The North American Electric Reliability Corporation’s (NERC) newly formed Cyber Attack Task Force will “consider the impacts of a coordinated cyber attack on the reliability of the bulk power system”, in a proactive effort to increase providers’ readiness for new waves of potential nastiness. Recently, there has been a flurry of activity surrounding efforts to secure critical process control equipment, specifically in the Programmable Logic Controller (PLC) space, which was the focal point of the recent Stuxnet worm. If hackers can make a PLC run amuck, chemical level sensors, temperature sensors, robotic equipment, large hydroelectric control mechanisms and the like can behave strangely, possibly causing substantial damage. If hackers can affect a widespread simultaneous attack on some such vulnerability, the impact can rise exponentially.
PLC’s have been in production for decades, I first learned ladder logic, the programming language for the popular line of Allen-Bradley PLC’s in the mid-90’s, where it was used to control high temperature catalyst processes for gasoline vapor, and also control the proper level of hydrochloric acid used in a related process. It’s easy to see how a catalyst temperature sensor, if “suddenly” reporting back faulty temperatures, could cause the gas burners to continue full-bore until the catalyst chamber melted and caused a mess, mixed in with a batch of hydrochloric acid, certainly a toxic cleanup nightmare.
This is a simplistic programming language. The idea is that a PLC should do certain simple things very, very reliably. Many of the PLC’s were deployed decades ago, before there was an internet, are still happily humming along in control panels throughout the world. Over time, some of them have had networking modules added to the framework. PLC’s are modular, meaning if you want another temperature (thermocouple) module to be controlled, just slide it in an empty spot in the rack, and the controller will see it. This also means you can add a network module onto a very old system and start controlling it. Since the original architecture wasn’t designed when there WAS an internet, installations certainly would’ve had to backfill security mechanisms onto the old systems. It’s no surprise many of them haven’t, especially in light of recent budget cuts across many municipalities.
Also, since critical infrastructure providers like energy producers have leaner budgets, there are fewer resources to hire new-fangled security staff specially trained in the field. Still, edicts will be increasingly imposed on the facilities to bulk up security efforts.
Additionally, PLC vendors and customers alike will be pressed to speed adoption, a not-so-trivial endeavor. Overhauling security software (which may break something important) at a far-flung remote plant on a mountaintop somewhere with difficult access may be a long conversation. Still, it’s good to see NERC taking efforts to educate energy providers, as the potential impact of a widespread power disruption, with all its collateral confusion and damage, is certainly no small potential hack surface to be ignored, at least for long.
Author Cameron Camp, We Live Security