Information security incidents of automated process control systems of foreign countries
At present, the existing approaches to ensuring information security of the elements of an automated process control system are insufficient in view of the architectural features and properties of the software and hardware of its elements, which provides the attacker with several vectors of influence on technological automated systems. With the development of information technology and the significant complexity of the architecture of the automated process control system, multiple information security threats have appeared, the implementation of which by an attacker can lead to disastrous consequences.
Below is an analytical report containing a description of information security incidents in the automated control systems sector of foreign countries based on Internet publications, as well as unique developments of STC " Stankoinformzashchita " in the field of security of WEB-applications supplied with various SCADA-systems.
During the period from 2008 to 2010, multiple vulnerabilities were discovered in the elements of the automated process control system that make up its hardware and software base, which can lead to disruption of the correct operation of the technological process and the realization of threats of unauthorized access to the information processed in:
dispatch control and data acquisition systems (SCADA);
separate interfaces for managing automation objects;
elements of the telemetry subsystem and telemechanics;
application applications for the analysis of production and technological data;
production management systems (MES-systems).
In this analytical report, specific vulnerabilities have been highlighted, along with attack vectors that have already been applied to modern WEB applications, DBMS, components of operating systems, and third-party application software. The use of traditional information technologies in the elements of the process control system is one of the reasons for the low level of security of most of them. This factor allows an attacker to test existing knowledge regarding the elements of an automated process control system, which indicates a significant availability of exploitation of open source vulnerabilities (confirmed by the presence of an advertised method of exploitation in the form of an exploit or Proof-of-Concept). The time taken to eliminate the vulnerability varies and was further studied during the preparation of the report to clarify the possible interval of the compromised process control system or its elements in an emergency condition. ')