The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Attacks
 

Hacking the Electronics Supply Chain: Easier Than you Think?

October 30, 2019
Robert Bergman

If you thought that hacking into an electronic manufacturer’s component supply chain required a fab of one’s own, think again. Wired magazine recently reported on recent simulation that showed how someone using “only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online,” could implant a device the size of pinky fingernail into the motherboard of a communications firewall.

 

In the project, the stowaway chip was then programmed to attack as soon as the firewall booted up in a target’s data center. It poses as a security administrator accessing the firewall configurations by connecting their computer directly to that port. Once in, the chip triggers the firewall’s password recovery feature, creating a new admin account and gaining access to the firewall’s settings in a way that most IT admins wouldn’t likely notice.

 

Although the exercise was not intended to imply that people are already doing this, it does raise some valuable points:

 

  • It demonstrates how easily an ill-intentioned nation state, ID thief, or IP thief can penetrate a component supply chain if they can get access to the electronics, for example, via an employee on the fab line
  • Because the attack triggers on boot, embedding authentication and verification to ensure a clean boot is critical
  • Component manufacturers should take measures to prevent access to the electronics through PKI encryption and authentication to access firmware
  • To prevent after-the-fact access, critical firmware should be housed in physically anti-tamper enclosures

 
Of course, the best way to enforce these measures it to source critical components from trusted electronics manufacturers – ideally in the USA.

 

For more information about how Bedrock Automation enforces such criteria in its totally U.S.-based production facilities see Sam Galpin’s feature: How Locally Sourced Intrinsically Secure Components Keep the Supply Chain Secure.

 
Cyber Attacks

Understanding and Managing ICS Cyber Security Threats to U.S. Water and Wastewater Utilities

September 28, 2020
Robert Bergman

“Government intelligence confirms the water and wastewater sector is under a direct threat as part of a foreign government’s multistage […]

Cyber Attacks

U.S. Security Agencies Warn of Cyber Attack Threats to Unauthenticated PLCs and other OT

August 27, 2020
Robert Bergman

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]

Cyber Attacks

Encrypt or Be Encrypted: Mysterious Ransomware Attacks OT

August 27, 2020
Robert Bergman

A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]