How to face the potential safety problems of the m

  • Detail

How to face the potential safety problems of industrial control system crisis

in recent years, with the rapid development of industrialization and informatization, traditional industries have integrated information technology and communication network technology, which has gradually changed the world industrial development pattern. According to statistics, at present, more than 80% of the key infrastructure related to the national economy and the people's livelihood in the world need to rely on industrial control systems to achieve automated operations. The use of industrial control systems for automated production has greatly improved work efficiency, saved a lot of manual labor, and created several times the production value

however, with the development of technology, its disadvantages are gradually revealed. Recently, security researchers found that several westermo industrial routers widely used in energy, manufacturing, commercial facilities and other fields have high-risk vulnerabilities that staff should make timely adjustments. There are hard coding vulnerabilities numbered cve- in their mrd-305-din and other industrial router firmware, which can expose SSH and HTTPS certificates and their related private keys. This vulnerability not only allows attackers to conduct man in the middle attacks, decrypt traffic, but also obtain administrator certificates that enhance device access rights. In addition, there are several pages in the management interface of these industrial routers that do not use any Cross Site Request Forgery protection, allowing attackers to perform various operations on behalf of authenticated users. At present, westermo has repaired the above vulnerabilities. If it is discovered later, it will cause huge losses. This incident is only one of the most industrial control safety accidents. With the development of industrial automation industry, the challenge of information security of industrial control system is becoming increasingly severe

review of six typical industrial control system security incidents

the data shows that global industrial control network security incidents have shown a gradual growth trend in recent years, with 295 attacks against industrial control systems recorded by American ics-cert in 2015 alone. In order to help understand the security threats faced by industrial control systems, the author summarizes several typical industrial control system security incidents here for your reference

1. The central system of the Australian sewage treatment plant was invaded by man

in March 2000, the malucci sewage treatment plant in Australia broke down suddenly: the communication connection between the central computer and pumping stations was lost, the sewage pump worked abnormally, and the alarm signal did not respond to the alarm. In more than three months, a total of about 1million liters of untreated sewage were directly discharged into natural water systems through rainwater channels, including local parks and rivers. This behavior directly led to the death of local marine organisms, and the stink of sewage made local residents unbearable, bringing serious ecological disasters to the region

after verification, it was found that the cause of the accident was not equipment failure, but man-made. It turned out that vitekboden, a former engineer of the factory, deliberately retaliated for his dissatisfaction with the refusal to renew his contract. The former engineer secretly installed a program on his laptop that can communicate with the transmission system, and controlled 150 sewage pumping stations through a wireless transmitter

because of the serious consequences, this incident has become the first safety incident of industrial control system that has attracted widespread attention, which has sounded an alarm for the safety protection of industrial control system

2. Davis besse nuclear power plant in the United States was attacked by worms

in January 2003, Davis besse nuclear power plant in Ohio and other power equipment were attacked by sqlgramme worms, and the amount of network data transmission increased sharply within a few hours, resulting in the slow processing speed of the nuclear power plant computer, and the failure of the safety parameter display system and process control computer

originally, in order to provide application software to the server, a supplier established an unprotected T1 link at the back end of the network firewall of the nuclear power plant, and sqlgramme worm used this link to bypass the firewall and enter the network of the nuclear power plant. Then use the buffer overflow vulnerability of port 1434 in sqlserver2000 to attack, reside in the system memory, and constantly copy itself, causing network congestion, making sqlserver unable to work normally or even down

The occurrence of the Davis besse incident made people realize that the security vulnerability of the industrial control system is not entirely due to technical reasons, and the operators' weak awareness of security precautions is also the fuse of this incident

3. The notorious earthquake virus stuxnet

"worm" is a typical computer virus, which can replicate itself and spread through the network. Any personal computer associated with the infected computer will be infected. In June, 2010, Stuxnet was discovered for the first time. It is the first "worm" virus specifically targeting real-world infrastructure. Stuxne successfully attacked Iran's Natanz nuclear power plant by taking advantage of several loopholes that Microsoft had not yet discovered at that time, causing damage to a large number of centrifuges. A U.S. official said: the virus is only aimed at Iran's nuclear facilities, and it is designed not to spread. But is it true

facts have proved that the earthquake virus has spread in the real world. In 2012, Chevron oil company, located in California, USA, admitted that its computer system had been attacked by a seismovirus designed to attack Iran's nuclear facilities. Moreover, bakerhughes, ConocoPhillips and marathon in the United States, that is, their thermal insulation performance can be superior to that of all other types of thermal insulation materials, and other oil companies have also successively declared that their computer systems are also infected with earthquake viruses. They issued a warning that once the virus invaded the vacuum valve, it would cause major accidents such as fire of offshore drilling equipment, casualties and production stoppage

4. Microsoft security experts issued a "Duqu" virus warning

in 2011, Microsoft security experts detected a new variant of Stuxnet virus: Duqu Trojan horse virus, which is more intelligent and powerful than Stuxnet virus. But different from Stuxnet, the Duqu Trojan horse is not to destroy the industrial control system, but to hide in the industrial control system and collect all kinds of information about the attack target for future network attacks. According to experts, the Duqu Trojan contains two parts, one for information detection and the other for information transmission

duqu2.0 broke out in June 2015, and even invaded the conference hotel at the negotiation site of the world's famous network security manufacturer Kaspersky. Its attack strength should not be underestimated

5. USB virus attacks power plants to steal industrial control system data

in 2012, two American power plants were attacked by USB virus. Subsequently, the U.S. industrial control emergency response center said that the U-disk insertion system containing malicious programs caused the industrial control system of each factory to be infected by viruses, and attackers could use these viruses to remotely control the system or steal data

a report said: "some researchers in the third world use the USB flash disk to upload the update program for periodic updates of device software. Because the USB flash disk contains malicious programs, the industrial control system is infected with viruses, resulting in system paralysis and delaying the restart of the factory for about 3 weeks."

a staff member found that his USB driver had intermittent problems, and the virus was discovered only after he guaranteed it to the company's IT department. This incident made people understand that industrial control systems not only have risks, but also should be vigilant for the access protection detection of foreign equipment

6. Flame flame flame virus is rampant in the Middle East.

Kaspersky laboratory has issued a statement that flame flame virus was first born in 2010, has super data capture ability, and is still developing and changing so far. The structure of the virus is extremely complex, which combines the characteristics of a variety of network attacks and network spies. Once infected with the system, the virus will implement a series of operations, such as monitoring communications, intercepting screens, recording audio calls, intercepting keyboard input information, and all relevant data will be obtained by the attacker from a remote location. It can be said that the power of flame virus greatly exceeds all known network threats at present

it is reported that flame flame virus not only attacked relevant facilities in Iran, but also affected the whole Middle East region. It is said that the virus is part of the "Israeli plan" and a high-tech network weapon implemented by Israel to destroy Iran's air defense system and its control center. In addition, the "Israeli plan" also includes attacking all communication network facilities in Tehran (the capital of Iran), including power, radar, control center, etc

how to face the safety problems of industrial control system

through the review of several typical industrial control safety incidents, it is not difficult to find that it involves a wide range of aspects, from sewage treatment to nuclear power plants. We are happy to cooperate with the innovative engineer team of idasso and Chery, oil exploration, and military weapon systems. No matter what industry it is, it is inseparable from people's lives. Nowadays, the market demand for industrial control systems is increasing day by day, and has gone deep into all aspects of society. Taking China as an example, the population density is very large. Once we encounter the system safety problems of similar sewage treatment plants or nuclear power plants, the losses to society are unimaginable. So how should people face the dangerous industrial control system

1. Be vigilant and enhance the awareness of safety prevention of industrial control system

there is an old saying called "flood does not reach the dam first, disease does not come early to prevent", which is also applicable to the safety prevention of industrial control system

until now, people have not paid enough attention to the safety of industrial control system. For some developers, they think that the attacker does not understand their system, and the system is very safe. In fact, commercial standard parts and it technology have been widely used in industrial environment. Most communications in the market use Taihe tcp/ip protocol. Even some special environments using special encryption technology are finally cracked by hackers

for administrators, some people will think that with firewalls or anti-virus software, they can rest easy. Although effectively managed anti-virus measures can resist most known malware, the defense against more hidden or less known viruses is far from enough. Moreover, anti-virus software itself has weaknesses. At a security conference, researchers challenged the anti-virus ability of the seven anti-virus software most used at that time, and six of them were broken within two minutes. It can be seen that anti-virus software is not foolproof

for entrepreneurs, some people think that no one will attack their own factories or industrial control systems for no reason, but many signs show that industrial control systems have been concerned by hackers, dissatisfied employees or criminal organizations

2. Developing technology and improving the safety assurance ability of industrial system

the safety assurance work of industrial system will directly affect the lifeblood of a country's healthy industrial development. Therefore, developing technical means and improving the safety guarantee ability of industrial system are important conditions for the safety technology research and safety service of industrial control system. At the enterprise level, we should improve our own technical strength. Whether it is the setting of firewall and anti-virus software for prevention, or the ability to deal with viruses when risks arise, enterprises should increase investment and strengthen the research, development and application of key core technologies of industrial information security

from the national level, we will focus on supporting the construction of technical support platforms such as simulation testing and monitoring, and constantly strengthen the technical support capabilities such as situation awareness, risk early warning, emergency response, detection and evaluation. Taking China as an example, the Ministry of industry and information technology attaches great importance to the construction of industrial information security technology capacity. Three industries were identified last year

Copyright © 2011 JIN SHI