As already explained above, the system architecture consists of lower levels of electronic hardware that comprises signal conditioners, amplifiers, isolators and so on that gather analog and digital signals coming from the plant, send it via DCS controllers to the operator stations, where they are displayed in the form of graphical user screens. The commands from the operator stations likewise travel from the operator stations, via the DCS controllers and so on until it operates a valve or a pump. Some operations are done manually while others may be done via control logic that uses the PID (Proportional Integral Derivative) or similar algorithms to sense changes in parameters and automatically adjust the outputs, so that the parameter remains near the desired value (called the set-point). This is shown in the picture below.
How did we land in this situation?
At the time that many of these systems were designed and built, the personal computer was a novelty, available only a few homes and the internet was just beginning to become popular. Over the next two decades there were several developments. The internet became commonplace, as did computers, laptops and mobile phones that were connected to the internet. Likewise, business IT systems also became modern. They moved from old mainframes running COBOL and DB2 to newer systems like SAP and Oracle based systems. The management of many of these manufacturing companies saw value in connecting these business IT systems with the older legacy control systems. Many of the business IT systems had web interfaces. However, either the managers were not informed properly, or did not budget for security of the older Control Systems. Now suddenly legacy ICS were connected to the internet and thus became vulnerable. But it was not just about systems that were directly connected to the internet.
Even those ICS that were modernized, were done so in a very superficial way. To save on upgrade costs, only the operator and engineering terminals were “upgraded” or “migrated” to better looking systems, with plant graphic displays and trends having thousands of different colors, the ability to use pointing devices like mice and the ease of having USB ports and CD and DVD drives for software backup.
This however became the achilles heel of these systems, because now malware could enter the system via these means and there was no mechanism that could detect and remove it. There have been several cases where such malware entered the ICS via uncontrolled use of USB drives, quickly leading to panic situations like blank screens, slow actions and so on, that had to lead to shutdown of the plant, associated downtime and what is worse, emergency situations where the plant had to be shut down.
These upgrades in fact, increased the attack surface of these systems because now malware could also enter the ICS via insecure serial connections, misconfigured firewalls and so on. Sometimes, the IT staff employed to maintain these systems had no idea of how fragile these Industrial Control systems really were (having little RAM and storage, not much processing power either, as compared to business IT systems) and discovered it the hard way after having inadvertently shutting them down while working on them.
Meanwhile the news that these systems were old and prone to being attacked got through the bad guys and they could now find these systems (many had insecure internet connections that could be breached). This led to many more attacks on these systems.
Why has ICS security become critical now?
There are thousands of these legacy DCS, SCADA and SIS systems that are prone to being attacked from various entities such as general cybercriminals, cryptocurrency miners, hacker-activists (called hacktivists), various terrorist groups and even rogue states. An attack on these systems can cripple critical infrastructure of any country and cause chaos and disruption. Since it will be an enormous task to replace this old insecure automation architecture, with a completely new one (such as an Industrial Internet of Things based one) is next to impossible, it has become critical to understand ICS security, carry out a risk assessment of these systems and protect them.
You can take the Abhisam Industrial Cybersecurity training course to learn about it and earn a competency certificate and badge. You can also take our help in carrying out a cyber risk assessment of your facility and then take steps, based on our recommendations to secure it.
Do contact us to know more.