ICS Software Protection

ICS Software Protection

Peter H. Jenney (Security Innovation, USA)
DOI: 10.4018/978-1-4666-2659-1.ch009
OnDemand PDF Download:


Industrial Control System (ICS) cyber security is weak and exploitable. As evidenced by STUXNET’s attack on the Iranian Natanz1 nuclear facility in 2010 and others since global critical infrastructure is in danger of cyber attack. The problem stems from the growth of industrial management systems over three distinct generations that moved process management systems from manual to fully networked controls and sensors. In many cases the transition has been poorly managed and proper IT management techniques were not employed. In others, the software and hardware systems are so fragile that any change or unexpected access can crash or otherwise render them useless. These instabilities, both caused by poor management and weak equipment open large security holes that allow hackers to exploit critical systems with potentially disastrous results. For example, a petroleum distillery could be made to vent and burn excess gas at a time where it could potentially destroy the facility or perhaps take down entire electrical grids, inconveniencing and possibly causing significant harm.
Chapter Preview


The approach to solving the cyber security problem is to apply common IT best practices to the current ICS space and address the network and application security problems in a manner similar to that being taken by the rest of the IT industry, both commercial and military—lockdown. The application of a solution requires techniques not common to the normal IT space, specifically, industrial control systems cannot be shut down for any length of time as doing so would “break” the processing flow and potentially cause damage to that being manufactured/processed/controlled or carry an unacceptable effect on profitability. For example an oil pipeline cannot be out of service for very long before it starts to cause underflows throughout systems, and similarly, a train track switching system cannot be taken offline for and expect to transport the required daily loads.

The key to the solution is to implement a process that allows a lockdown with minimal impact to executing processes for locking down control systems using best “least privilege” IT practices, implementing virtual machines, sophisticated white listing and finally enclosing them in a secure subnet where data can only flow outwards, provides a stable and secure environment for processes can execute without fear of attack or requiring systems to be changed enough to cause unexpected failures.

Industrial control systems (ICS) provide the critical infrastructure required by nations to support their populations and economies, and to do so in a safe manner. The computing systems responsible for managing critical processes however are extremely weak from a cybersecurity perspective. ICS networks have historically relied on a common defense in depth component called Security Through Obscurity2 meaning that if the hackers didn’t know they were there, they wouldn’t be attacked3. The explicit belief is a carryover from the early days of control system technology were manual or simple electronic switching systems were enclosed in “secure” facilities with no connection to the outside world. Current control system technology relies on newer, cheaper commercial off the shelf (COTS) equipment and the transition from closed, isolated systems to open, Internet connected systems left unforeseen gaps in the perimeter, leaving them open to attack. The U.S. Industrial Control System Cyber Event Response Team (ICS-CERT)4 and many other organizations around the world have been working the past several years to raise ICS cyber security awareness, but it wasn’t until recently that the industry and public learned there was a problem. The trigger event was the discovery of STUXNET in mid 2010. STUXNET is a weaponized computer worm that was specifically targeted at the Iranian nuclear power industry. What it did was to take over certain supervisory control and data acquisition (SCADA) systems that were responsible for managing specific programmable logic controllers (PLC) that ran specific devices, in this case industrial centrifuges used in the production of nuclear fuel, and attempted to destroy them and cripple the Iranian program. While STUXNET did manage to attack the Natanz nuclear facility, it failed to do the necessary damage. Regardless, STUXNET provided the world’s general public with two critical pieces of information:

  • 1.

    Industrial Control Systems such as uranium enrichment facilities were vulnerable to attack

  • 2.

    People are out there attacking the infrastructure

From a cybersecurity professional standpoint STUXNET told of many other things including:

  • 1.

    There are serious threats to global critical infrastructure that have been and are being exploited

  • 2.

    Someone is willing to spend an enormous amount of money to create extremely sophisticated malware to exploit ICS

  • 3.

    STUXNET provides a solid template for a weaponized worm that can be copied by the general cyber hacking community

  • 4.

    There are several other similar examples5 in the wild that have been discovered though we don’t know what we don’t know and new malware can be lurking anywhere poised to attack

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Christopher Laing, Atta Badii, Paul Vickers
Chapter 1
David Brooks
Intelligent Buildings (IB) are facility-wide systems that connect, control, and monitor the plant and equipment of a facility. The aim of IB is to... Sample PDF
Security Threats and Risks of Intelligent Building Systems: Protecting Facilities from Current and Emerging Vulnerabilities
Chapter 2
Maurilio Pereira Coutinho, Germano Lambert-Torres, Luiz Eduardo Borges da Silva, Horst Lazarek, Elke Franz
Nowadays, critical infrastructure plays a fundamental role in our modern society. Telecommunication and transportation services, water and... Sample PDF
Detecting Cyber Attacks on SCADA and Other Critical Infrastructures
Chapter 3
Bill Bailey, Robert Doleman
The belief that a static alarm system will safeguard critical infrastructure without additional support mechanisms is misplaced. This complacency is... Sample PDF
Proactive Security Protection of Critical Infrastructure: A Process Driven Methodology
Chapter 4
Antony Bridges
As industrial control systems (ICSs) have been connected to wider organisational networks and the Internet, the threat from unauthorised access has... Sample PDF
Industrial Control Systems: The Human Threat
Chapter 5
Rafal Leszczyna, Elyoenai Egozcue
In 2011, the European Network and Information Security Agency (ENISA) conducted a study in the domain of Industrial Control Systems (ICS). Its... Sample PDF
ENISA Study: Challenges in Securing Industrial Control Systems
Chapter 6
Matthew Brundage, Anastasia Mavridou, James Johnson, Peter J. Hawrylak, Mauricio Papa
SCADA systems monitor and control many critical installations around the world, interpreting information gathered from a multitude of resources to... Sample PDF
Distributed Monitoring: A Framework for Securing Data Acquisition
Chapter 7
Sean Lawson
Based on an analysis of key policy documents and statements from civilian policymakers, military leaders, and cybersecurity experts, this chapter... Sample PDF
Motivating Cybersecurity: Assessing the Status of Critical Infrastructure as an Object of Cyber Threats
Chapter 8
Konstantin Knorr
Worm epidemics such as Stuxnet and Conficker have raised great interest in the public and media lately and stressed the question of how our critical... Sample PDF
Patching our Critical Infrastructure: Towards an Efficient Patch and Update Management for Industrial Control Systems
Chapter 9
ICS Software Protection  (pages 217-239)
Peter H. Jenney
Industrial Control System (ICS) cyber security is weak and exploitable. As evidenced by STUXNET’s attack on the Iranian Natanz1 nuclear facility in... Sample PDF
ICS Software Protection
Chapter 10
Ian Ellefsen, Sebastiaan von Solms
Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological... Sample PDF
A Community-Oriented Approach to CIIP in Developing Countries
Chapter 11
Eduardo E. Gelbstein
Critical Information Infrastructure Infrastructures (CII) have been recognized as potential targets for cyber-attacks since the late 1990s and many... Sample PDF
Designing a Security Audit Plan for a Critical Information Infrastructure (CII)
Chapter 12
Stig O. Johnsen
This chapter describes vulnerabilities related to safety and security in distributed process control systems integrated with information and... Sample PDF
Safety and Security in SCADA Systems Must be Improved through Resilience Based Risk Management
Chapter 13
Alan T. Murray, Tony H. Grubesic
Large scale, geospatial networks—such as the Internet, the interstate highway system, gas pipelines, and the electrical grid—are integral parts of... Sample PDF
Fortifying Large Scale, Geospatial Networks: Implications for Supervisory Control and Data Acquisition Systems
Chapter 14
Neil Robinson
This chapter describes and contrasts policy, economic theory, and insights concerning the establishment and operation of Information Exchanges (IE).... Sample PDF
Information Sharing for CIP: Between Policy, Theory, and Practice
Chapter 15
Bonnie Zhu, Shankar Sastry
Designed without cyber security in mind, most existing Supervisory Control And Data Acquisition (SCADA) systems make it a big challenge to modify... Sample PDF
Intrusion Detection and Resilient Control for SCADA Systems
About the Contributors