New Danfoss VLTÂ® Decentral Drive E cient, reliable and powerful

More documents

Recommendations

Info

SECURITY Are you safe from cyber-attack? The recent widespread publicity given to the Stuxnet virus, has brought home the real threats to industrial control systems posed by viruses and hackers. Dr Richard Piggin* examines the risks – and how to minimise them. In his first-ever public speech, GCHQ director Ian Lobban recently highlighted the “real and credible” threat facing the UK’s critical infrastructure from terrorists, organised criminals and hostile foreign governments. He demanded a swift response to match the speed with which “cyber events” can occur, and warned that the country's future economic prosperity rested on ensuring a defence against such assaults. So, which systems are under threat? The critical national infrastructure comprises facilities, sites and networks that deliver the essential services on which daily life depends. This spans nine sectors: communications; emergency services; energy; finance; food; government; health; transport; and water. The UK’s Centre for the Protection of National Infrastructure (CPNI) works with the providers of these services and government departments to identify the critical elements and to help protect them against national security threats. Cyber-threats to control systems extend far beyond energy and telecommunications facilities. For example, activities such as food distribution and logistics could be hit, resulting in a loss of consumer confidence, and potential health risks. All are potentially The UK’s Centre for the Protection of National Infrastructure recommends adopting the protection principle known as defence in depth to avoid single points of weakness vulnerable to targeted or accidental cyberevents and to the actions of disgruntled former employees. One often-cited example is the “drive-by” wireless hacking by an ex-employee of an Australian sewage treatment plant. He used his knowledge of the plant’s control system to hack into it 46 times and to release millions of litres of waste into public waterways. Cyberthreats to industrial control systems are growing, as attackers seek new targets and sources of revenue. > Extortion demands The US Central Intelligence Agency has confirmed that a cyber-attack caused power outages in several cities in 2008, including New Orleans. The agency has also revealed that there have been intrusions into utilities that have been followed by extortion demands. The US government has been taking the potential reconnaissance of its power infrastructure by Russia and China seriously, as well as responding to the potential for terrorist attacks. This year, it formed the United States Cyber Command – a unit of the armed forces responsible for directing operations, defending Department of Defense networks, and conducting military cyberspace operations. According to the US National Institute of Standards and Technology’s (NIST) Guide to Industrial Control Systems (ICS) Security, potential incidents may include: • blocking or delaying the flow of information through ICS networks, thus disrupting their operation; • making unauthorised changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, have environmental impacts, and/or endanger human life; • sending inaccurate information to system operators, either to disguise unauthorised changes, or to cause operators to initiate inappropriate actions, which could have various negative effects; • modifying ICS software or configuration settings, or infecting ICS software with malware, which could have various negative effects; and • interfering with the operation of safety systems, which could endanger human life. NIST’s recommendations include: • restricting physical access to ICS networks and devices; • protecting individual ICS components from exploitation, using measures such as: deploying security patches as soon as possible after testing; disabling unused ports and services; restricting ICS user privileges to those that are essential; tracking and monitoring audit trails; and using security controls such as anti-virus software and file integrity-checking software to prevent, deter, detect, and mitigate malware; • maintaining functionality during adverse conditions – this involves designing the ICS so that each critical component has a redundant counterpart and, ensuring that if a component fails, it does so in a manner that does not generate unnecessary traffic on the ICS or other networks or cause other problems (such as cascading events)
elsewhere; and • restoring systems after an incident – such incidents are inevitable and response plans are essential. There has been a mistaken belief in “security through obscurity” – the use of specialised systems, protocols and proprietary interfaces. However, information on protocols is now widely available and some systems have already been specifically targeted. Examples include the Modbus protocol and, most recently, Siemens’ WinCC Scada and Step 7 PLCs which have been targeted by the Stuxnet trojan/virus (see box, right). Industrial control systems have long operating lives – 10–20 year lifecycles are not uncommon. Older systems were designed with little or no regard for cyber-security, and are interconnected and used in ways that was never envisaged originally. Add to this increasing system complexity, the proliferation of access points, and the growing use of wireless technologies and the Internet. It is understandable why governments are promoting cybersecurity and producing general and sector-specific guidance. > Securing industrial controls In the UK, the CPNI is offering Scadaspecific advice in a series of process control and Scada security good practice guidelines. These are founded on three guiding principles: • Protect, detect and respond It is important to be able to detect possible attacks and respond in an appropriate manner to minimise the impacts. More information A still from a YouTube video showing a simulated attack on a generator Scada system, staged by the Idaho National Laboratory in the US • Defence in depth No single security measure is foolproof because vulnerabilities and weaknesses can be identified at any time. To reduce these risks, implementing multiple protection measures in series avoids single points of failure. • Technical, procedural and managerial protection measures Technology is insufficient on its own to provide robust protection. The CPNI also refers to further forms of guidance – many of them resulting from work sponsored by the US Department of Homeland Security. These include road maps to secure the water, electricity and chemical sectors. These follow a similar ten-year programme to assess risks, and to develop and implement measures to mitigate these risks. There is an emphasis on cost-effective security for legacy systems and on new architecture designs and secure communications. Cyber-security standards are blossoming, including work being done by the US-based International Society of Automation (ISA), which has published ISA99 Parts 1 and 2 which deal with the security of industrial automation and control systems. Part 1 is the foundation for all subsequent standards in the ISA99 series. At the same time, the IEC is also working on ICS standards and is considering the work done in ISA. The challenge is to develop a sustainable approach and to continue a process of assessment, adjustment and review in the light of emerging vulnerabilities, threats, consequences, while implementing appropriate measures. D&C * Dr Piggin is a network and security consultant with an engineering doctorate in industrial control systems networking. He is a UK expert to IEC Network & System Security and Cyber Security Working Groups involved in producing IEC 62443 Security for Process Measurement and Control – Network and System Security. UK Centre for the Protection of National Infrastructure: www.cpni.gov.uk Practical Scada Security blog (Byres Security): http://goo.gl/GH0e NIST Guide to Industrial Control Systems (ICS) Security: http://goo.gl/T50V Siemens information page on Stuxnet virus: http://goo.gl/vwvY ISA99, Industrial Automation and Control System Security: http://goo.gl/Qi2l4 YouTube video of simulated attack on generator Scada system: http://goo.gl/UkGP Stuxnet – the first worm known to target industrial controls The threat posed by Stuxnet has been portrayed as a once-in-a-decade event which goes beyond anything seen before. The worm is designed to sabotage plants by reprogramming PLCs, and to hide the changes from programmers or users. Research released by Symantec in mid-September showed that almost 60% of the approximately 100,000 hosts infected by Stuxnet have been in Iran, with high infection rates also seen in India and Indonesia. This has led to speculation that Stuxnet’s goal was to disrupt Iran's nuclear activities. Symantec says that Stuxnet is one of the most complex threats it has ever analysed. Its elements include: • four “zero-day” exploits (which were previously unknown, undisclosed to the software vendor, or for which no security fix is available – a rarity for any virus which would be considered wasteful by most hackers); • a Windows rootkit – software that allows privileged access to a computer, while hiding its presence; • the first-ever “PLC rootkit” for infecting PLC programs and remaining undetectable; • anti-virus evasion measures; • two stolen digital signatures; • complex process injection and hooking code (to prevent programmers from seeing the infected code); • network infection routines; • privilege escalation measures; • peer-to-peer updates; and • remote command and control. Because PCs used to program control systems are not normally connected to the Internet, Stuxnet replicates via removable USB memory drives, exploiting a vulnerability that allows auto-execution. It then spreads across a LAN via vulnerabilities in a Windows print spooler and Windows Server remote procedure calls. It copies and executes itself on remote computers via network sharing and Siemens WinCC database servers. Stuxnet also copies itself into Siemens Step 7 PLC program projects and executes when a project is loaded. It updates versions via peer-to-peer communications across a LAN. It communicates with two command and control servers, originally located in Denmark and Malaysia, to enable code to be downloaded and executed, including updating versions, and can change command and control servers – although this has not been observed yet. Stuxnet fingerprints specific PLC configurations that use Profibus for distributed I/O. These configurations were gleaned using earlier versions of Stuxnet. If the fingerprint does not match the target configuration, Stuxnet remains benign. If the fingerprint matches, the code on the Siemens PLCs is modified with the infected Step 7 programming software, and the changes are hidden. The modified code prevents the original code from running as intended and causes the plant equipment to operate incorrectly, potentially sabotaging the system under control. This is achieved by interrupting the processing of code blocks, injecting network traffic onto the Profibus network, and modifying output bits of PLC I/O. How this affects each plant will depend on how the control system is connected to the PLC and the distributed network I/O via Profibus. Stuxnet creates is a blueprint for future attacks on realworld infrastructure, providing generic methods to reprogram industrial control systems. However, Stuxnet’s sophistication and complexity make it unlikely that similar threats will develop overnight. SAFETY SECURITY www.drives.co.uk November/December 2010 21
Page 1 and 2: DRIVES & CONTROLS www.drives.co.uk
Page 3 and 4: VLT® Decentral Drive FCD 302 I VLT
Page 5 and 6: DRIVES & CONTROLS Editor Tony Sacks
Page 7 and 8: UK industry ‘is not managing its
Page 9 and 10: more than just a pretty interface.
Page 12 and 13: Mechanical drives factory moves to
Page 14 and 15: Wow, why is this so easy? Because e
Page 16 and 17: TECHNOLOGY Motion system can cut mo
Page 18 and 19: TECHNOLOGY Motor-mounting drives
Page 20: TECHNOLOGY IN BRIEF The OPC Foundat
Page 23: Simple servodrive can be tailored t
Page 27 and 28: LINEAR MOTION Museum’s 4D ride ha
Page 29 and 30: Application Door closer mechanism f
Page 31 and 32: Cantilever axis assists tobacco-cut
Page 33 and 34: Bearing up to electrical erosion Va
Page 35 and 36: PARTNERSHIP BASED ON TRUST - AND TR
Page 37 and 38: Your life in our hands. INDUSTRIAL
Page 39 and 40: Falcon HTC Falcon HTC
Page 41: Extend your chain lives at no extra
Page 44 and 45: PLCs AND HMIs method and the sealin
Page 46 and 47: Experience is our Strength )))!&'$"
Page 48 and 49: PLCs AND HMIs What can HMIs learn f
Page 50 and 51: GAMBICA VIEWPOINT Taking the open r
Page 52 and 53: Sponsored column No. 3 November/Dec
Page 54 and 55: MULTIMEDIA Blogging site aims to co
Page 56 and 57: SENSORS Cable extension sensors hav
Page 58: CONTROL CNC offers a choice of driv
Page 61 and 62: DRIVES AND CONTROLS EXHIBITION 2010
Page 63 and 64: 1 HPMG Hangzhou Permanent Magnet Gr
Page 65 and 66: To advertise contact Simon Langston

New Danfoss VLTÂ® Decentral Drive E cient, reliable and powerful

Create successful ePaper yourself

Delete template?

Save as template?