Internet Accessible Industrial Control Systems (ICS).
Description
Industrial Control Systems (ICS) are electronic control system and associated instrumentation used for industrial process control. They are used in the management of and for the automation of industrial processes, including manufacturing, critical infrastructure, and other industries.
Common types of Industrial Control Systems (ICS).
Common types of Industrial Control Systems (ICS) include Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs). These systems are used to automate and control various industrial processes.
| No. | Industrial Control System | Description |
|---|---|---|
| 1. | Supervisory Control and Data Acquisition (SCADA). | Supervisory Control and Data Acquisition (SCADA) is an architecture that enables industrial organisations to monitor and control infrastructure, which are geographically distributed, such as power grids, pipelines, and water treatment facilities. |
| 2. | Distributed Control Systems (DCS). | Distributed Control Systems (DCS) is a computerised control system used in a localised industrial processes, such as chemical processing or oil refining to manage and automate operations, particularly in continuous and batch processes, a DCS controls operations within a specific, limited area using local controllers connected to a central control system. |
| 3. | Programmable Logic Controller (PLC). | A Programmable Logic Controller (PLC), is a a computer specifically designed to operate reliably in harsh usage environments and conditions, such as strong vibrations, extreme temperatures and wet or dusty conditions. They are designed from inception for the type of rough use typified by these conditions, not just in the external housing but in the internal components and cooling arrangements as well, used for industrial automation. These controllers can automate a specific process or a machine function. |
Related Systems used with Industrial Control Systems (ICS).
| No. | Related Systems - ICS | Description |
|---|---|---|
| 1. | Human-Machine Interfaces (HMIs). | Human Machine Interfaces (HMIs) are Graphical user interfaces used in the high-level supervision of Industrial Control Systems (ICS). HMIs translate complex data into usable information displayed on screens, enabling operators to monitor, control, and troubleshoot machinery. They play a vital role in industrial automation by providing a user-friendly interface for managing complex systems. |
| 2. | Programmable Automation Controllers (PLC). | Programmable Automation Controllers (PACs) are designed to provide more computing power and support for various programming languages. They integrate control and data acquisition functions, which makes them more flexible and efficient in complex automation systems. PACs are targeted towards more complex and larger scale automation architectures. PACs can handle a broader range of applications, making them suitable for diverse and sophisticated industrial processes. |
| 3. | A Remote Terminal Unit (RTU). | Remote Terminal Units (RTUs) are specialised devices used in industrial control systems to monitor and control equipment in remote locations. They act as a bridge between field devices and a central control system, such as SCADA. A RTU is a microprocessor-based electronic device that collect data from field devices, process it, and transmit it to the control center, allowing operators to monitor and control it in real-time. Remote units communicate with field-level devices, process this data, and transfer it to the primary control system. |
| 4. | Industrial Automation and Control Systems (IACS). | IACS systems consist of various components, such as sensors, actuators, controllers, communication networks and human-machine interfaces. IACS can improve the efficiency, quality, safety and reliability of industrial operations by automating tasks that would otherwise require human intervention or manual labor. |
| 5. | Intelligent Electronic Devices (IEDs). | Intelligent Electronic Devices (IEDs) are microprocessor-based controllers used in power systems for monitoring, protection, control, and communication of power system equipment. IEDs controllers gather data from sensors, process it using embedded algorithms, and issue control commands to field devices, enabling automated and efficient operation of electrical systems. |
Proprietary protocols - Industrial Control Systems (ICS)
Proprietary protocols in Industrial Control Systems (ICS) are communication protocols developed and owned by a single company. These protocols are not open-source and are typically not shared with the public, meaning the devices using them can only communicate with other devices from the same manufacturer. This contrasts with open protocols, which are publicly available and allow for interoperability between different vendors' equipment.
Proprietary Protocols - Shadowserver Foundation Reports.
| No. | Name | Port | Protocol | Description | Vulnerabilities |
|---|---|---|---|---|---|
| 1. | BACnet. | 47808. | UDP | The Building Automation and Control network (BACnet) protocol facilitates communication between different devices and systems within a building, such as heating, ventilation, air conditioning (HVAC), lighting, and security systems. | Vulnerable to Man in the Middle (MitM) attacks in the event that security features are not enabled. |
| 2. | Codesys | 1105. | TCP | Codesys is a software platform used for industrial automation, particularly in Programmable Logic Controllers (PLCs) and other industrial control systems (ICS). Older versions of Codesys have vulnerabilities identified that could be exploited for denial-of-service attacks or remote code execution | Vulnerabilities related to memory buffer handling and default permissions which can allow arbitrary code to be executed, modify control flow, or access to sensitive information. |
| 3. | Ethernet/IP. | 44818. | TCP | Ethernet/IP is an industrial network protocol that combines standard Ethernet with the Common Industrial Protocol (CIP) for automation and control systems. The protocol can be integrated with other protocols and technologies, making it suitable for IIoT (Industrial Internet of Things) applications. | Vulnerabilities include stack-based buffer overflows, exploitation for denial-of-service (DoS) attacks, and remote code execution (RCE), All of which can be triggered by crafted CIP packets. |
| 4. | Fox. | 1911. | TCP | Flexible Object Exchange (Fox) is a proprietary communication protocol developed by Tridium for use within its Niagara Framework. | Vulnerabilities include the use of plaintext data transmission, default credentials, and a lack of robust security measures. |
| 5. | IEC-60870-5-104. | 2404. | TCP | IEC 60870-5-104 is a communication protocol used for telecontrol, teleprotection, and other telecommunication functions in power systems, especially within electrical engineering and power system automation. | Vulnerable to replay attacks and tampering due to lack of built-in security. |
| 6. | Modbus. | 502. | TCP. | Modbus was originally developed in 1979 by Modicon for programmable logic controllers (PLCs), it has become one of the most enduring and reliable communication protocols in the industrial environments and has become a de facto standard communication protocol for communication between industrial electronic devices in a wide range of buses and networks. | Lack of encryption and authentication in the Modus protocol makes it vulnerable to Man-in-the-Middle (MitM) attacks. |
| 7. | Modbus-closed. | 502. | TCP | The proprietary Modbus-closed protocol utilises the Modbus protocol within a closed or isolated network, often without direct internet connectivity. | Lack of encryption and authentication in the Modus protocol makes it vulnerable to unauthorised read operation (data exfiltration). |
| 8. | Omron-FINS. | 9600. | UDP | Omron FINS (Factory Interface Network Service) is a network communication protocol developed by OMRON for data exchange between its PLCs and other devices over an Ethernet network. Unlike other proprietary communication protocols, the Omron FINS protocol is documented and therefore its implementation is relatively simple. | Lack of encryption and authentication in the FINS protocol makes it susceptible to Man-in-the-Middle (MitM) attacks and unauthorised modifications of PLC logic. |
| 9. | OPC UA Binary. | 4840. | TCP | OPC Unified Architecture (OPC UA) is a cross-platform, open-source, IEC62541 standard for data exchange from sensors to cloud applications developed by the OPC Foundation (Open Platform Communications, formerly Object Linking and Embedding for Process Control). The Fundation is an industry consortium that creates and maintains standards for open connectivity of industrial automation devices and systems, such as industrial control systems and process control generally. | Susceptible to vulnerabilities associated with the underlying RPC and DCOM services in the Microsoft Windows environments. |
| 10. | Siemens S7. | 102. | TCP | The Siemens S7 is a proprietary communication protocol developed by Siemens AG of Germany for its S7 family of PLCs (programmable logic controllers). It enables communication between PLCs, as well as between PLCs and other devices like SCADA systems. The protocol is used for various purposes, including PLC programming, data exchange, and diagnostics. | Susceptible to exploitation for denial of service attack (divide-by-zero error and application crash) via a crafted packet. |
| 11. | Unitronics PCOM. | 20256. | TCP | PCOM is Unitronics’ proprietary communication protocol. Unitronics are a company that manufactures programmable logic controllers (PLCs) and human-machine interface (HMI) systems which supports Industry 4.0 and IIoT technologies, enabling connectivity and data exchange in industrial environment. | Lack of encryption and authentication mechanisms makes it susceptible to interception, eavesdropping, and manipulation of data. |
Information on the Shadowserver Foundation ICS Report
| No. | Subject | Information |
|---|---|---|
| 1. | Tag Index. | The Shadowserver Foundation has included in the 'Tag' column of their report, the proprietary protocol used by the specific Industrial Control Systems (ICS) identified in the report. |
| 2. | Accessible ICS Report. | In April 2022, The Shadowserver Foundation released the following document:- Accessible ICS Report. This document gives an insight into the Aims & Objectives of the organisation in relation to the report. |
Problem
Many Industrial Control Systems (ICS) rely on legacy systems with proprietary protocols, that are particularly vulnerable to cyberattacks due to their lack of modern security features.
| No. | Problem | Description |
|---|---|---|
| 1. | Remote Code Execution. | Remote Code Execution (RCE) vulnerabilities exist in Industrial Control Systems (ICS). Vulnerabilities which allow malicious or arbitrary code to be executed remotely with the potential to disrupt the normal operation of these systems in industrial processes and in critical infrastructure, which may result in significant disruption and damage. |
| 2. | Privilege Escalation. | Privilege escalation in Industrial Control Systems (ICS) is a vulnerability where a user has the ability of elevated access to resources within the system, often exceeding their intended permissions, enabling them to carry out malicious activities such as exploiting software vulnerabilities, misconfigurations, or inadequate access controls. An attacker who can access the system and escalate their privileges, can gain control over critical systems, potentially leading to data breaches, operational disruptions, and physical damage. |
| 3. | Denial of Service (DoS) Attack. | Industrial Control Systems (ICS) can be exploited for Denial of Service (DoS) attacks against other ICS devices. This is because Internet Accessible ICS networks, are vulnerable to various cyberattacks, including DDoS. Attackers can exploit vulnerabilities in the proprietary protocols, such as Modbus, DNP3, and Ethernet/IP or gain access through compromised systems to launch attacks against other ICS devices, with the potential to disrupt the normal operation of these systems in industrial processes and in critical infrastructure. |
| 4. | Attractive Attack Vector. | Weak security controls make Internet Accessible Industrial Control Systems (ICS) an attractive attack vector. Understanding and implementing proprietary protocols used in Industrial Control Systems (ICS) can be difficult for those not directly involved in their development or not authorised by the owner. |
Recommendations
| No. | Recomendation | Action |
|---|---|---|
| 1. | Ensure that ICS devices are not Internet Accessible. | Internet Accessible Industrial Control Systems (ICS) are an attractive attack vector and constitute an unnecessary attack surface, with potential entry points and vulnerabilities that could be exploited to gain unauthorised access to the Industrial Control Systems. CSIRT-IE recommendations to constituents are that Industrial Control Systems (ICS) are not to be Internet Accessible, in relation to ICS that currently are internet accessible, constituents are requested to implement this recommendation as soon as possible. |
Additional Information
Shadowserver - Accessible ICS Report.Shadowserver - Accessible ICS Report PDF.
Paloalto - What Is ICS Security? | Industrial Control Systems Security.