Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected systems, especially through the integration of industrial internet of things (IIoT) technologies.Read More
The increased connectivity of computer and robot systems in the industry 4.0. ecosystem, is, and will be exposing robots to cyber attacks in the future. Indeed, industrial robots—originally conceived to be isolated—have evolved, and are now exposed to corporate networks and the internet.
While this provides synergy effects and higher efficiency in production, the security posture is not on par. In our latest report Rogue Robots: Testing the Limits of an Industrial Robot’s Security we analyzed how easily an industrial grade robot could be actually ”hacked”. We demonstrated how easily an attacker is able to alter an industrial robot’s accuracy without changing the program code so that that minor defects can be (maliciously) introduced into work pieces. Needless to say, defective products can have repercussions on the production floor and, depending on the security and QA practices of the target factory, may have some financial consequences down the line.Read More
Industrial Control Systems (ICS) are a hot topic in the security industry today, thanks to the prevalence of software that is often riddled with security flaws and legacy protocols that were designed without any type of security. Many of these systems were designed in a different time, when the world was quite different. ICS systems used to be isolated, Internet access was rare and expensive, and hacking knowledge was not as widespread as it is today. It would be very difficult for a programmer to have foreseen some of the security issues that have now come about. As a result, however, this often translates to cases where solutions are developed to get the most out of the system while maintaining a cost-conscious mindset. As a result, there are cases where software and protocols that were never meant to be part of an ICS system end up as part of such a system.Read More
The concern on ICS/SCADA security gained prominence due to high-profile attacks targeting these devices, most notably Flame and Stuxnet. However, we noted recent findings, which prove that the interest in ICS/SCADA devices as attack platforms is far from waning. We’ve all read about how insecure ICS/SCADA devices are and how certain threat actors are targeting…Read More
Recently, I spoke at the Forum of Incident Response and Security Teams (FIRST) in Bangkok, Thailand on threat intelligence and incident response. The mantra throughout FIRST was “sharing to win”, the concept of which echoes throughout security got me to thinking about information sharing in the ICS/SCADA security arena. This idea of sharing thoughts and…Read More