The infamous Stuxnet worm made headlines in 2009 when it penetrated Iranian Nuclear Facilities, resulting in the destruction of their centrifuges. The debate regarding the origin of the worm spanned political boundaries, but nonetheless it uncovered the next generation of zero-day attacks that could disrupt industrial processes relying on inter-connected components.
While the Stuxnet virus required significant recon in order to get within the system, a researcher has now found a much easier way to cause physical damage to devices that have one thing in common: connectivity to the internet. This hack targets Variable Frequency Drives, which are extremely popular within plants for the control of motors, pumps and HVAC systems. VFDs are digital devices that are used to alter electricity voltage/frequency and are a large part of industrial operations.
The flaw was discovered by Reid Wightman who works as a security researcher at Digital Bond Labs. At least four manufacturers’ VFDs were vulnerable to the malware, allowing read/write operations without prompting for authentication from unauthroized third parties. On top of this, the VFDs even broadcast the range at which they are set to operate, giving hackers an easy insight as to how they can physically damage the connected devices. Once known, hackers can easily operate the VFD at higher speeds, effectively damaging motors, fans and equipment connected to them.
The vulnerability is left within the drives by vendor who make the setting writeable over a network protocol. The only way to dig down in case of a disaster would be through facility logs, which is something that isn’t always maintained. The manufacturers tested by Whitman included Allen-Bradley, ABB, Schneider-Electric and Vacon.
The problem can’t be fixed through a simple patch from the vendor; instead the architecture of the VFD in question would have to be re-designed, adding authentication capability. For now, vendors can simply advise their clients to maintain the VFDs on a local network, or ward off attempts from external networks by tightening control through the network firewall.
USB Flash Drive
While the local/wide area network is one way to penetrate into an industrial system, USB flash drives present another easy way to disrupt plant floor operations. Dormant malware is becoming highly common in this regard, sitting within computer systems and stealing intellectual property at intermittent frequencies. This can lead to financial losses, and long-term impact on the company’s operations. In the worst case, the software can deteriorate entire production losses, leading to industrial accidents and human damage.
Protecting systems from viruses originating from USB drives is quite easy. A comprehensive cybersecurity plan can be laid out with the help of system administrators. As the first line of defense, personal USB flash drives shouldn’t be allowed within the premises, while office drives should remain within the custody of specific individuals. In addition, anti-virus terminals should be set up across the workplace, allowing employees to scan USB flash drives before they are connected to a computer system that control sensitive equipment or hosts vital software.
Interested in learning more? Visit our website www.premierautomation.com, or talk to one of our specialists today.