Comments on: Industrial Control Systems Safe? I Think Not http://www.darknet.org.uk/2009/04/industrial-control-systems-safe-i-think-not/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Morgan Storey http://www.darknet.org.uk/2009/04/industrial-control-systems-safe-i-think-not/#comment-147307 Morgan Storey Wed, 29 Apr 2009 04:49:36 +0000 http://www.darknet.org.uk/?p=1739#comment-147307 Geez airgap people. I found it amusing that in BSG they didn't network their systems to guard against compromise, maybe we should take a leaf out of this sci-fi book. Critical systems should simply either not be networked at all, or in a minor fashion, but never connected to a non-critical or internet network. Lock down the physical so you can't plug in a USB wireless/pcmcia device. Geez airgap people. I found it amusing that in BSG they didn’t network their systems to guard against compromise, maybe we should take a leaf out of this sci-fi book.
Critical systems should simply either not be networked at all, or in a minor fashion, but never connected to a non-critical or internet network.
Lock down the physical so you can’t plug in a USB wireless/pcmcia device.

]]> By: Navin http://www.darknet.org.uk/2009/04/industrial-control-systems-safe-i-think-not/#comment-147134 Navin Tue, 28 Apr 2009 11:41:12 +0000 http://www.darknet.org.uk/?p=1739#comment-147134 yeah I completely agree with darknet....see we all point fingers at the taliban saying tht they may get their hands on pakistani nukes....but the fact is tht the probability of the same being done by a cyber security n00b.....I'm pretty sure U heard of the CERN LHC being hacked as well....this shows how major establishments are under threat!! yeah I completely agree with darknet….see we all point fingers at the taliban saying tht they may get their hands on pakistani nukes….but the fact is tht the probability of the same being done by a cyber security n00b…..I’m pretty sure U heard of the CERN LHC being hacked as well….this shows how major establishments are under threat!!

]]> By: Alan http://www.darknet.org.uk/2009/04/industrial-control-systems-safe-i-think-not/#comment-147123 Alan Tue, 28 Apr 2009 10:53:30 +0000 http://www.darknet.org.uk/?p=1739#comment-147123 Having studied and worked briefly in control systems and PLC before starting my IT career, which led into IT Security, I can say that I am not in the least bit surprised as I have seen the slow grinding of the wheels leading up to this. Control systems were traditionally seperate from TCP networks due to differences in protocols used and in many cases equipment used in IT cannot withstand the environments most industrial control systems run in, but the biggest safe point was that control systems as a whole are usually self contained as one complete system. The problem that we see in this article is that the convenience of remote monitoring and the monitoring of multiple control systems that are hard to replace/upgrade into more intelligent control systems and campus wide monitoring has invariably led to rather sloppy integration, poor sanity checks and also allowing these monitoring systems to influence and control these legacy systems. The biggest mistake is making it possible for people to attach these systems to any 'public' network and by public I mean any network that would break the self containment of the system. Most of these system were designed as a complete solution and meant to run for decades with no change other than wear and tear replacements. They have no chance against modern systems and anything further than monitoring is tantamount to suicide. Having studied and worked briefly in control systems and PLC before starting my IT career, which led into IT Security, I can say that I am not in the least bit surprised as I have seen the slow grinding of the wheels leading up to this.

Control systems were traditionally seperate from TCP networks due to differences in protocols used and in many cases equipment used in IT cannot withstand the environments most industrial control systems run in, but the biggest safe point was that control systems as a whole are usually self contained as one complete system.

The problem that we see in this article is that the convenience of remote monitoring and the monitoring of multiple control systems that are hard to replace/upgrade into more intelligent control systems and campus wide monitoring has invariably led to rather sloppy integration, poor sanity checks and also allowing these monitoring systems to influence and control these legacy systems.

The biggest mistake is making it possible for people to attach these systems to any ‘public’ network and by public I mean any network that would break the self containment of the system.

Most of these system were designed as a complete solution and meant to run for decades with no change other than wear and tear replacements. They have no chance against modern systems and anything further than monitoring is tantamount to suicide.

]]>