The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Hacking the Electronics Supply Chain: Easier Than you Think?
October 30, 2019
If you thought that hacking into an electronic manufacturer’s component supply chain required a fab of one’s own, think again. Wired magazine recently reported on recent simulation that showed how someone using “only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online,” could implant a device the size of pinky fingernail into the motherboard of a communications firewall.
In the project, the stowaway chip was then programmed to attack as soon as the firewall booted up in a target’s data center. It poses as a security administrator accessing the firewall configurations by connecting their computer directly to that port. Once in, the chip triggers the firewall’s password recovery feature, creating a new admin account and gaining access to the firewall’s settings in a way that most IT admins wouldn’t likely notice.
Although the exercise was not intended to imply that people are already doing this, it does raise some valuable points:
- It demonstrates how easily an ill-intentioned nation state, ID thief, or IP thief can penetrate a component supply chain if they can get access to the electronics, for example, via an employee on the fab line
- Because the attack triggers on boot, embedding authentication and verification to ensure a clean boot is critical
- Component manufacturers should take measures to prevent access to the electronics through PKI encryption and authentication to access firmware
- To prevent after-the-fact access, critical firmware should be housed in physically anti-tamper enclosures
Of course, the best way to enforce these measures it to source critical components from trusted electronics manufacturers – ideally in the USA.
For more information about how Bedrock Automation enforces such criteria in its totally U.S.-based production facilities see Sam Galpin’s feature: How Locally Sourced Intrinsically Secure Components Keep the Supply Chain Secure.
June 25, 2020
Bedrock Automation is announcing that the OT cyber security resources developed over the past few months are now available for […]
June 25, 2020
“Trust everyone — but cut the cards,” is essentially the premise of Zero Trust cyber security. Zero Trust assumes that […]