Industrial Control System Cyber Security
ASSIGNMENT 2 (W2):
ICS FUNDAMENTALS – OPERATION, DESIGN & VULNERABILITIES
· Complete the first part that introduces an ICS product and asks for technical information related to the product, its usage in real-world applications, vulnerabilities that may exist within the product, and how the exploitation of a vulnerability could impact the ability of the product to perform its intended purpose.
· Complete the second part that looks at the typical control systems that may existing in a household and how, if any security considerations exist to protect these systems from unauthorized access.
Part 1: INDUSTRIAL CONTROL SYSTEM OPERATION, DESIGN AND VULNERABILITIES
Emerson is a worldwide leader in automation and control solutions with headquarters based in St. Louis, Missouri. Their Automation Solutions segment generates two-thirds of the corporate revenue (per FY2019 data) and has major offices in Round Rock and Houston, Texas. Some of their major brands include PlantWeb™, Syncade™, DeltaV™, Fisher®, Bettis™, Micro Motion®, Rosemount®, Daniel™, Ovation™ and AMS Suite.
Emerson manufacturers a Remote Terminal Unit (RTU) under the brand name “ROC” or “Remote Operations Controller”. This part of the assignment is going to ask several questions about the product and features. Please provide answers to the questions below.
1. In your own words, please explain what a ROC is and what is does as part of an overall ICS architecture.
<your answer>
<URL(s)>
2. Please provide a link from the vendor website where someone might learn more information on the ROC from Emerson.
<your answer>
Vendors often develop informative brochures that provide example reference architectures of where their devices are bested utilized. They also provide Case Studies of where their product has been deployed successfully in the field.
3. Please list 2-3 customers that have used the ROC and which industrial sector (e.g. power generation, oil and gas exploration and production, water and wastewater treatment, etc.)
<your answer>
Many SCADA products depend on a vendor-provided engineering environment to configure and customize the operation of their product. This means that the more vendors that you have within the ICS architecture, the more tools that are needed and must be upgraded to address application and security anomalies.
4. What is the name of the engineering development software used to program the ROC?
<your answer>
Vendors often use proprietary protocols to communicate with their devices as opposed to common open or licensed protocols like Modbus, EtherNet/IP and PROFIBUS.
5. What are the two protocols used by the engineering development application to communicate with the ROC?
<your answer>
6. If there was a vulnerability that would adversely impact the ROC and its ability to perform its intended function, describe how this could negatively impact one of the potential client installations described in item 3 above.
<yes / no>
7. Have there been any cyber security alerts or advisories published about the ROC product from Emerson?
<yes / no>
8. If you found any vulnerabilities, please provide details of the vulnerability below (e.g. vulnerability identification number, alert number, advisory number, etc.).
<your answer>
9. What is the difference between an ICS “Alert” and an “Advisory” published from the U.S. Dept. of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA)?
<your answer>
Vulnerabilities are tracked using the National Vulnerability Database (NVD) hosted by the U.S. Dept. of Commerce National Institute of Standards and Technology (NIST). They are tracked using “Common Vulnerability Enumeration” or CVE, as well as the classification of the hardware of software weaknesses known as a “CWE” or “Common Weakness Enumeration”.
10. Does the National Institute of Standards and Technologies (NIST) National Vulnerability Database provide any additional information? If “yes”, please explain including CVE(s), CWE(s), and URL(s).
<your answer>
11. Were you able to find any vulnerability scanners that could identify an Emerson ROC on the network and/or the presence of any known vulnerabilities for the ROC? If “yes”, please provide details and the URL(s).
<your answer>
12. Were you able to find any additional information that could show you how to exploit this vulnerability? If yes, please list source with URL.
<your answer>
13. If you were unable to update the affected ROC device with software/firmware provided by the vendor intended to eliminate the vulnerability, what are some other measures that could be performed that do not require the device to be taken offline for an update to protect the ROC from an unauthorized actor on the network attempting to exploit the vulnerability?
<your answer>
14. If you were to discover a vulnerability with one of the Emerson ICS products, where would you send your initial communication to regarding your finding (hint: the answer is one many if not all of their web pages)?
<your answer>
Part 2: HOME CONTROL AND AUTOMATION
15. Thinking about your home, list as many automated control systems as you can. For each system listed, please complete the following table. A simple example has been provided in the first row. (add additional rows if needed)
|
Control System |
Sensor |
Actuator |
Human Interface |
|
Heater Air Conditioner |
Thermometer |
Fan + Gas Valve Fan + Compressor |
Thermostat |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
16. Home Automation is becoming increasingly popular. Did you list any of these in the table above? If not, go back and enter those that you would consider a control system.
17. Consider now the communication paths between sensor, controller, and actuator and provide the following new entries to the table. The simple example has been used as a starting point. (add additional rows if needed)
|
Control System |
Sensor Communication |
Actuator Communication |
Controller Location (Local / Cloud) |
|
Heater Air Conditioner |
Analog |
Analog |
Local |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18. This is a class on security, so let us now focus on what physical and/or cyber security measures you believe exists to protect your control system from an external event causing harm to you, your home, or your asset. (add additional rows if needed)
|
Control System |
Security Considerations |
|
Heater Air Conditioner |
· Devices located in physically secure location · Home protected with electronic security system covering door and window opening, glass break, motion, and fire · Standalone network with no external connection eliminating requirement to update software inside thermostat |
|
|
· |
|
|
· |
|
|
· |
|
|
· |
CSCI 397.01W | CSCI 397.61W
Fundamentals of Industrial Control System Cyber Security © 2012-2020 ICSCSI LLC
Fall 2020 Page A2-1 of 8