This blog is dedicated to open, interoperable manufacturing software and the coolest, latest and greatest things I see every day while conducting business under the banner of Inductive Automation.

Hello, my name is Steve Hechtman and I am president of Inductive Automation. During the span of one day there is more excitement, more discovery than I can possibly keep to myself. This blog is, therefore, my outlet. WARNING: This site is highly biased in favor of the most powerful, affordable manufacturing software in the world - Ignition by Inductive Automation!

Stuxnet and Common Sense

The Stuxnet PLC/SCADA virus saga keeps getting deeper. If you haven't been following the story, you can read this Wikipedia article about it. The Wikipedia article skirts around what the ultimate objective of the Stuxnet virus is but this AOL News article minces no words.

It's all very interesting, but essentially the virus exploits various software vulnerabilities and thereby modifies the PLC program that controls high frequency VFDs found only in uranium enrichment centrifuges. Its purpose, according to the AOL article, seems to be to over-speed the centrifuges momentarily so as to destruct the rotational parts.

I have just one question, why wasn't the PLC program password or keyswitch protected against program changes? In a sensitive application like this, why not? Control system security is mostly a procedural and implementation issue. Yes, network traffic should be encrypted. Yes, user authentication should be centrally managed along with other IT applications. But no matter what, any system can be compromised when common sense goes out the window.

Common sense is important and there is no one-size-fits-all solution. I see it just like a personnel safety system implementation. A risk assessment for the situation is done and vulnerabilities are evaluated, then an appropriate solution applied. And it is a continuous improvement process that adapts the system to new conditions as discovered.

In a safety system risk assessment the first step would be to determine, in a worst case scenario, what the loss would be. Death? Personal injury? Machine damage? Product damage? And in the latter two, how much cost? Similarly, you would first do a risk assessment for SCADA or PLC security. In fact, the parallels between a safety risk assessment and security risk assessment are uncanny.

The recent TSA enhanced pat-down for pilots is an example of the one-size-fits-all mentality when it comes to security. I sure hope it doesn't come to that for SCADA systems. The right answer is to approach SCADA security the same way safety has been approached in our industry for many years.

No comments: