CONTROL SYSTEMSAND CYBER SECURITY

2600 MEETING JUNE 6,2014M I C H A E L T O E C K E R

Mikhail Turcher, big fanci pantsie

CYBER

SECURITY OVERVIEW

M O D U L E 1

Ooooh… Cybah Cybah Cybah Overfuncher!

BASICSControl Systems are computing systems that monitor and

control physical processes

We’re talking powerplants, locomotives, water treatment, building operations, and stuff like that

Uses things called Programmable Logic Controllers, Remote Terminal Units take in signals from things like pumps, valves, motors, etc

Basi….. Sknnnnzzzz….

Electro-Mechanical Logic

Pneumatic Logic

Programmable Logic

Distributed ControlSystem

Evolution of Control Systems

Dis presentation needs more goats

HUMAN INTERACTIONTHEN AND NOW

Buttons, Levers, Paper Trend Plotters, Annunciators, all linked to Relays and Actuators through

Electronic or Pneumatic Communications utilizing

Relay/Ladder Logic

Computer Systems and Displays, linked to Digital

Process Controllers through High Speed Ethernet Based

networks utilizing Field Programmable Gate Array and

Function Block Logic

I tells him to Pressy the butensies!! Press them!!! He does not.

CYBER SECURITYThe problem is, use of normal IT stuff has

caused Control Systems to inherit the same vulnerabilities of those IT systems…

Ever been hacked? How did that affect your computer? Other computers you own?

Imagine being the computer that runs the Chemical Plant down the road.

I be doin the hackring.. Hackring and slashring in Skyrim… MY KNEE!!

BUT….

Computation evolved into Networked systems

Prioritized the fast, efficient, and easy sharing of data

Control Systems and Information Systems were easily connected together, up to and including the Internet

Vulnerabilities in these Systems allows Malicious Individuals to Access and Disrupt operations

Coding Practices assumed good behavior, but did not enforce it.

Networked Systems allowed access from remote locations, or over the Internet

The I

ntroducti

on of

Computers a

lso Brou

ght the

Vulnerabilit

y of t

he Infor

mation

Age

Heh. Goatsies.

WE APOLO

GIZE FOR TH

E

FAULT IN TH

E SUBTITLES..

T H O S E RE S P O N S I B

L E HAV E B

E E N SA C K E D

NOTABLE CYBER

EVEN

TS

Government Developed Computer Virus

Designed to disrupt the Iranian nuclear enrichment process at Natanz

Three Modes of Operation Windows Based, designed to infect

Windows systems Siemens Simatic, designed to subvert

communications between the PLC and Simatic Applications

Siemens S7 PLC Based, designed to run equipment outside of operating envelope, and conceal operating parameters from operators.

Stuxnet

is the P

rime E

xample

of a C

yber

Securit

y issu

e

affec

ting Con

trol S

ystem

s

TARGETED IRAN’S NATANZENRICHMENT FACILITY

Control Systems

Mahmoud Ahmadinejad

INFECTED PLCS BROKE CENTRIFUGES

This Runs These

Also Mahmoud Ahmadinejad

STUXNET’S GOALReduce the capability of the Iranian Government to produce

Nuclear materials It Damaged Systems It reduced quality of the product Destroyed Centrifuges

Hid itself from the operatorsPersonally, I have great sympathy for the Iranian Engineers…. I’d hate to have to go to my boss, repeatedly, and tell him my system

was f*cked up, not matter what I was doing to fix it.

This is Enriched Uranium

DANCING MONKEYS….

Super Secret Easter Egg in Siemens PLCs, Used at Natanz

found

by Dillon Beresford

IT DOESN’T HAVE TO BE STATE SPONSORED THOUGH

DIGITAL BOND’S PROJECT BASECAMP

Intended to focus attention on vulnerabilities in control system devices, to get vendors to change how insecure their devices actually were.

Full Disclosure: I work for Digital Bond

THREATPOST, 2011

Hacker pr0f gained access to, and posted pictures of the South Houston water Treatment plant.

CONCLUSIONS Control Systems run Industrial StuffThey use normal IT componentsThey don’t spend much time on security, if anyGovernments have used control systems to do bad things to

other governmentsYou can find these things on the Internet…. Bad guys can exploit this stuff over the internet.