Collaboration for Cybersecurity Resiliency and Robustness

by | Nov 1, 2018 | Control & Safety Systems, Cybersecurity

Jim Cahill

Chief Blogger, Editor

Maintaining robust defenses from cyber-attacks is a priority for manufacturers. They rely on their automation suppliers to provide security-hardened technologies and cybersecurity services to help defend against new attacks and maintain resiliency and robustness over time. One key element in robustness is quickly finding, fixing and distributing patches for newly discovered vulnerabilities.

Industrial control systems (ICS) such as the DeltaV distributed control system have many layers of protections based on the IEC 62443 family of standards for how control systems should be developed, deployed, and maintained to dramatically enhance the cybersecurity of these installed systems. The Cybersecurity Guidebook for Process Control outlines steps to take to protect assets from cybersecurity threats.

ICS CybersecurityAt the recent ICS Cyber Security Conference, Emerson’s Neil Peterson (right) and CyberX‘s Phil Neray (left) presented, ICS Security Researchers & Automation Vendors: Building Mutual Trust. They discussed a real-world example of how security researchers uncovered a vulnerability in an ICS product and worked cooperatively with the ICS supplier including: how contact was made, responsible vulnerability disclosure, patch development & distribution, and finally public disclosure of the vulnerability via ICS-CERT (Industrial Control System Cyber Emergency Response Team).

CyberX provides an industrial cybersecurity platform for ICS asset discovery, identifying critical risks and attack vectors, and continuous network monitoring with behavioral anomaly detection and threat intelligence. In the course of enhancing their embedded analytics to support diverse industrial protocols, including proprietary protocols, they sometimes uncover vulnerabilities in ICS devices. They then work with the ICS suppliers to fix the vulnerabilities.

During this research, the CyberX team uncovered a vulnerability in the DeltaV control system. They communicated this vulnerability through ICS-CERT to inform Emerson’s DeltaV technology organization and start the responsible disclosure process.

After ICS-CERT connected the CyberX and DeltaV teams together, a video of the vulnerability was shown to clearly show the exploit and timing to perform.

The DeltaV product security incident response team performed root cause analysis, identified the solution, developed a patch, and fully tested across all the currently supported DeltaV versions. Once this testing was performed across all these versions, DeltaV users were provided patches to eliminate the vulnerability.

Once this communication and patching process had occurred, ICS-CERT made public disclosure of the vulnerability. This collaboration between cybersecurity platform and ICS suppliers followed a responsible disclosure path where the solution could be identified, developed, fully tested and deployed before a disclosure was made.

Cybersecurity is fundamental to Emerson control and SCADA systems. Neil described how the DeltaV system has gone through the rigorous ISASecure System Security Assurance certification process. DeltaV v14.3 will be the first ICS to attain ISASecure System Security Assurance Level 1 certified. The ISASecure standards are based on the ISA/IEC 62443-3-3, 62443-4-1 and 62443-4-2 standards.

Phil shared vulnerability data that CyberX recently published based on real-world traffic captured from more than 850 production ICS networks across all industrial sectors worldwide. The data uncovered the myth of an air gap between control systems and the internet, finding that 40% of sites have at least one direct connection to the internet. Also, 69% were using plain-text passwords instead of fully encrypted ones. And 53% were on versions of Windows operating system that are no longer supported from a vulnerability and patch management perspective. Read the full CyberX IIoT & ICS Risk Report on these findings.

When evaluating and improving your cybersecurity defenses, make sure to work with your supplier to develop adequate defense-in-depth strategies, work processes, training, and ongoing support. Just as continuous monitoring of process variables is critical for process control and safety applications, so is ongoing cyber-defense monitoring. As Neil explained in this session, continuous monitoring is essential for immediately detecting if and when cyber attackers have compromised your control network—so you can stop them in the early phases of a breach, before they can cause any real damage.

Trackbacks/Pingbacks

  1. Emerson Automation Experts Blog: Collaboration for Cybersecurity Resiliency and Robustness - CyberX - […] this Emerson Automation Experts blog post, Emerson’s chief blogger describes key points from the […]

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackbacks/Pingbacks

  1. Emerson Automation Experts Blog: Collaboration for Cybersecurity Resiliency and Robustness - CyberX - […] this Emerson Automation Experts blog post, Emerson’s chief blogger describes key points from the […]

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe for Updates

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to keep up to date on all the latest news, events and innovations to help you take on and solve your toughest challenges.

Want to re-purpose, reuse or translate content?

Please do, Just link back to the post and send us a quick note so we can share your work. Thanks!

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.