Control Systems: More Vulnerabilities Exposed

Lack of updates and investment behind six security weaknesses of industrial control systems

Control Systems image by Nattapon Supanawan (via Shutterstock).
Image by Nattapon Supanawan (via Shutterstock).

Could the control systems in your premises be vulnerable to security weaknesses? According to a report by FireEye, they identified six weaknesses. They are as follows:

  • Unauthenticated protocols;
  • Outdated hardware;
  • Weak user authentication;
  • Weak file integrity checks;
  • Vulnerable Windows operating systems;
  • Undocumented third-party relationships.

The use of unauthenticated protocols on industrial control systems could affect its proper running. A network computer can send commands that are likely to alter the processes of your system. This could mean the measurements of your CNC created parts being out of kilter compared with your plans.

Outdated hardware is another major issue. The operation of your control systems could either be compromised or running below its full capacity. For example: software compatibility problems – akin to trying to post your Twitter feeds on a ZX Spectrum 48k computer. It may lack the power to do tasks which more modern machines could do in a heartbeat.

Weak user authentication – in other words, ineffective passwords – could be easily cracked if hard coded into the system. When subject to security vulnerabilities, changing passwords (if hard coded) are hard to modify.

Weak file integrity checks are another threat to outdated control systems. Like your PC or mobile device, they can be at the mercy of malware or spyware. This was described in one of our previous posts on a similar subject.

This is true with versions of Windows, especially those which haven’t been updated for several months. Or older versions that fall outside of Microsoft’s support cycle. Again, the same nasties you buy or download security software could wreak havoc on Windows-powered control systems.

Then again, you might have needed that version of Windows to run proprietary software. What if the third party software maintenance agreement has gone awry? Could the publishers have ceased trading? Is the software no longer supported on your version of Windows?

Total Control and Distribution, 12 April 2017.

Leave a Reply