On October 24, 2018, the CS3STHLM industrial cyber security & Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems (“the Stockholm summit”) kicked off in Sweden for the fifth consecutive year, bringing together cybersecurity experts worldwide. NSFOCUS, as the only participating security vendor from Asia-Pacific, delivered a speech titled Attacking PLCs by PLC in Deep, sharing the company’s security research experience in the industrial control system (ICS) realm.
ICS, being an integral part of critical infrastructure, simplifies operations of key industrial sectors such as power supply, oil and natural gas, water supply, transportation, and chemical engineering. The increasingly serious cybersecurity issues and their impact upon ICS are posing significant threats to critical infrastructure.
The Stockholm summit is an annual summit that gathers ICS device vendors, solution providers, device users, I security vendors, and -related standards development organizations. Since its inception in 2014, CS3STHLM has quickly become the premier ICS security summit in Northern Europe. Those who attend CS3STHLM are concerned about protection of ICS, critical infrastructure, automation, and smart grids.
An expert from NSFOCUS gave a keynote speech titled Attacking PLS by PLC in Deep. (At last year’s Black Hat USA 2017, he was also invited to deliver a keynote speech, Break the Greatwall of S7complus.)
In preceding years, the number of attacks on ICS has continually increased. The majority of attacks are initiated by leveraging insecurity of ICS protocols. Examples of such attacks include the Stuxnet event in 2010 and the Triton event in 2017. In 2010, Siemens’s ICS was targeted by the malware dubbed Irongate, which shared technical similarities with Stuxnet to launch a replay attack via a programmable logic controller (PLC), enabling the attacker to manipulate the controlled procedure without the operator’s knowledge.
The PLC is an electronic digital computing operation of a device designed for use in industrial environments. It uses a programmable memory to store instructions and implement functions such as logic, sequencing, counting, timing, and arithmetic to control various machines or processes through digital or analog inputs and outputs.
In research performed on PLC attacks, NSFOCUS’s Industrial IoT Security Laboratory proposes a type of PLC attack that can leverage an intranet PLC to attack PLCs from other vendors. CHENG LEI from NSFOCUS said,
“Once infected, a PLC will scan the entire network for all types of PLCs and send related information back to the control server. Subsequently, this infected PLC will attack PLCs from other vendors as instructed by the control server. Like PLC Blaster, this malware can be delivered over the network.”
In early 2010, NSFOCUS began to focus on the ICS security research. Since then, the company has delivered a succession of technological outcomes, which have been put in practice to form NSFOCUS’s proprietary integrated ICS cybersecurity solution that features a closed-loop security process covering assessment, prevention, detection, and response. NSFOCUS is commited to provide end-to-end security solutions for various customers at home and abroad to ensure their business continuity.
download:Attacking PLCs by PLC in deep – CHENG