The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Attacks
 

Industrial Control Systems as Weapons

January 27, 2020
Robert Bergman

In a recent Dark Reading feature, Kelly Higgins Jackson describes how cyber threats to aging industrial operational technology have advanced from simple malware vulnerabilities and lack of security controls to use as potential weaponry.

 

She cites a recent PAS Global analysis of 10,000 of its customers’ ICS systems. It found numerous ways in which malicious attackers could weaponize automation systems at power, oil & gas, chemical and other critical infrastructure systems. PAS, of course, did not detail any of its customer systems, but Dale Peterson, CEO of Digital Bond, gave her some examples of how an attacker might weaponize a control system:

 

  1. Manipulating output characteristics, for example, manipulating flow rate of air or gas in a valve
  2. Manipulating HMI graphics configurations to allow access to the administrative control of the entire DCS network
  3. Manipulating HTML to inject code that can contain flow control settings
  4. Scrambling calculations of the flow indicator and the flow controller on the CPU
  5. Accessing hard-coded system engineer username and password and using it to enter other systems

To address these issues, PAS Chief Operating Officer Mark Carrigan suggested interventions such as improving configuration management on the most critical systems and assets and implementing passive network monitoring that can catch anomalous traffic. While such configuration management and passive monitoring can certainly be of help, they do involve purchase, installation and maintenance costs.

 

Such costs should be weighed against upgrading controls to automation technology in which cyber security protection is already built-in. For companies that are already planning to modernize their controls, specifying built-in cyber security at purchase should be a no-brainer. This is especially true for Bedrock OSA controls, for which protection that makes it all but impossible for attackers to weaponize controls is included at no additional cost above very competitively priced and high-performing PLC, RTU, DCS and power supply solutions.

 

For more information about how to separate truly built-in cyber security from products that just claim it, see Built-in Cyber Security vs. Built-in Cyber Security

 
Cyber Attacks

Flow Computing Goes Digital

February 24, 2020
Robert Bergman

Small discrepancies in custody transfer calculation can make a big difference on the bottom line of an oil & gas […]

Cyber Attacks

Study Results: Midstream Automation Trends

January 27, 2020
Robert Bergman

Recent data collected in relation to the Future Midstream Automation Conference indicates that midstream companies are upping their spending on […]

Cyber Attacks

Extracting Value from Smart Infrastructure

December 16, 2019
Albert Rooyakkers

Dr. Rida Hamza, VP, Critical Infrastructure Protection at the global engineering firm Parsons, sees the Industrial Internet of Things (IIoT) […]