Control System Cyber Security:Staying Ahead of the Evolving Threats

Abstract

Abstract A diver support vessel's control system suddenly loses position control and begins to drift while the divers below are put in harm's way. A Programmable Logic Controller (PLC) on the vessel's Dynamic Positioning system had entered an error state and flooded the primary and backup control networks with erroneous data, knocking all connected systems offline. Before control is restored the vessel is a 200 meters from its station and one diver has been left unconscious on the template bail out and the other stranded in the diving bell. The unconscious diver is rescued by his companion from the diving bell once the vessel arrives back on station. Is this a scene from a movie? Unfortunately not, it was a recent, real-world failure documented in an IMCA Safety Flash. Just as unsettling is that the root cause of the network jamming was never identified. While Viruses, Trojans, worms, and backdoors have been generally associated with web-servers, PCs, and phones having access to the Internet, serious concerns about cyber-physical attacks on industrial control systems have also been raised—attacks which could result in conditions similar to the loss of positional control just described. With more and more industrial control systems exposed to external, uncontrolled access for remote upgrades, remote monitoring, and ease of access, these systems are often visible to hackers as well. Combine this access with the increased use of highly targeted and often outdated or unpatched operating systems, and there is good reason for concern. Layered on this is the fact that many SCADA systems may use default user names and passwords for administrative access, making SCADA and industrial controls systems vulnerable. Sometimes, passwords are not even required. This problem is so prevalent that online search engines have been developed to specifically identify control systems with known gaps. As another example, it was recently reported that a popular software tool used to manage SCADA and PLC control systems, including ones used in vessel navigation, contained back-door functionality that allowed hackers to remotely issue powerful system-level commands. But what about geographically remote systems, with little, if any, direct exposure to the Internet? Drilling rig control networks are often well-isolated from the outside world, with software and hardware controls providing a buffer between the rig and the Internet with a fire-wall to block hacker access. Combining these safeguards with the actual, physical isolation of the drilling rig when in deep-water operation would surely provide a measure of physical security not found in typical industrial control applications, right? Unfortunately, as demonstrated by recent attacks using very sophisticated, targeted programs, it appears that there are still many ways to compromise an isolated control system. Offshore assets with complex operational capabilities like FPSO's, Drillships and Semisubmersibles, while not necessarily targets for national security-based malicious attacks, are nevertheless, high-value targets whose compromise may have high-consequence results. Control systems on-board the vessel, such as the Dynamic Positioning (DP) System, demand real-time operation, interference of which may result in expensive and even life-threatening situations. Good security practices reduce risk and ensure high-consequence situations are unlikely to happen. For a complex Drillship, however, blindly applying industry IT standards is not only over-kill, but could result in degraded performance of a system. Imagine an uncoordinated virus scan of a workstation's hard-drive taking sufficient resources whereby deterministic real-time control is impacted. Application of purpose-built security assessments provide a detailed review of the rig's control system networks, their topology, devices, and system/software maintenance plans, and provide the operator with greater assurance that the rig's information is reliable and secure, and the threat of a cyber-physical attack is mitigated.