to understand ICS security, carry out a risk assessment of these systems and protect them.
Courtesy: Abhisam Software