The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Attacks
 

Hacking the Electronics Supply Chain: Easier Than you Think?

October 30, 2019
Robert Bergman

If you thought that hacking into an electronic manufacturer’s component supply chain required a fab of one’s own, think again. Wired magazine recently reported on recent simulation that showed how someone using “only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online,” could implant a device the size of pinky fingernail into the motherboard of a communications firewall.

 

In the project, the stowaway chip was then programmed to attack as soon as the firewall booted up in a target’s data center. It poses as a security administrator accessing the firewall configurations by connecting their computer directly to that port. Once in, the chip triggers the firewall’s password recovery feature, creating a new admin account and gaining access to the firewall’s settings in a way that most IT admins wouldn’t likely notice.

 

Although the exercise was not intended to imply that people are already doing this, it does raise some valuable points:

 

  • It demonstrates how easily an ill-intentioned nation state, ID thief, or IP thief can penetrate a component supply chain if they can get access to the electronics, for example, via an employee on the fab line
  • Because the attack triggers on boot, embedding authentication and verification to ensure a clean boot is critical
  • Component manufacturers should take measures to prevent access to the electronics through PKI encryption and authentication to access firmware
  • To prevent after-the-fact access, critical firmware should be housed in physically anti-tamper enclosures

 
Of course, the best way to enforce these measures it to source critical components from trusted electronics manufacturers – ideally in the USA.

 

For more information about how Bedrock Automation enforces such criteria in its totally U.S.-based production facilities see Sam Galpin’s feature: How Locally Sourced Intrinsically Secure Components Keep the Supply Chain Secure.

 
Cyber Attacks

Flow Computing Goes Digital

February 24, 2020
Robert Bergman

Small discrepancies in custody transfer calculation can make a big difference on the bottom line of an oil & gas […]

Cyber Attacks

Study Results: Midstream Automation Trends

January 27, 2020
Robert Bergman

Recent data collected in relation to the Future Midstream Automation Conference indicates that midstream companies are upping their spending on […]

Cyber Attacks

Industrial Control Systems as Weapons

January 27, 2020
Robert Bergman

In a recent Dark Reading feature, Kelly Higgins Jackson describes how cyber threats to aging industrial operational technology have advanced […]