Control-System Cybersecurity: Staying Ahead of Evolving Threats

Abstract

This article, written by Special Publications Editor Adam Wilson, contains highlights of paper OTC 24393, ’Control-System Cybersecurity: Staying Ahead of the Evolving Threats,’ by C. DeWitt, ABS Consulting, and J. Ellis, Neodigm Press, prepared for the 2013 Offshore Technology Conference Brasil, Rio de Janiero, 29-31 October. The paper has not been peer reviewed. The benefits of modern industrial control systems have never been greater. However, as these systems have evolved, the threats to their safe and secure operation have grown. While the return on investment for a complete control-system security audit may be difficult to calculate, the cost of not having a complete plan in place may, if a worst-case condition arises, be impossible to comprehend. A baseline system security image, as a start, allows a vessel owner or operator to understand the security risks. Introduction A diver-support-vessel control system suddenly loses position control and begins to drift while the divers below are put in harm’s way. A programmable-logic controller on the vessel’s dynamic-positioning system had entered an error state and flooded the primary and backup control networks with erroneous data, knocking all connected systems offline. Before control is restored, the vessel is 200 m from its station and one diver has been left unconscious on the template bailout and the other is stranded in the diving bell. The unconscious diver is rescued by his companion from the diving bell once the vessel arrives back on station. Is this a scene from a movie? Unfortunately not; it was a recent, real-world failure. Just as unsettling is the fact that the root cause of the network jamming was never identified. While viruses, Trojans, worms, and backdoors have been generally associated with Web servers, personal computers, and phones with access to the Internet, serious concerns about cyberphysical attacks on industrial control systems have also been raised—attacks that could result in conditions similar to the loss of positional control just described. Offshore assets with complex operational capabilities, such as floating production, storage, and offloading vessels; drillships; and semisubmersibles, while not necessarily targets for national-security- based malicious attacks, are nevertheless high-value targets whose compromise may have high-consequence results. Control systems onboard the vessel demand real-time operation, interference with which may result in costly and even life-threatening situations. Problem With more and more industrial control systems exposed to external, uncontrolled access for remote upgrades, remote monitoring, and ease of access, these systems are often visible to hackers as well. Combine this access with the increased use of highly targeted and often outdated or unpatched operating systems, and there is good reason for concern. Solution The following six, high-payoff steps or practices should be implemented even before a security-baseline and gap assessment has been performed: Network design and implementation—Perform a survey of the control network to ensure there are no undocumented bridges or devices that have been attached. Host configuration—Validate proper user and password control on each system. Validate that all unused ports and services are turned off. Virus and malware protection— Ensure virus and malware scanners are installed and properly configured to detect new and updated files, yet not interfere with real-time operation. USB access—Insertion of USB flash drives is a common avenue for the spread of malicious software. Ensure there is not a means for unauthorized physical access to the USB ports on each system. If this is not possible, ensure USB ports have been disabled by operating-system configuration. Extraneous-program removal— Adobe Acrobat, while seemingly a common and benign standard program, has been the avenue for many recent attacks. Ensure all unneeded programs have been removed from the system. Recovery plan—Develop a detailed recovery plan for the network and each device attached.