13

Wired reports that there are many security issues with Programmable Logic Controllers (PLCs) and now there is an easy to use tool to scan and detect vulnerabilities.

They say it's so easy, the update for Metasploit make it analogous to Firesheep for PLCs.

  • What must IT shops do to prevent attack?

  • If the PLC controllers are not on the network, or are isolated, should we still be concerned?

  • If an IT shop has no PLCs in the course of business (manufacturing, etc), are the HVAC systems of the datacenter or door/access control systems vulnerable?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • I think its bad news bears :-\ I think we're(humanity as a whole) is about to experience a new kind of situation, the moment a virtual event consequently effects physical life. It;s been vulnerable for years, and trust me, every governments got their hands all over it. –  Jan 20 '12 at 04:52

1 Answers1

9

This just brings into the public eye something which has been happening for ages: everything is vulnerable. SCADA kit used to be safer as it generally wasn't connected directly to public networks and was considered obscure, however the targets are juicy, and the security levels generally pitifully low so attackers have always researched ways to exploit them.

The broad concepts to prevent attack are the same as for anything else

  • segregate networks with access control devices (routers, firewalls etc)
  • secure communication links (encryption, authentication, and yes, removable media!)
  • harden platforms and applications
  • review code
  • penetration testing

In respect to your sub-questions:

  • if the PLC's are not connected (and you can confirm this) then they can't be attacked through a connection. However most are connected through some type of link, so assume that link is the attack conduit
  • PLC's are a specific area for this Metasploit update, however you should generally assume any system has vulnerabilities and plan accordingly based on your risk appetite.
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • Stuxnet was spread through USB sticks. Isolated networks did not seem to help much for Iran... – Dog eat cat world Jan 20 '12 at 08:52
  • 2
    You see my point about **not connected** - those were connected via those USB sticks. This is the problem, and why I raised the point specifically. – Rory Alsop Jan 20 '12 at 09:22
  • Compairing this metasploit update with Stuxnet is like compairing a lada to a bugatti veyron. Stuxnet had a lot more bells and whistles. As it was not a SCADA exploit that made the spread possible as rather more than 10 zero day exploits on windows. – Lucas Kauffman Jan 20 '12 at 09:24
  • 1
    Also, I agree with rory, you can easily close all usb ports with epoxy. – Lucas Kauffman Jan 20 '12 at 09:26
  • Four zero day exploits. Refs: http://www.zdnet.com/blog/security/stuxnet-attackers-used-4-windows-zero-day-exploits/7347 and http://en.wikipedia.org/wiki/Stuxnet#Windows_infection ; signed drivers http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx and other vectors. Stuxnet was very much a kitchen-sink shot at SCADA systems. – TristanK Jan 20 '12 at 11:04