MANY SUPERVISORY CONTROL and data acquisition (SCADA) systems produced by the German engineering conglomerate Siemens are vulnerable to attacks that can cause serious problems.
SCADA systems are used to monitor and control critical installations in oil and gas refineries, water and power distribution plants, manufacturing plants and other industrial facilities.
The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned last month that Siemens' SIMATIC S7-1200 programmable logic controllers (PLCs) are vulnerable to so-called replay attacks that can interfere with the normal operations.
A security flaw discovered by NSS Labs security researcher Dillon Beresford allows attackers to record commands passed to a PLC and replay them successfully at a later time.
For example, an attacker with access to an automation network could record a legitimate STOP command and send it back to the controller when it performs a critical operation.
ICS-CERT has issued an alert warning that the same flaw affects three more PLC models from Siemens, namely the SIMATIC S7-200, S7-300, and S7-400. This significantly increases the number of potential targets.
The problem stems from the fact that communications between computers and PLCs are transmitted using an open protocol that hasn't been designed with built-in security features like encryption or authentication.
Even though Siemens has yet to release patches for this vulnerability, there are mitigation measures that organizations can implement to reduce risks. These are described in the published ICS-CERT advisory.
Attacks against SCADA systems can have very serious consequences and even though they are rare at the moment, security researchers are confident that their number will increase, especially since the Stuxnet industrial sabotage worm set a successful precedent.
Widely viewed as the most complex piece of computer malware ever created, Stuxnet is believed to have been designed to sabotage uranium enrichment centrifuges at the Iran's Natanz nuclear plant.
There has been a lot of speculation regarding the identity of the Stuxnet's creators, with both the US and Israeli governments having been widely mentioned as the likely perpetrators. Iranian officials have even accused Siemens of assisting the Stuxnet worm developers with information.
One thing's certain though - Stuxnet has put SCADA systems in the minds of security researchers. The past year has seen a lot of public vulnerability disclosures related to these types of systems. µ