The Stuxnet attack on the Iranian centrifuges knocks over the
first four assumptions, since the Iranian ICS was not connected
to the Internet, and had military grade firewalls. (The attack
vector was an infected USB drive plugged into a workstation
within the ICS, which targeted the proprietary Siemens PLC.)
And the Bowman Avenue Dam event upsets the fifth assumption,
as the hackers apparently did not specifically target the facility,
but picked it up in a wider network scan for unprotected
The assumption that security can be simply retrofitted to
existing ICS is dangerous because it contains an element of
truth that can mislead an ICS operator to think that they have
done enough to protect their system. Any extra security is better
than none, but security improvements that can be retrofitted
are severely constrained by the limitations of existing legacy
equipment, and may not even meet regulatory requirements.
They will provide far less protection than security that has been
designed into the ICS from the start.
The only assumption you can safely make is that your network
is not safe.
MAKES AN ICS
For years, security experts have been sounding alarms about
susceptibility to attacks. Here are five vulnerabilities that
operators must be aware of:
MANDATED NETWORK PERFORMANCE
Many of the devices or facilities managed by an ICS should
run without interruption – with strong economic or regulatory
penalties to discourage operational downtime. So maintenance
tasks or upgrade installations which might interrupt operation
become a major issue. Retrofitting security, applying firmware
patches and updates, or replacing legacy equipment can fall into
the ‘too hard’ category.
Early industrial control systems were designed for reliability
rather than security, since there was no Internet to complicate
the picture. Even modern, IP-ready field equipment or web-based control center applications may still be connected to
a SCADA or DCS system that is decades old. Created in the
pre-history of security, components had no built-in security or
communications protocols, interfaces were unprotected, and all
users were assumed to be authorized. And monolithic network
architecture ensured that there were no security checks to
RELIABILITY VS SECURITY
With the development of computer networking, ICS operators
took advantage of the better performance, increased
It would be wrong to think that technological advances in the last
decade have nullified or reduced the threat.
Facing up to cyber attacks is an ongoing, and constantly evolving
challenge. To assume that a security retrofit is good enough,
fails to grasp the complexity and dynamic nature of security. In
particular, legacy equipment is responsible for some dangerous
assumptions, which blind operators to the vulnerability of their
systems. Here are six common misconceptions:
An ICS is safe if it is not connected to the Internet.
Attacks come from outside the ICS rather than inside.
Firewalls will protect an ICS from all attacks.
The proprietary communications protocols used by an ICS
can help protect it.
Cyber attacks are generally targeted, so a low-profile ICS
will not be targeted.
Security can be retrofitted to an ICS on an “as required”
“The only assumption
you can safely make
is that your network
is not safe.”