{"id":64,"date":"2004-10-07T00:00:00","date_gmt":"2004-10-07T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/10\/07\/shifting-cyber-threats-menace-factory-floors\/"},"modified":"2021-12-30T11:36:26","modified_gmt":"2021-12-30T11:36:26","slug":"shifting-cyber-threats-menace-factory-floors","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/10\/07\/shifting-cyber-threats-menace-factory-floors\/","title":{"rendered":"Shifting cyber threats menace factory floors"},"content":{"rendered":"<p>The factory floor of a modern paper manufacturing plant is a ballet of heavy machinery and razor-sharp blades, pressing, dying, rolling, unrolling and cutting dead tree pulp by the ton.  To James Cupps, it&#8217;s something else, too: a target rich environment for cyber attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PLCs are microprocessor-based systems programmed to make the timing and control decisions in machine automation that once required arrays of electromechanical relays.<\/p>\n<p>On older systems, PLCs communicated over RS-232 serial lines &#8212; slow going, but relatively secure.  But modern PLCs can plug right into a plant&#8217;s Ethernet, exposing them to whatever threats lurk therein.<\/p>\n<p>Coming from an IT environment, Cupps hoped to find that the control systems at his company&#8217;s plants were protected by at least as much security as a Windows desktop.  The controls systems at Cupps&#8217; company are made by Rockwell Automation, but Cupps hastens to point out that the absence of authentication on PLCs is an industrywide problem, and not at all limited to one particular vendor.<\/p>\n<p>Other experts agree, and say the root cause is historical: the control systems rely on protocols and industry standards that were built for dedicated serial lines &#8211; not shared TCP\/IP networks.<\/p>\n<p>&#8220;It&#8217;s script kiddy material to control PLCs,&#8221; says Eric Byres, a researcher and critical infrastructure security specialist at the British Columbia Institute of Technology (BCIT).<\/p>\n<p>The implications are disturbing to Byres and Cupps; in factories across the globe PLCs control pumps, conveyer belts, paint sprayer booths, welding machines, motors and other equipment.  &#8220;We found numerous ways to perform single-packet denial of service attacks against PLCs,&#8221; says Byres.<\/p>\n<p>The 13 cyber security incidents logged between the years 1982 and 2000 were almost all attributable to accidents, inappropriate employee behaviour, or sabotage by disgruntled employees.<\/p>\n<p>Processer Power Issues In a lot of those external attacks, control systems were merely collateral damage from IT issues like worms, &#8220;because we have Windows running all over the plant floor,&#8221; says Byres.  Michael Bush, security program manager at Rockwell Automation, acknowledges that Ethernet-enabled control systems &#8220;change the rules significantly&#8221; from the days of dedicated serial lines.<\/p>\n<p>For his part, Cupps says he took emergency measure to shore up the control systems at his company, then committed to a massive reorganization of its networks, putting the factory floors on their own subnets, adding firewalls between them, and installing intrusion prevention systems, among other things.<\/p>\n<p>http:\/\/www.securityfocus.com\/news\/9671<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=64"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":2551,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/64\/revisions\/2551"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}