SlideShare a Scribd company logo

G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “SCADA safety in numbers v1.1,” Positive Technologies Security Report [Online], Boston, MA, 2012

Q
qqlan
Technology
1 of 31
Download to read offline
www.ptsecurity.ru SCADA SAFETY IN NUMBERS V1.1* Gleb Gritsai Alexander Timorin Yury Goltsev Roman Ilin Sergey Gordeychik Anton Karpin
SCADA Safety in Numbers 2 CONTENT 1. Introduction 3 2. Conclusions 4 3. Analysis of the Vulnerabilities in the ICS Systems 5 3.1. Analysis of the Vulnerabilities in the ICS Systems 5 3.2. Dynamics of Vulnerability Discovery 6 3.3. The Number of Vulnerabilities in the ICS systems of Various Vendors 7 3.4. Vulnerabilities Relating to ICS Hardware and Software Components 9 3.5. Classification of Vulnerabilities According to Their Types and Possible Consequences 10 3.6. Percentage of Fixed Vulnerabilities in ICS 11 3.7. Percentage of Vulnerabilities Fixed Promptly 13 3.8. Availability of information and software to conduct attacks 14 3.9. Number of exploits 14 3.10. Risk levels of detected vulnerabilities 15 3.11. SCADA non-fixed vulnerabilities 18 4. Popularity of ICS in the Internet 19 4.1. Frequency of ICS Systems 19 4.2. Types of ICS Systems 23 4.3. Percentage of Vulnerable and Secure ICS Systems 24 4.4. Vulnerability Types 24 4.5. Percentage of Vulnerable ICS Systems in Different Countries 25 4.6. Percentage of Vulnerable ICS Systems in Different Regions 28 5. About Positive Technologies 30
SCADA Safety in Numbers 3 1. Introduction Modern civilization is largely dependent on ICS/SCADA industrial process automation systems. The operation of nuclear power plants, hydroelectricity plants, oil and gas pipelines, and transport systems at national and world level are based on computer technology. Both the profit of a company and national security depend on control systems safety. Industry systems security gained great interest not very long ago — after a series of incidents involving particular computer viruses, Flame and Stuxnet. It was then found that special services of foreign countries, competitive companies or cyber-terrorists are able to profit from the lack of attention paid to ICS/SCADA/PLC information security. Threat modeling and imitating a potential attacker are essential in building a security system. It is necessary to understand what skills the attacker possesses and what scheme of attack may be chosen. In order to answer these questions, the experts of Positive Technologies explored ICS systems security. This report consists of 2 sections:  Statistics on Vulnerabilities in the ICS Systems;  Assessment of the Popularity of ICS on the Internet. The subject of the investigation comprises the vulnerabilities that were discovered for the period from 2005 to October 1, 2012. *In v1.1 the information on Schneider Electric (and 7-Technologies)** has been updated according to the received feedback. **Schneider Electric recently purchased 7-Technologies.
SCADA Safety in Numbers 4 2. Conclusions 1. The history of industrial system security is divided into two parts — prior to Stuxnet and afterwards. 20 times more vulnerabilities have been detected since 2010 comparing with the previous five years. 2. The number of vulnerabilities keeps on growing rapidly in 2012. The number of security flaws found within ten months is far bigger than the number of flaws found during the whole previous period starting from 2005. 3. Vulnerabilities are primarily detected in the most common products, and the major part of vendors eliminate them quite quickly. However, each fifth vulnerability wasn't fixed within 30 days from the moment of its detection. 4. About 65% of vulnerabilities are rated as of high and critical severity. This figure significantly exceeds a similar index in IT systems, which proves a low information security level of ICS systems. 5. Exploitation of each second vulnerability allows an attacker to execute arbitrary code in the target ICS system. 6. More than 40% of SCADA systems available from the Internet are vulnerable and can be hacked by poorly trained malware users. 7. The USA and Europe lead in the number of ICS systems published in the Internet and demonstrate the most thoughtless attitude towards their security comparing with other regions. 8. More than a third of security flaws of available ICS systems are caused by configuration errors, including the use of default passwords. 9. The fourth part of vulnerabilities of available ICS systems is related to the lack of necessary security updates. ICS in Figures: The number of detected vulnerabilities has increased by 20 times (since 2010). It takes more than a month to fix each fifth vulnerability. 50% of vulnerabilities allow a hacker to execute code. There are exploits for 35% of vulnerabilities. 41% of vulnerabilities are critical. More than 40% of systems available from the Internet can be hacked by unprofessional users. The third part of systems available from the Internet is located in the USA. The fourth part of vulnerabilities is related to the lack of necessary security updates. 54% and 39% of systems available from the Internet in Europe and North America respectively are vulnerable.
SCADA Safety in Numbers 5 3. Analysis of the Vulnerabilities in the ICS Systems 3.1. Research Methodology Information from different sources (e.g. vulnerability databases, vendors’ notices, exploit packs, science conference reports, articles published on specialized sites and blogs) served as a basis for the research. It was necessary to analyze this broad spectrum of sources since cooperation between the community of information security researchers and the ICS vendors is just getting started and a lot of vulnerabilities are published without the developers’ approval. The main sources used in the research Vulnerability databases:  ICS-CERT,  NVD,  CVE,  Bugtraq,  OSVDB,  Mitre Oval Repositories,  exploit-db,  Siemens Product CERT. Exploit packs:  SAINTexploit,  Metasploit Framework,  Immunity Canvas,  Agora Pack,  Agora SCADA+,  D2 Exploit Pack,  White Phosphorus exploit pack,  VulnDisco Exploit Pack. For each vulnerability discovered, the experts searched for generally available methods of exploiting the vulnerability and provided an expert evaluation of the related risks.
SCADA Safety in Numbers 6 3.2. Dynamics of Vulnerability Discovery The specialists in information security discovered only 9 vulnerabilities for the period from 2005 to early 2010. Since the computer worm Stuxnet was discovered, both information security experts and hackers have showed deep interest in the subject. As a result, 64 vulnerabilities in ICS systems were discovered by the end of 2011. Moreover, for the first 8 month of 2012, 98 vulnerabilities were announced — more than in the previous years since 2005. Tab. 1. The Number of Vulnerabilities Discovered Year Vulnerability total 2005 1 2007 3 2008 5 2010 11 2011 64 2012 98 A path from the discovery of vulnerabilities in SCADA to fixing them sometimes has to be a twisted one. During the investigation of the Stuxnet incident, it was found that one of the exploited vulnerabilities — a default password for MS SQL Server — was known long ago. It was first mentioned during the support forums in May, 2005. The passwords were published in April, 2008. The issue was fixed after the attack, in 2010.
SCADA Safety in Numbers 7 Figure 1. Dynamics of the Number of Vulnerabilities 3.3. The Number of Vulnerabilities in the ICS systems of Various Vendors The highest number of vulnerabilities for the reporting period (42) was discovered in the components of the ICS developed by Siemens. The second place goes to Schneider Electric (30 vulnerabilities); the third, to Broadwin/Advantech (22 vulnerabilities). Tab. 2. The Number of Vulnerabilities in the ICS Systems of Various Vendors Vendor Vulnerability Total Vendor Vulnerability Total Automated Solutions 2 Schweitzer Engineering Laboratories 2 WellinTech 9 RuggedCom 2 General Electric 15 Lantronix 3 Invensys Wonderware 15 Progea 3 Schneider Electric 30 ABB 3 Advantech/Broadwin 22 Sielco Sistemi 3 Siemens 42 Iconics 5 Emerson 6 Measuresoft 6 Rockwell Automation 9 Ecava 5 Emerson 6 1 3 5 11 64 98 0 20 40 60 80 100 120 2005 2007 2008 2010 2011 2012
SCADA Safety in Numbers 8 Figure 2. The Number of Vulnerabilities in the ICS Systems of Various Vendors The highest number of vulnerabilities in ICS (also true for other systems) was discovered in the most common components. Moreover, a number of vendors changed their approach from reactive to proactive and took resolute measures to find and fix vulnerabilities in their products. For instance, Siemens organized a specialized department, Siemens ProductCERT (http://www.siemens.com/corporate-technology/en/research- areas/siemens-cert-security-advisories.htm), whose main goal is to discover and fix security Automated Solutions Schweitzer Engineering Laboratories RuggedCom Lantronix Progea ABB Sielco Sistemi Iconics Measuresoft Ecava Emerson Rockwell Automation WellinTech General Electric Invensys Wonderware Advantech/Broadwin Schneider Electric Siemens 2 2 2 3 3 3 3 5 6 5 6 9 9 15 15 22 30 42
SCADA Safety in Numbers 9 issues in the company’s products. The vulnerabilities discovered by the team are also included in the general statistics; thus the number of discovered and fixed issues is increasing. 3.4. Vulnerabilities Relating to ICS Hardware and Software Components Such ICS components as SCADA systems and human machine interface (HMI) are present a significant interest for attackers: 87 and 49 vulnerabilities were discovered, respectively, in these systems. For the reporting period, the experts discovered 20 vulnerabilities in the programmable logic controllers of different vendors. Tab. 3. The Number of Vulnerabilities in Different Types of the ICS Components System Type Vulnerability Total SCADA 87 HMI 49 PLC 20 Hardware 11 Software 7 Interface/Protocol 1 87 49 20 11 7 1 SCADA HMI PLC Hardware Software Interface/Protocol
SCADA Safety in Numbers 10 Figure 3. The Number of Vulnerabilities in Different Types of ICS Component 3.5. Classification of Vulnerabilities According to Their Types and Possible Consequences Over a third of vulnerabilities (36%) are associated with the buffer overflow — an anomaly where a program overruns the buffer's boundary while writing data. This defect in security allows the attacker not only to cause premature ending of a program or freeze (which leads to denial of service), but also to execute arbitrary code in the target system. The types of vulnerability which allow the attacker to execute code (Buffer Overflow, Remote Code Execution) make up 50% of all vulnerabilities (an extremely high figure!). We should also consider the large number of problems in Authentication and Key Management — almost 23%. Tab. 4. Classification of Vulnerabilities in ICS According to Type Vulnerability Type Vulnerability Percentage, % Buffer Overflow 36 Remote Code Execution 13,14 Web (client-side) 9,14 Web (server-side) 10,86 Local Privilege Escalation 2,29 DoS/Data Integrity 5,71 Authentication / Key Management 22,86 The recent rapid growth of the vulnerabilities discovered in ICS is caused by the ethical hackers getting involved in the process. The Positive Research Center experts discovered more than 50 vulnerabilities in different products in 2012, the most part of which has already been fixed by the vendors. A lot of work in coordination of the vulnerability fixing process is carried out by ICS CERT.
SCADA Safety in Numbers 11 Figure 4. Classification of Vulnerabilities in ICS According to Type 3.6. Percentage of Fixed Vulnerabilities in ICS A display of fixed vulnerabilities percentage gives a clear view on how serious ICS vendors are about information security issues. For instance, Siemens fixed and released patches for 88% of vulnerabilities, while ABB fixed only 67% of security defects. Tab. 5. Percentage of Fixed Vulnerabilities in ICS Vendor Fixed, % Schneider Electric 93 Advantech/Broadwin 91 WellinTech 89 Siemens 88 General Electric 80 Rockwell Automation 78 ABB 67 Lantronix — Schweitzer Engineering Laboratories — Total 84 36% 13%9% 11% 2% 6% 23% Buffer Overflow Remote Code Execution Web (client-side) Web (server-side) Local Privilege Escalation DoS/Data Integrity Authentication / Key Management
SCADA Safety in Numbers 12 Figure 5. Percentage of Fixed Vulnerabilities in ICS 7% 9% 11% 12% 16% 20% 22% 33% 100% 100% 93% 91% 89% 88% 84% 80% 78% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Unfixed Fixed
SCADA Safety in Numbers 13 3.7. Percentage of Vulnerabilities Fixed Promptly Most security defects (81%) have been fixed rather efficiently by ICS component vendors before they became widely known or within 30 days of uncoordinated disclosure. Approximately every fifth vulnerability was fixed with a significant delay, or was even not fixed in certain cases. Figure 6. Percentage of Vulnerabilities Fixed Promptly 19% 81% Vulnerabilities not Fixed Within 30 Days Vulnerabilities Fixed Promptly August 2010 note US-CERT VU#362332 was published; it reported on a dangerous vulnerability in the real-time system VxWorks, which is used in industry systems. According to HD Moore, he discovered more than 250,000 vulnerable systems which were accessible through the Internet.
SCADA Safety in Numbers 14 3.8. Availability of information and software to conduct attacks If there are ready-to-use tools to exploit the vulnerability in the public domain, it is much more possible that the attack will be conducted successfully. Now for 35% of all known SCADA vulnerabilities exploits have been issued, which are available as single utilities, parts of penetration testing software or are described in security bulletins. Figure 7. Part of vulnerabilities that have exploits Please note that 35% is rather a high value for the number of available SCADA exploits: it is several times higher than the corresponding rate for IT systems as a whole. 3.9. Number of exploits As a rule, the number of detected vulnerabilities correlates with the number of published exploits. 50 exploits were published starting in 2011 and up to September 2012: this is six times greater than the corresponding rate for the period 2005 - 2010. Tab. 6. Number of published exploits Year Number of exploits 2008 2 2010 6 2011 30 65% 35% No exploit exists Exploit exists
SCADA Safety in Numbers 15 2012 20 Figure 1. Number of published exploits The number of exploits published in 2012 is rather small. There are two possible reasons:  Relationships between SCADA vendors and explorers are put in order: responsible disclosure policy is used;  There is a clear lag between the publication of vulnerability details and the publication of exploits (certain costs are incurred to develop exploitation tools). 3.10. Risk levels of detected vulnerabilities A great number of vulnerabilities (about 65%) are of high or critical level1 . 1 Vulnerabilities of high level have CVSS v2 Base Score value > 6,5. Vulnerabilities of critical level are vulnerabilities of high level with known exploits. 2008 2010 2011 2012 2 6 30 20
SCADA Safety in Numbers 16 Figure 2. Vulnerabilities by risk level The most dangerous are critical vulnerabilities (with published exploits). Tab. 7. ICS vulnerabilties by risk level Critical, % High, % Medium, % Low, % SEL — 50 50 — Lantronix — 33 33 33 Emerson — 40 40 20 Invensys Wonderware — 47 40 13 Rockwell Automation 11 56 33 — Siemens 14 42 31 14 General Electric 20 67 7 7 Advantech/Broadwin 23 45 23 9 ABB 33 67 — — Ecava 33 17 33 17 Schneider Electric 40 20 27 13 Measuresoft 40 40 20 — Iconics 40 40 — 20 Automated Solutions 50 50 — — WellinTech 56 33 11 — Progea 67 33 — — Sielco Sistemi 67 33 — — RuggedCom 100 — — — 10% 24% 41% 25% Low Medium High Critical
SCADA Safety in Numbers 17 Figure 3. ICS vulnerabilties by risk level If there are no methods to conduct the attack, the possibility that SCADA components by SEL, Lantronix, Emerson and Invensys will be attacked is lower, but is not ruled out. As a rule, an attack against an industrial enterprise is a kind of multi-move game played by experienced experts who do not need “exploit packs” and other tools intended for “ordinary” hackers. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Critical High Medium Low Information about the ICS accessible through the Internet is being published constantly on Twitter @ntisec. More than 2,000 SCADA IP addresses located in different regions over the world have once been posted on Pastebin.com
SCADA Safety in Numbers 18 3.11. ICS non-fixed vulnerabilities Vulnerabilities for which there are already means of attack, but no means of resistance, provide the greatest risk. If there is a vulnerability and a fix has not been issued, the risk that the system can be compromised is rather high, as an attacker does not need deep knowledge and a protracted period to prepare for the attack. Moreover, the attack can be conducted by hooligans. The most grievous situation concerns General Electric SCADA components, where 3 vulnerabilities were detected. The second place goes to Schneider Electric (2 vulnerabilities); the third and fourth places are between Advantech/Broadwin and Rockwell Automation, with one open vulnerability. Tab. 8. Number of SCADA non-fixed vulnerabilities with exploits Vendor Number of vulnerabilities Advantech/Broadwin 1 Rockwell Automation 1 Schneider Electric 2 General Electric 3 1 1 2 3
SCADA Safety in Numbers 19 Figure 4. Number of SCADA non-fixed vulnerabilities with exploits 4. Popularity of ICS in the Internet To understand to what extent the vulnerabilities described above can be used by an attacker, the Internet has been assessed in relation to vulnerable ICS. Passive analysis together with search engines (Google, Yahoo, Bing) and specialized databases such as ShodanHQ, Every Routable IP Project were employed to search and check system versions. The obtained information was analyzed from the point of view of vulnerabilities related to configuration management and updates installation. Unfortunately, the passive technique cannot be reliable in identifying all detected vulnerabilities, that is why the major part of the information in this section should be considered as a positive script: in case of a detailed analysis, the number of detected vulnerabilities will certainly increase. 4.1. Frequency of ICS Systems Almost the third part of the ICS systems, which elements can be accessed from the Internet, are located in the USA (31.3%). Italy follows far behind (6.8%), South Korea rounds out the top three (6.2%). Russia holds the 12th place with 2.3%, and only 1.1% of ICS systems available from the global network are located in China. Table 12. ICS Allocation by Countries Country ICS, % Country ICS, % USA 31.3 Netherlands 2.5 Italy 6.8 Russian Federation 2.3 South Korea 6.2 Spain 2.3 Canada 5.6 Austria 1.7 India 4.8 Finland 1.7 Czech Republic 3.9 Sweden 1.7 France 3.9 Switzerland 1.7 Poland 3.1 Great Britain 1.4 Germany 2.8 China 1.1
SCADA Safety in Numbers 20 Taiwan 2.8 Other countries 12.4 Fig. 12. ICS Allocation by Countries 31.3% 6.8% 6.2% 5.6% 4.8% 3.9% 3.9% 3.1% 2.8% 2.8% 2.5% 2.3% 2.3% 1.7% 1.7% 1.7% 1.7% 1.4% 1.1% 0% 5% 10% 15% 20% 25% 30% 35% United States Italy Korea Canada India Czech Republic France Poland Germany Taiwan Netherlands Russian Federation Spain Austria Finland Sweden Switzerland United Kingdom China
SCADA Safety in Numbers 21 Fig. 13. ICS Allocation by Countries The ICS components available from the Internet are concentrated in the European region (41.41%) despite the modest numbers in individual countries. South America lags behind the Old World (37.46%), Asia holds the third place (12.39%). Table 13. ICS Allocation by Regions Region ICS, % Europe 41.41 North America 37.46 Asia 12.39 India 4.79 MEA 2 2.82 South America 1.13 2 Middle East and Africa
SCADA Safety in Numbers 22 Fig. 14. ICS Allocation by Regions Fig. 15. ICS Allocation in Europe 41.41% 37.46% 12.39% 4.79% 2.82% 1.13% Europe North America Asia India MEA South America
SCADA Safety in Numbers 23 These results can be anticipated, because the number of available systems directly depends on the degree of infrastructure automation. 4.2. Types of ICS Systems Most often the global network contains various SCADA components including HMI. They account for 70% of all detected objects. Another 27% of the ICS components are programmable logic controllers. Various network devices used in ICS networks (referred to as the Hardware in the following table) were detected in 3% of cases. Table 14. ICS Components Type World Percentage, % Hardware 3 HMI 27 PLC 27 SCADA 12 SCADA/HMI 31 Fig. 16. Types of ICS Systems 3% 27% 27% 12% 31% Hardware HMI PLC SCADA SCADA/HMI
SCADA Safety in Numbers 24 4.3. Percentage of Vulnerable and Secure ICS Systems At least 42% of ICS systems available from the Internet contain vulnerabilities, which can be easily exploited by an attacker. Almost the same number of systems (41%) are exposed to risk, but as it was mentioned above passive analysis is far from being reliable in identifying vulnerabilities detected in them. Therefore, a significant part of vulnerable ICS systems may hide in this unreachable area. The systems, which were proved secure in the course of the research, comprise only 17%. Table 15. Percentage of Vulnerable and Secure ICS Systems System Status World Percentage, % Secure 17 Unknown status 41 Vulnerable 42 Fig. 17. Percentage of Vulnerable and Secure ICS Systems 4.4. Vulnerability Types Security flaws related to configuration errors being the most common vulnerabilities were detected in 36% of cases. They include an incorrect password policy (as well as the use of default passwords), access to sensitive information, wrong restriction of user rights, and 17% 41% 42% Secure Unknown Status Vulnerable
SCADA Safety in Numbers 25 etc. The fourth part of vulnerabilities (25.35%) is connected with the lack of necessary security updates. Table 16. Vulnerability Types Vulnerability Type World Percentage, % Complex 41.97 Configuration errors 36.06 Patch management 25.35 Fig. 18. Vulnerability Types 4.5. Percentage of Vulnerable ICS Systems in Different Countries Switzerland contains the major part of vulnerable ICS systems available from the Internet. All similar systems are vulnerable in this country. The second place belongs to the Complex Configuration Errors Patch Management 41.97% 36.06% 25.35%
SCADA Safety in Numbers 26 Czech Republic (86%), the third — to Sweden (67%)3 . Exactly the half (50%) of ICS systems available from the Internet are vulnerable in Russia. Table 17. Percentage of Vulnerable ICS Systems in Different Countries Country Vulnerable ICS, % Switzerland 100 Czech Republic 86 Sweden 67 Spain 63 Taiwan 60 United Kingdom 60 Russian Federation 50 Finland 50 Italy 42 United States 41 Poland 36 France 36 Netherlands 33 Austria 33 Korea 32 Canada 25 Germany 20 India — China — 3 Table 17 and picture 19 shows countries with a considerable number of SCADA systems available from the Internet.
SCADA Safety in Numbers 27 Fig. 19. Percentage of Vulnerable ICS Systems in Different Countries 0% 20% 40% 60% 80% 100% Switzerland Czech Republic Sweden Spain Taiwan United Kingdom Russian Federation Finland Italy United States Poland France Netherlands Austria Korea Canada Germany Secure ICS Vulnerable ICS
SCADA Safety in Numbers 28 Fig. 20. Percentage of Vulnerable ICS Systems in Different Countries 4.6. Percentage of Vulnerable ICS Systems in Different Regions Europe pays the least attention to the issues of the ICS information security — 54% of industrial automation systems located in this region are vulnerable and can be attacked remotely. South America is the second (39%), the third is Asia, where, as it is clear from the previous section, insecure objects in Taiwan and South Korea are of the essence. Table 18. Percentage of Vulnerable ICS Systems in Different Regions Region Vulnerable ICS, % Europe 54 North America 39 Asia 32 MEA 30 India — South America —
SCADA Safety in Numbers 29 Fig. 21. Percentage of Vulnerable ICS Systems in Different Regions 0% 10% 20% 30% 40% 50% 60% Europe North America Asia MEA 54% 39% 32% 30%
SCADA Safety in Numbers 30 5. About Positive Technologies Positive Technologies is at the cutting edge of IT Security. A specialist developer of IT Security products, Positive Technologies has over a decade of experience in detecting and managing vulnerabilities in IT systems. The company has been named one of the top ten worldwide vendors of Vulnerability Assessment systems and is among the top five fastest-growing firms in Security & Vulnerability Management globally* Positive Technologies has more than 300 employees at its offices and research centres in London, Rome, Moscow, Seoul and Tunis. Its technology partners include IBM, Oracle, Cisco, Microsoft and HP. Positive Technologies’ innovation division, Positive Research, is one of the largest security research facilities in Europe. Our experts work alongside industry bodies, regulators and universities to advance knowledge in the field of information security and to apply this analysis to improving the company’s products and services. The centre carries out research, design and analytical works, threat and vulnerability analysis and error elimination. Since 2004, Positive Research has helped global manufacturers including Microsoft, Cisco, Google, Avaya, Citrix, VMware and Trend Micro to eliminate hundreds of vulnerabilities and defects that threatened the safety of their systems. *Source: Market intelligence firm IDC’s report “Worldwide Security and Vulnerability Management Forecast for 2012-2016”
SCADA Safety in Numbers 31

Recommended

IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013qqlan
 
Functional Safety and Security process alignment
Functional Safety and Security process alignmentFunctional Safety and Security process alignment
Functional Safety and Security process alignmentAlan Tatourian
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systemsAlan Tatourian
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Research of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortResearch of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortFrancis Yang
 

Recommended

IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013qqlan
 
Functional Safety and Security process alignment
Functional Safety and Security process alignmentFunctional Safety and Security process alignment
Functional Safety and Security process alignmentAlan Tatourian
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systemsAlan Tatourian
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Research of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortResearch of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortFrancis Yang
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012James Collinge, CISSP
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?Alan Tatourian
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureAlan Tatourian
 
Paper4
Paper4Paper4
Paper4Kestone
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscapebayshorenet
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor FiorimTI Safe
 
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...qqlan
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychikqqlan
 
Security Metrix
Security MetrixSecurity Metrix
Security Metrixqqlan
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloudqqlan
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПqqlan
 

More Related Content

What's hot

Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?Alan Tatourian
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureAlan Tatourian
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscapebayshorenet
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor FiorimTI Safe
 

What's hot (16)

SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
 
How to Audit
How to AuditHow to Audit
How to Audit
 
Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructure
 
Paper4
Paper4Paper4
Paper4
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscape
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System Hack
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
 

Viewers also liked

ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...qqlan
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychikqqlan
 
Security Metrix
Security MetrixSecurity Metrix
Security Metrixqqlan
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloudqqlan
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПqqlan
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2qqlan
 

Viewers also liked (7)

ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychik
 
Security Metrix
Security MetrixSecurity Metrix
Security Metrix
 
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the CloudKaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТПМиссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТП
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
 

Similar to G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “SCADA safety in numbers v1.1,” Positive Technologies Security Report [Online], Boston, MA, 2012

Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCourtney Brock Rabon, MBA
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malwareAyed Al Qartah
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Yokogawa
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 

Similar to G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “SCADA safety in numbers v1.1,” Positive Technologies Security Report [Online], Boston, MA, 2012 (20)

Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
 
chile-2015 (2)
chile-2015 (2)chile-2015 (2)
chile-2015 (2)
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart grids
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malware
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
 

More from qqlan

SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]qqlan
 
Pt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещениеPt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещениеqqlan
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCSCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCqqlan
 
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmFirebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmqqlan
 
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already knowSCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already knowqqlan
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCqqlan
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureqqlan
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems qqlan
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspectorqqlan
 
Database honeypot by design
Database honeypot by designDatabase honeypot by design
Database honeypot by designqqlan
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspectorqqlan
 
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data RetrievalBlack Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrievalqqlan
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guideqqlan
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3qqlan
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheetqqlan
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guideqqlan
 
From ERP to SCADA and back
From ERP to SCADA and backFrom ERP to SCADA and back
From ERP to SCADA and backqqlan
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSSqqlan
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 

More from qqlan (20)

SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
 
Pt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещениеPt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещение
 
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHCSCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHC
 
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfmFirebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
 
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already knowSCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already know
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Database honeypot by design
Database honeypot by designDatabase honeypot by design
Database honeypot by design
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data RetrievalBlack Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrieval
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
 
Positive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening GuidePositive Technologies WinCC Security Hardening Guide
Positive Technologies WinCC Security Hardening Guide
 
From ERP to SCADA and back
From ERP to SCADA and backFrom ERP to SCADA and back
From ERP to SCADA and back
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSS
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “SCADA safety in numbers v1.1,” Positive Technologies Security Report [Online], Boston, MA, 2012

  • 1. www.ptsecurity.ru SCADA SAFETY IN NUMBERS V1.1* Gleb Gritsai Alexander Timorin Yury Goltsev Roman Ilin Sergey Gordeychik Anton Karpin
  • 2. SCADA Safety in Numbers 2 CONTENT 1. Introduction 3 2. Conclusions 4 3. Analysis of the Vulnerabilities in the ICS Systems 5 3.1. Analysis of the Vulnerabilities in the ICS Systems 5 3.2. Dynamics of Vulnerability Discovery 6 3.3. The Number of Vulnerabilities in the ICS systems of Various Vendors 7 3.4. Vulnerabilities Relating to ICS Hardware and Software Components 9 3.5. Classification of Vulnerabilities According to Their Types and Possible Consequences 10 3.6. Percentage of Fixed Vulnerabilities in ICS 11 3.7. Percentage of Vulnerabilities Fixed Promptly 13 3.8. Availability of information and software to conduct attacks 14 3.9. Number of exploits 14 3.10. Risk levels of detected vulnerabilities 15 3.11. SCADA non-fixed vulnerabilities 18 4. Popularity of ICS in the Internet 19 4.1. Frequency of ICS Systems 19 4.2. Types of ICS Systems 23 4.3. Percentage of Vulnerable and Secure ICS Systems 24 4.4. Vulnerability Types 24 4.5. Percentage of Vulnerable ICS Systems in Different Countries 25 4.6. Percentage of Vulnerable ICS Systems in Different Regions 28 5. About Positive Technologies 30
  • 3. SCADA Safety in Numbers 3 1. Introduction Modern civilization is largely dependent on ICS/SCADA industrial process automation systems. The operation of nuclear power plants, hydroelectricity plants, oil and gas pipelines, and transport systems at national and world level are based on computer technology. Both the profit of a company and national security depend on control systems safety. Industry systems security gained great interest not very long ago — after a series of incidents involving particular computer viruses, Flame and Stuxnet. It was then found that special services of foreign countries, competitive companies or cyber-terrorists are able to profit from the lack of attention paid to ICS/SCADA/PLC information security. Threat modeling and imitating a potential attacker are essential in building a security system. It is necessary to understand what skills the attacker possesses and what scheme of attack may be chosen. In order to answer these questions, the experts of Positive Technologies explored ICS systems security. This report consists of 2 sections:  Statistics on Vulnerabilities in the ICS Systems;  Assessment of the Popularity of ICS on the Internet. The subject of the investigation comprises the vulnerabilities that were discovered for the period from 2005 to October 1, 2012. *In v1.1 the information on Schneider Electric (and 7-Technologies)** has been updated according to the received feedback. **Schneider Electric recently purchased 7-Technologies.
  • 4. SCADA Safety in Numbers 4 2. Conclusions 1. The history of industrial system security is divided into two parts — prior to Stuxnet and afterwards. 20 times more vulnerabilities have been detected since 2010 comparing with the previous five years. 2. The number of vulnerabilities keeps on growing rapidly in 2012. The number of security flaws found within ten months is far bigger than the number of flaws found during the whole previous period starting from 2005. 3. Vulnerabilities are primarily detected in the most common products, and the major part of vendors eliminate them quite quickly. However, each fifth vulnerability wasn't fixed within 30 days from the moment of its detection. 4. About 65% of vulnerabilities are rated as of high and critical severity. This figure significantly exceeds a similar index in IT systems, which proves a low information security level of ICS systems. 5. Exploitation of each second vulnerability allows an attacker to execute arbitrary code in the target ICS system. 6. More than 40% of SCADA systems available from the Internet are vulnerable and can be hacked by poorly trained malware users. 7. The USA and Europe lead in the number of ICS systems published in the Internet and demonstrate the most thoughtless attitude towards their security comparing with other regions. 8. More than a third of security flaws of available ICS systems are caused by configuration errors, including the use of default passwords. 9. The fourth part of vulnerabilities of available ICS systems is related to the lack of necessary security updates. ICS in Figures: The number of detected vulnerabilities has increased by 20 times (since 2010). It takes more than a month to fix each fifth vulnerability. 50% of vulnerabilities allow a hacker to execute code. There are exploits for 35% of vulnerabilities. 41% of vulnerabilities are critical. More than 40% of systems available from the Internet can be hacked by unprofessional users. The third part of systems available from the Internet is located in the USA. The fourth part of vulnerabilities is related to the lack of necessary security updates. 54% and 39% of systems available from the Internet in Europe and North America respectively are vulnerable.
  • 5. SCADA Safety in Numbers 5 3. Analysis of the Vulnerabilities in the ICS Systems 3.1. Research Methodology Information from different sources (e.g. vulnerability databases, vendors’ notices, exploit packs, science conference reports, articles published on specialized sites and blogs) served as a basis for the research. It was necessary to analyze this broad spectrum of sources since cooperation between the community of information security researchers and the ICS vendors is just getting started and a lot of vulnerabilities are published without the developers’ approval. The main sources used in the research Vulnerability databases:  ICS-CERT,  NVD,  CVE,  Bugtraq,  OSVDB,  Mitre Oval Repositories,  exploit-db,  Siemens Product CERT. Exploit packs:  SAINTexploit,  Metasploit Framework,  Immunity Canvas,  Agora Pack,  Agora SCADA+,  D2 Exploit Pack,  White Phosphorus exploit pack,  VulnDisco Exploit Pack. For each vulnerability discovered, the experts searched for generally available methods of exploiting the vulnerability and provided an expert evaluation of the related risks.
  • 6. SCADA Safety in Numbers 6 3.2. Dynamics of Vulnerability Discovery The specialists in information security discovered only 9 vulnerabilities for the period from 2005 to early 2010. Since the computer worm Stuxnet was discovered, both information security experts and hackers have showed deep interest in the subject. As a result, 64 vulnerabilities in ICS systems were discovered by the end of 2011. Moreover, for the first 8 month of 2012, 98 vulnerabilities were announced — more than in the previous years since 2005. Tab. 1. The Number of Vulnerabilities Discovered Year Vulnerability total 2005 1 2007 3 2008 5 2010 11 2011 64 2012 98 A path from the discovery of vulnerabilities in SCADA to fixing them sometimes has to be a twisted one. During the investigation of the Stuxnet incident, it was found that one of the exploited vulnerabilities — a default password for MS SQL Server — was known long ago. It was first mentioned during the support forums in May, 2005. The passwords were published in April, 2008. The issue was fixed after the attack, in 2010.
  • 7. SCADA Safety in Numbers 7 Figure 1. Dynamics of the Number of Vulnerabilities 3.3. The Number of Vulnerabilities in the ICS systems of Various Vendors The highest number of vulnerabilities for the reporting period (42) was discovered in the components of the ICS developed by Siemens. The second place goes to Schneider Electric (30 vulnerabilities); the third, to Broadwin/Advantech (22 vulnerabilities). Tab. 2. The Number of Vulnerabilities in the ICS Systems of Various Vendors Vendor Vulnerability Total Vendor Vulnerability Total Automated Solutions 2 Schweitzer Engineering Laboratories 2 WellinTech 9 RuggedCom 2 General Electric 15 Lantronix 3 Invensys Wonderware 15 Progea 3 Schneider Electric 30 ABB 3 Advantech/Broadwin 22 Sielco Sistemi 3 Siemens 42 Iconics 5 Emerson 6 Measuresoft 6 Rockwell Automation 9 Ecava 5 Emerson 6 1 3 5 11 64 98 0 20 40 60 80 100 120 2005 2007 2008 2010 2011 2012
  • 8. SCADA Safety in Numbers 8 Figure 2. The Number of Vulnerabilities in the ICS Systems of Various Vendors The highest number of vulnerabilities in ICS (also true for other systems) was discovered in the most common components. Moreover, a number of vendors changed their approach from reactive to proactive and took resolute measures to find and fix vulnerabilities in their products. For instance, Siemens organized a specialized department, Siemens ProductCERT (http://www.siemens.com/corporate-technology/en/research- areas/siemens-cert-security-advisories.htm), whose main goal is to discover and fix security Automated Solutions Schweitzer Engineering Laboratories RuggedCom Lantronix Progea ABB Sielco Sistemi Iconics Measuresoft Ecava Emerson Rockwell Automation WellinTech General Electric Invensys Wonderware Advantech/Broadwin Schneider Electric Siemens 2 2 2 3 3 3 3 5 6 5 6 9 9 15 15 22 30 42
  • 9. SCADA Safety in Numbers 9 issues in the company’s products. The vulnerabilities discovered by the team are also included in the general statistics; thus the number of discovered and fixed issues is increasing. 3.4. Vulnerabilities Relating to ICS Hardware and Software Components Such ICS components as SCADA systems and human machine interface (HMI) are present a significant interest for attackers: 87 and 49 vulnerabilities were discovered, respectively, in these systems. For the reporting period, the experts discovered 20 vulnerabilities in the programmable logic controllers of different vendors. Tab. 3. The Number of Vulnerabilities in Different Types of the ICS Components System Type Vulnerability Total SCADA 87 HMI 49 PLC 20 Hardware 11 Software 7 Interface/Protocol 1 87 49 20 11 7 1 SCADA HMI PLC Hardware Software Interface/Protocol
  • 10. SCADA Safety in Numbers 10 Figure 3. The Number of Vulnerabilities in Different Types of ICS Component 3.5. Classification of Vulnerabilities According to Their Types and Possible Consequences Over a third of vulnerabilities (36%) are associated with the buffer overflow — an anomaly where a program overruns the buffer's boundary while writing data. This defect in security allows the attacker not only to cause premature ending of a program or freeze (which leads to denial of service), but also to execute arbitrary code in the target system. The types of vulnerability which allow the attacker to execute code (Buffer Overflow, Remote Code Execution) make up 50% of all vulnerabilities (an extremely high figure!). We should also consider the large number of problems in Authentication and Key Management — almost 23%. Tab. 4. Classification of Vulnerabilities in ICS According to Type Vulnerability Type Vulnerability Percentage, % Buffer Overflow 36 Remote Code Execution 13,14 Web (client-side) 9,14 Web (server-side) 10,86 Local Privilege Escalation 2,29 DoS/Data Integrity 5,71 Authentication / Key Management 22,86 The recent rapid growth of the vulnerabilities discovered in ICS is caused by the ethical hackers getting involved in the process. The Positive Research Center experts discovered more than 50 vulnerabilities in different products in 2012, the most part of which has already been fixed by the vendors. A lot of work in coordination of the vulnerability fixing process is carried out by ICS CERT.
  • 11. SCADA Safety in Numbers 11 Figure 4. Classification of Vulnerabilities in ICS According to Type 3.6. Percentage of Fixed Vulnerabilities in ICS A display of fixed vulnerabilities percentage gives a clear view on how serious ICS vendors are about information security issues. For instance, Siemens fixed and released patches for 88% of vulnerabilities, while ABB fixed only 67% of security defects. Tab. 5. Percentage of Fixed Vulnerabilities in ICS Vendor Fixed, % Schneider Electric 93 Advantech/Broadwin 91 WellinTech 89 Siemens 88 General Electric 80 Rockwell Automation 78 ABB 67 Lantronix — Schweitzer Engineering Laboratories — Total 84 36% 13%9% 11% 2% 6% 23% Buffer Overflow Remote Code Execution Web (client-side) Web (server-side) Local Privilege Escalation DoS/Data Integrity Authentication / Key Management
  • 12. SCADA Safety in Numbers 12 Figure 5. Percentage of Fixed Vulnerabilities in ICS 7% 9% 11% 12% 16% 20% 22% 33% 100% 100% 93% 91% 89% 88% 84% 80% 78% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Unfixed Fixed
  • 13. SCADA Safety in Numbers 13 3.7. Percentage of Vulnerabilities Fixed Promptly Most security defects (81%) have been fixed rather efficiently by ICS component vendors before they became widely known or within 30 days of uncoordinated disclosure. Approximately every fifth vulnerability was fixed with a significant delay, or was even not fixed in certain cases. Figure 6. Percentage of Vulnerabilities Fixed Promptly 19% 81% Vulnerabilities not Fixed Within 30 Days Vulnerabilities Fixed Promptly August 2010 note US-CERT VU#362332 was published; it reported on a dangerous vulnerability in the real-time system VxWorks, which is used in industry systems. According to HD Moore, he discovered more than 250,000 vulnerable systems which were accessible through the Internet.
  • 14. SCADA Safety in Numbers 14 3.8. Availability of information and software to conduct attacks If there are ready-to-use tools to exploit the vulnerability in the public domain, it is much more possible that the attack will be conducted successfully. Now for 35% of all known SCADA vulnerabilities exploits have been issued, which are available as single utilities, parts of penetration testing software or are described in security bulletins. Figure 7. Part of vulnerabilities that have exploits Please note that 35% is rather a high value for the number of available SCADA exploits: it is several times higher than the corresponding rate for IT systems as a whole. 3.9. Number of exploits As a rule, the number of detected vulnerabilities correlates with the number of published exploits. 50 exploits were published starting in 2011 and up to September 2012: this is six times greater than the corresponding rate for the period 2005 - 2010. Tab. 6. Number of published exploits Year Number of exploits 2008 2 2010 6 2011 30 65% 35% No exploit exists Exploit exists
  • 15. SCADA Safety in Numbers 15 2012 20 Figure 1. Number of published exploits The number of exploits published in 2012 is rather small. There are two possible reasons:  Relationships between SCADA vendors and explorers are put in order: responsible disclosure policy is used;  There is a clear lag between the publication of vulnerability details and the publication of exploits (certain costs are incurred to develop exploitation tools). 3.10. Risk levels of detected vulnerabilities A great number of vulnerabilities (about 65%) are of high or critical level1 . 1 Vulnerabilities of high level have CVSS v2 Base Score value > 6,5. Vulnerabilities of critical level are vulnerabilities of high level with known exploits. 2008 2010 2011 2012 2 6 30 20
  • 16. SCADA Safety in Numbers 16 Figure 2. Vulnerabilities by risk level The most dangerous are critical vulnerabilities (with published exploits). Tab. 7. ICS vulnerabilties by risk level Critical, % High, % Medium, % Low, % SEL — 50 50 — Lantronix — 33 33 33 Emerson — 40 40 20 Invensys Wonderware — 47 40 13 Rockwell Automation 11 56 33 — Siemens 14 42 31 14 General Electric 20 67 7 7 Advantech/Broadwin 23 45 23 9 ABB 33 67 — — Ecava 33 17 33 17 Schneider Electric 40 20 27 13 Measuresoft 40 40 20 — Iconics 40 40 — 20 Automated Solutions 50 50 — — WellinTech 56 33 11 — Progea 67 33 — — Sielco Sistemi 67 33 — — RuggedCom 100 — — — 10% 24% 41% 25% Low Medium High Critical
  • 17. SCADA Safety in Numbers 17 Figure 3. ICS vulnerabilties by risk level If there are no methods to conduct the attack, the possibility that SCADA components by SEL, Lantronix, Emerson and Invensys will be attacked is lower, but is not ruled out. As a rule, an attack against an industrial enterprise is a kind of multi-move game played by experienced experts who do not need “exploit packs” and other tools intended for “ordinary” hackers. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Critical High Medium Low Information about the ICS accessible through the Internet is being published constantly on Twitter @ntisec. More than 2,000 SCADA IP addresses located in different regions over the world have once been posted on Pastebin.com
  • 18. SCADA Safety in Numbers 18 3.11. ICS non-fixed vulnerabilities Vulnerabilities for which there are already means of attack, but no means of resistance, provide the greatest risk. If there is a vulnerability and a fix has not been issued, the risk that the system can be compromised is rather high, as an attacker does not need deep knowledge and a protracted period to prepare for the attack. Moreover, the attack can be conducted by hooligans. The most grievous situation concerns General Electric SCADA components, where 3 vulnerabilities were detected. The second place goes to Schneider Electric (2 vulnerabilities); the third and fourth places are between Advantech/Broadwin and Rockwell Automation, with one open vulnerability. Tab. 8. Number of SCADA non-fixed vulnerabilities with exploits Vendor Number of vulnerabilities Advantech/Broadwin 1 Rockwell Automation 1 Schneider Electric 2 General Electric 3 1 1 2 3
  • 19. SCADA Safety in Numbers 19 Figure 4. Number of SCADA non-fixed vulnerabilities with exploits 4. Popularity of ICS in the Internet To understand to what extent the vulnerabilities described above can be used by an attacker, the Internet has been assessed in relation to vulnerable ICS. Passive analysis together with search engines (Google, Yahoo, Bing) and specialized databases such as ShodanHQ, Every Routable IP Project were employed to search and check system versions. The obtained information was analyzed from the point of view of vulnerabilities related to configuration management and updates installation. Unfortunately, the passive technique cannot be reliable in identifying all detected vulnerabilities, that is why the major part of the information in this section should be considered as a positive script: in case of a detailed analysis, the number of detected vulnerabilities will certainly increase. 4.1. Frequency of ICS Systems Almost the third part of the ICS systems, which elements can be accessed from the Internet, are located in the USA (31.3%). Italy follows far behind (6.8%), South Korea rounds out the top three (6.2%). Russia holds the 12th place with 2.3%, and only 1.1% of ICS systems available from the global network are located in China. Table 12. ICS Allocation by Countries Country ICS, % Country ICS, % USA 31.3 Netherlands 2.5 Italy 6.8 Russian Federation 2.3 South Korea 6.2 Spain 2.3 Canada 5.6 Austria 1.7 India 4.8 Finland 1.7 Czech Republic 3.9 Sweden 1.7 France 3.9 Switzerland 1.7 Poland 3.1 Great Britain 1.4 Germany 2.8 China 1.1
  • 20. SCADA Safety in Numbers 20 Taiwan 2.8 Other countries 12.4 Fig. 12. ICS Allocation by Countries 31.3% 6.8% 6.2% 5.6% 4.8% 3.9% 3.9% 3.1% 2.8% 2.8% 2.5% 2.3% 2.3% 1.7% 1.7% 1.7% 1.7% 1.4% 1.1% 0% 5% 10% 15% 20% 25% 30% 35% United States Italy Korea Canada India Czech Republic France Poland Germany Taiwan Netherlands Russian Federation Spain Austria Finland Sweden Switzerland United Kingdom China
  • 21. SCADA Safety in Numbers 21 Fig. 13. ICS Allocation by Countries The ICS components available from the Internet are concentrated in the European region (41.41%) despite the modest numbers in individual countries. South America lags behind the Old World (37.46%), Asia holds the third place (12.39%). Table 13. ICS Allocation by Regions Region ICS, % Europe 41.41 North America 37.46 Asia 12.39 India 4.79 MEA 2 2.82 South America 1.13 2 Middle East and Africa
  • 22. SCADA Safety in Numbers 22 Fig. 14. ICS Allocation by Regions Fig. 15. ICS Allocation in Europe 41.41% 37.46% 12.39% 4.79% 2.82% 1.13% Europe North America Asia India MEA South America
  • 23. SCADA Safety in Numbers 23 These results can be anticipated, because the number of available systems directly depends on the degree of infrastructure automation. 4.2. Types of ICS Systems Most often the global network contains various SCADA components including HMI. They account for 70% of all detected objects. Another 27% of the ICS components are programmable logic controllers. Various network devices used in ICS networks (referred to as the Hardware in the following table) were detected in 3% of cases. Table 14. ICS Components Type World Percentage, % Hardware 3 HMI 27 PLC 27 SCADA 12 SCADA/HMI 31 Fig. 16. Types of ICS Systems 3% 27% 27% 12% 31% Hardware HMI PLC SCADA SCADA/HMI
  • 24. SCADA Safety in Numbers 24 4.3. Percentage of Vulnerable and Secure ICS Systems At least 42% of ICS systems available from the Internet contain vulnerabilities, which can be easily exploited by an attacker. Almost the same number of systems (41%) are exposed to risk, but as it was mentioned above passive analysis is far from being reliable in identifying vulnerabilities detected in them. Therefore, a significant part of vulnerable ICS systems may hide in this unreachable area. The systems, which were proved secure in the course of the research, comprise only 17%. Table 15. Percentage of Vulnerable and Secure ICS Systems System Status World Percentage, % Secure 17 Unknown status 41 Vulnerable 42 Fig. 17. Percentage of Vulnerable and Secure ICS Systems 4.4. Vulnerability Types Security flaws related to configuration errors being the most common vulnerabilities were detected in 36% of cases. They include an incorrect password policy (as well as the use of default passwords), access to sensitive information, wrong restriction of user rights, and 17% 41% 42% Secure Unknown Status Vulnerable
  • 25. SCADA Safety in Numbers 25 etc. The fourth part of vulnerabilities (25.35%) is connected with the lack of necessary security updates. Table 16. Vulnerability Types Vulnerability Type World Percentage, % Complex 41.97 Configuration errors 36.06 Patch management 25.35 Fig. 18. Vulnerability Types 4.5. Percentage of Vulnerable ICS Systems in Different Countries Switzerland contains the major part of vulnerable ICS systems available from the Internet. All similar systems are vulnerable in this country. The second place belongs to the Complex Configuration Errors Patch Management 41.97% 36.06% 25.35%
  • 26. SCADA Safety in Numbers 26 Czech Republic (86%), the third — to Sweden (67%)3 . Exactly the half (50%) of ICS systems available from the Internet are vulnerable in Russia. Table 17. Percentage of Vulnerable ICS Systems in Different Countries Country Vulnerable ICS, % Switzerland 100 Czech Republic 86 Sweden 67 Spain 63 Taiwan 60 United Kingdom 60 Russian Federation 50 Finland 50 Italy 42 United States 41 Poland 36 France 36 Netherlands 33 Austria 33 Korea 32 Canada 25 Germany 20 India — China — 3 Table 17 and picture 19 shows countries with a considerable number of SCADA systems available from the Internet.
  • 27. SCADA Safety in Numbers 27 Fig. 19. Percentage of Vulnerable ICS Systems in Different Countries 0% 20% 40% 60% 80% 100% Switzerland Czech Republic Sweden Spain Taiwan United Kingdom Russian Federation Finland Italy United States Poland France Netherlands Austria Korea Canada Germany Secure ICS Vulnerable ICS
  • 28. SCADA Safety in Numbers 28 Fig. 20. Percentage of Vulnerable ICS Systems in Different Countries 4.6. Percentage of Vulnerable ICS Systems in Different Regions Europe pays the least attention to the issues of the ICS information security — 54% of industrial automation systems located in this region are vulnerable and can be attacked remotely. South America is the second (39%), the third is Asia, where, as it is clear from the previous section, insecure objects in Taiwan and South Korea are of the essence. Table 18. Percentage of Vulnerable ICS Systems in Different Regions Region Vulnerable ICS, % Europe 54 North America 39 Asia 32 MEA 30 India — South America —
  • 29. SCADA Safety in Numbers 29 Fig. 21. Percentage of Vulnerable ICS Systems in Different Regions 0% 10% 20% 30% 40% 50% 60% Europe North America Asia MEA 54% 39% 32% 30%
  • 30. SCADA Safety in Numbers 30 5. About Positive Technologies Positive Technologies is at the cutting edge of IT Security. A specialist developer of IT Security products, Positive Technologies has over a decade of experience in detecting and managing vulnerabilities in IT systems. The company has been named one of the top ten worldwide vendors of Vulnerability Assessment systems and is among the top five fastest-growing firms in Security & Vulnerability Management globally* Positive Technologies has more than 300 employees at its offices and research centres in London, Rome, Moscow, Seoul and Tunis. Its technology partners include IBM, Oracle, Cisco, Microsoft and HP. Positive Technologies’ innovation division, Positive Research, is one of the largest security research facilities in Europe. Our experts work alongside industry bodies, regulators and universities to advance knowledge in the field of information security and to apply this analysis to improving the company’s products and services. The centre carries out research, design and analytical works, threat and vulnerability analysis and error elimination. Since 2004, Positive Research has helped global manufacturers including Microsoft, Cisco, Google, Avaya, Citrix, VMware and Trend Micro to eliminate hundreds of vulnerabilities and defects that threatened the safety of their systems. *Source: Market intelligence firm IDC’s report “Worldwide Security and Vulnerability Management Forecast for 2012-2016”
  • 31. SCADA Safety in Numbers 31