The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Attacks
 

Industrial Control Systems as Weapons

January 27, 2020
Robert Bergman

In a recent Dark Reading feature, Kelly Higgins Jackson describes how cyber threats to aging industrial operational technology have advanced from simple malware vulnerabilities and lack of security controls to use as potential weaponry.

 

She cites a recent PAS Global analysis of 10,000 of its customers’ ICS systems. It found numerous ways in which malicious attackers could weaponize automation systems at power, oil & gas, chemical and other critical infrastructure systems. PAS, of course, did not detail any of its customer systems, but Dale Peterson, CEO of Digital Bond, gave her some examples of how an attacker might weaponize a control system:

 

  1. Manipulating output characteristics, for example, manipulating flow rate of air or gas in a valve
  2. Manipulating HMI graphics configurations to allow access to the administrative control of the entire DCS network
  3. Manipulating HTML to inject code that can contain flow control settings
  4. Scrambling calculations of the flow indicator and the flow controller on the CPU
  5. Accessing hard-coded system engineer username and password and using it to enter other systems

To address these issues, PAS Chief Operating Officer Mark Carrigan suggested interventions such as improving configuration management on the most critical systems and assets and implementing passive network monitoring that can catch anomalous traffic. While such configuration management and passive monitoring can certainly be of help, they do involve purchase, installation and maintenance costs.

 

Such costs should be weighed against upgrading controls to automation technology in which cyber security protection is already built-in. For companies that are already planning to modernize their controls, specifying built-in cyber security at purchase should be a no-brainer. This is especially true for Bedrock OSA controls, for which protection that makes it all but impossible for attackers to weaponize controls is included at no additional cost above very competitively priced and high-performing PLC, RTU, DCS and power supply solutions.

 

For more information about how to separate truly built-in cyber security from products that just claim it, see Built-in Cyber Security vs. Built-in Cyber Security

 
Cyber Attacks

U.S. Security Agencies Warn of Cyber Attack Threats to Unauthenticated PLCs and other OT

August 27, 2020
Robert Bergman

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]

Cyber Attacks

Encrypt or Be Encrypted: Mysterious Ransomware Attacks OT

August 27, 2020
Robert Bergman

A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]

Cyber Attacks

Signs of Hope in Cyber Security, But …

August 27, 2020
Robert Bergman

Accenture has published its 2020 Cybersecurity Resilience Report based on its survey of 4,644 executives in 24 industries. Although few […]