Hacking the Industrial Network

Innominate Security Technologies , a worldwide provider of Industrial Network Security, has published a 2009 White Paper on the weaknesses of industrial systems. “Hacking the Industrial Network,” compiled by an independent consulting firm, is a compelling exposé of the numerous vulnerabilities of industrial control networks currently in use throughout the world.

Industrial control networks, generally referred to as SCADA (Supervisory Control And Data Acquisition) systems have been used for decades in power plants and distribution grids, oil and gas refineries, air traffic and railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, industrial processes, automotive assembly lines, automated food and beverage lines, water treatment plants and major dams. “The current situation is ripe for an epidemic,” says Dirk Seewald, CEO of Innominate Security Technologies, “Protecting critical infrastructure is itself critical.”

These older legacy systems remain highly vulnerable to intelligent remote attacks, as well as non-intelligent viruses, as these systems are no longer isolated from the Internet. They are accessible via company websites, wireless access points, USB drives, modems, radio transmission, satellite, microwave, wiretap and remote maintenance access. The report identifies incidents involving major corporations, utilities, nuclear plants and the Pentagon. A table of twenty-nine major incidents is provided, some of which were kept secret for years. Detailed footnotes and clickable internet research links are provided to document these incidents and each statement of fact.

While many engineers believe that their production networks are isolated from outside access, nothing could be further from the truth. It is common practice to include access to Web-based services on most programmable logic controllers. According to a major manufacturer of PLCs, the majority of their products are ordered with Web services enabled. Yet their own study indicated that 87% of users left the Web servers in the PLCs active with factory default passwords, like “1111”.

This latest analysis discusses the problems in plain language. It specifies industry recommendations and provides links to other white papers produced by national research laboratories chartered with addressing the problems of protecting critical infrastructure and production networks. It identifies strategies and specifications, as well as new, proven solutions available from a variety of vendors. The security of industrial networks can no longer be ignored. With threats to networks increasing in complexity and scope, decision makers need to take action before it is too late.

A comprehensive copy of the 16-page White Paper, including detailed footnotes and clickable Internet research links is available at www.innominate.com/content/view/169/1/lang,en/