The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Attacks
 

Industrial Control Systems as Weapons

January 27, 2020
Robert Bergman

In a recent Dark Reading feature, Kelly Higgins Jackson describes how cyber threats to aging industrial operational technology have advanced from simple malware vulnerabilities and lack of security controls to use as potential weaponry.

 

She cites a recent PAS Global analysis of 10,000 of its customers’ ICS systems. It found numerous ways in which malicious attackers could weaponize automation systems at power, oil & gas, chemical and other critical infrastructure systems. PAS, of course, did not detail any of its customer systems, but Dale Peterson, CEO of Digital Bond, gave her some examples of how an attacker might weaponize a control system:

 

  1. Manipulating output characteristics, for example, manipulating flow rate of air or gas in a valve
  2. Manipulating HMI graphics configurations to allow access to the administrative control of the entire DCS network
  3. Manipulating HTML to inject code that can contain flow control settings
  4. Scrambling calculations of the flow indicator and the flow controller on the CPU
  5. Accessing hard-coded system engineer username and password and using it to enter other systems

To address these issues, PAS Chief Operating Officer Mark Carrigan suggested interventions such as improving configuration management on the most critical systems and assets and implementing passive network monitoring that can catch anomalous traffic. While such configuration management and passive monitoring can certainly be of help, they do involve purchase, installation and maintenance costs.

 

Such costs should be weighed against upgrading controls to automation technology in which cyber security protection is already built-in. For companies that are already planning to modernize their controls, specifying built-in cyber security at purchase should be a no-brainer. This is especially true for Bedrock OSA controls, for which protection that makes it all but impossible for attackers to weaponize controls is included at no additional cost above very competitively priced and high-performing PLC, RTU, DCS and power supply solutions.

 

For more information about how to separate truly built-in cyber security from products that just claim it, see Built-in Cyber Security vs. Built-in Cyber Security

 
Cyber Attacks

New OT Cyber Security Training and Information Resources Now Available from Bedrock

June 25, 2020
Robert Bergman

Bedrock Automation is announcing that the OT cyber security resources developed over the past few months are now available for […]

Cyber Attacks

Cut the cards: Zero Trust in the Critical Infrastructure.

June 25, 2020
Robert Bergman

“Trust everyone — but cut the cards,”   is essentially the premise of Zero Trust cyber security. Zero Trust assumes that […]

Cyber Attacks

Trust factors in COVID-19 pandemic recovery

June 25, 2020
Robert Bergman

As countries, states and businesses begin to reopen, we do so with cause and some anticipation. Deloitte & Touche explores […]