This article was updated on September 12, 2019.
It’s disturbing to think that disruption and damage to our critical infrastructure can happen by simply combining the use of Open Source Software (OSS) tools with malicious intent. Fortunately, those same tools are being used by ICS security researchers around the world to increase industrial control systems cyber security.
In the article “Attackers Can Easily Find Vulnerabilities within Critical Infrastructure with OSS Tools”, published recently by SC Magazine, Nozomi Networks CTO Moreno Carullo takes a look at what security researchers are doing to find and shut down critical infrastructure vulnerabilities.
How Does Open Source Software Contribute to the ICS Cyber Security Problem?
Open source software is used everywhere. A recent report by software vendor Black Duck uncovered some eye-catching statistics:
- 96% of applications scanned during their research audit contained open source components
- 78% of the codebases examined had at least one vulnerability
- The average number of codebase vulnerabilities was 64
Because open source code is so pervasive, attackers can use one hack for many targets. In fact, Black Duck predicted that cyber attacks based on open-source related vulnerabilities would increase by 20% last year alone.
In the article “Attackers Can Easily Find Vulnerabilities Within Critical Infrastructure with OSS Tools”, Moreno discusses some of the other underlying causes of industrial control system (ICS) vulnerability, including:
- OT systems lack built-in ICS security
- Industrial protocols were not designed to provide integrity and confidentiality
He also explains how ICS security researchers around the world are leveraging OSS tools to find insecure practices and vulnerabilities, and close the door with encrypted communications and network visibility, segmentation and monitoring.
For example, Nozomi Networks researchers recently created a security testing and fuzzing tool using OSS. It was designed to automatically find vulnerabilities in proprietary protocols used by ICS devices – including PLCs, remote terminal units (RTUs), and so on.
Using only their OSS-based tool, the Nozomi Networks team quickly identified multiple zero-day vulnerabilities within the PLCs of several vendors. The tool found at least one vulnerability for each device, and also uncovered issues related to the management software in several devices.
Sharing Responsibility for Solving the Industrial Cyber Security Problem
Responsibility for securing our critical infrastructure lies with all of us, from device vendors and critical infrastructure operators to ICS cyber security researchers and solution providers.
Regulatory bodies are quickly developing guidelines and setting goals to reduce the threat. Recently, a report by the US Department of Commerce and Department of Homeland Security (DHS) highlighted the need for device makers and software providers to improve the security capabilities of IoT components and software. The report noted that while effective tools for enhancing IoT resilience exist, they aren’t yet widely used. Specifically, it recommended that IoT devices not be shipped with known security flaws, and that devices include an update mechanism to patch vulnerabilities once they are discovered.
The industrial infrastructure market is moving in the right direction to address OT cyber security risks, but it’s going to take time to close all the gaps. Fortunately, critical Infrastructure operators have access to actionable information and data about known vulnerabilities, such as ICS-CERT Alerts, malware research, mitigation briefs and Nozomi Networks’ new research paper – TRITON: The First ICS Cyber Attack on Safety Instrument Systems – Understanding the Malware Its Communications and Its OT Payload. Plus, effective solutions like Nozomi Networks Guardian are available to provide real-time OT cyber security and ICS operational visibility for their industrial control networks.
Related Content to Download
TRITON: The First ICS Cyber Attack on Safety Instrument Systems
Understanding the Malware, Its Communications and Its OT Payload
Read this paper to learn:
The innovative approach taken to reverse engineering TRITON
How our team obtained the engineering toolset and controller
The research findings, including undocumented users
How two new tools help defend against TRITON
How TRITON can be used to compromise SIS
What TRITON means for securing ICS
no registration required
- SC Magazine: Attackers Can Easily Find Vulnerabilities within Critical Infrastructure with OSS Tools
- Research Paper: TRITON: The First ICS Cyber Attack on Safety Instrument Systems
- Blog: Black Hat: Understanding TRITON, The First SIS Cyber Attack
- Blog: New TRITON ICS Malware is Bold and Important
- Blog: New TRITON Analysis Tool: Wireshark Dissector for TriStation Protocol
- Github.com: Nozomi Networks Tricotools
- Mitigation Brief: Industroyer / CrashOverride Migitation Brief