CYBER-SECURITY AND PROTECTION TOOLS

Control engineers are more and more confronted with opened communication architecture, particularly with an increasing number of intranet / internet bridges, and by collecting technical informations sometimes exclusively published on internet with programming consoles. Actually, the ways of the digital informations become more and more complex, consequently there are more and more gaps of security, and the industrial communication networks as well as the programming and maintenance consoles become more and more aware of cyber-criminality.

One of the strongest proofs of the following is the detection of the Stuxnet virus around the years 2009-2010, but it seems it was in place for years. Tens of thousands of one current and widespread control system have been infected in the world. Finally, once introduced ( probably via an USB key ) in the presumed only targeted company, this virus has attacked its control systems up to the PLC controllers through the operator interfaces ( implemented in a non industrial commercial operating system ), with the objective of breaking down the machines and may be the operators. It is said that the factory network was linked neither to internet nor to any external networks.

The result has been that most of the thousands targeted machines have been broken, perhaps all the machines. It seems that more than one year has been necessary to eradicate the virus in this factory without any certitude nor warranty about its destruction. The production has been stopped for years, perhaps definitively.

It seems it is the first time that such an objective has been targeted, and according to the experts, some parts of the program of Stuxnet are very sophisticated and never seen anywhere before. Since the detection of this virus, the supplier of the concerned control system is providing a security patch preventing against Stuxnet.

Stuxnet has been exceptional, but most of the detected incidents have currently for causes the objective to steal strategic data in a company ( industry included ) by using software bugs or systems failures, without speaking about human causes ( be aware of the USB keys for instance ). More, we have to keep in mind that many of the incidents of vulnerability are detected on systems using networks.

Consequently, the public domain is becoming more and more vulnerable too ( in particular in strategic domains such as the production or the transfer of the energies, the water treatment and so on ), since internet becomes more and more used to interconnect the systems with their users and their management services.

The smart grids planed to be used in a short future for the distribution of the energy and of the water will not help, more, they are surely amplifying the phenomena. Without to mention the digital « clouds » usages. Thus, we have to note that some industrial providers ( unfortunately not all of them ) are doing serious efforts to supply their clients with ( theorically ) robust solutions.

We have only to refer to the late digital adventures of the Estonia ( in 2007 and later ) and of the Latvia ( in 2008 and later ) to be convinced of the existence of these threats, of their amount and of the importance of their potential consequences.

It is not to forget that a door - even an armoured one - is intended to be opened. It is its raison d'être. That means we have to be aware that when we are making a hole in a wall to install an armoured door, simply we are installing a door where there was none indeed, and we are adding a new path to get in.

Subsequently, it could be judicious that a control engineer follows the news in relation with the systems vulnerabilities, and that he knows how to protect all the automated controls from digital attacks. And it also could be judicious that an executive knows how vulnerable are his factories, how vulnerable are his suppliers ( especially in term of energy, but not only ), how vulnerable are all the companies or activities in interaction through the networks ( banks, customers and so on ), and what could be the consequences of the resulting potential cyber-attacks for the whole of his company.

For all kind of companies involved in any activities, one way to have an idea about potential threats is asking « white » hackers and ( or ) governmental agencies for auditing the entire digital systems of the company and the services its provides or uses through digital ways.

One available solution to improve the security of the factory control systems may be using the PROVIEW open source control system running under opened operating systems. This could be a convenient solution in association with the security software below. More, why not adopt open source operating systems such as Linux, FreeBSD and other for all the company ?

« MITRE » replaces the « OSVDB » digital security observatory, which stopped storing vulnerability events, due to a lack of contributions from the industrial companies. « OSVDB » listed all the vulnerability of the communication systems which are detected since November 7th, 1902, when data transmitted by the Marconi telegraph have been hacked. ( Already the wireless communications ! ).

In all cases, bravo and greetings to all the OSVDB team for their job.

By listing the industry directory, you will discover that the SCADA systems are especially vulnerable and are often the targets of hackers or spies. Other vulnerable systems are Ethernet components ( switches, hubs, network interfaces ), analysis networks software, PLC controllers and HMI interfaces ( bad protocols implementations ) etc.

You can look in the database for registered events. You can filter your search with the words you wish by typing a request in the field down the page ( such as in the link of the title of this section where the keyword is « industry », which will list all the vulnerabilities indexed in the industry category ). But you can also type a trademark or a reference for a device for instance, or any relevant word on a subject you are interested in. You could also try the vulnerability database search engine which provides maybe more explicit results or which displays them maybe more clearly.

https://cve.mitre.org

The « Industrial control systems cyber emergency response team » is a North American governmental organization which is involved exclusively in the industrial control system security area, whatever the application. It alerts on critical and sensible digital failures detected in systems such as logic controllers, inverters, communication networks, operator panels etc, informs their producer about, and requires to correct them. As you can see, the list is large.

The organisation provides a whole of very interesting documents about the industrial control system security recommended practices too.

https://www.us-cert.gov/ics/

This free and open source authentication server is based on the « Radius » authentication protocol. It is the only server which uses the extensible authentication protocol ( EAP ) and which supports virtual servers. It is the most used authentication server in the world.

This system has been designed to manage and to control safely and securely any device and any user requiring an access to a network or to a component of a network, whatever the technology used to transmit the data.

This technology is used by Internet services providers, cellular networks providers, Ethernet peripheral manufacturers and anyone who want to secure his IP wired or wireless network ( actually, with any device supporting a Radius client ).

The server is published with binary packages for a lot of operating systems, based on Unix, Linux and MS windows. Everyone can build the application on the operating system he wants by compiling the source code.

Before all, « Radius » is a network communication protocol designed to secure the data exchanged on a network by managing and controlling the access. It is implemented in a client-server architecture, and needs at least one Radius server to talk with at least one Radius client.

« FreeRadius » is an AAA system, that is an Authentication, authorisation and accounting system. It runs on Internet, Ethernet and all the IP networks, on wireless networks, on virtual private networks ( VPN ) and many others. All the data exchanged between a server and a client are encrypted.

• The Authentication refers to the validation of the user's identity ( the user can be a human or a digital device ).

  Authentication process can use login name, password, location, MAC address ( transmission medium access control address ) of the device requiring the connection and many other values to do it and to control the areas a user can access ( see authorization below ).

• The Authorization refers to the management of the permissions to grant to the user.

  Where is he allowed to access, what is he allowed to do ?

• The Accounting refers to the resources a user has consumed and is generally used for billing purposes.

The FreeRadius organization delivers all the technical documentation you need from its web site.

https://freeradius.org/

A « virtual private » network ( VPN ) acts like a private tunnel inside a public network transmitting the data securely from one authenticated point to another authenticated point by encapsulating compressed and encrypted data into the public network frames. It transmits and manages the TCP packets ( Transmission Control Protocol packets ) over the UDP ports ( User Datagrams Protocol ).

« Open VPN » - an open source project - protects the exchanges of data against passive and active attacks and is usable with static or dynamic addresses, in both LAN and WAN networks. All what concerns the security in open VPN is open SSL based.

We can benefit of open VPN to access remote devices securely :

• To access a remote PLC or a remote smart sensor for maintenance, for instance.
• To exchange data securely between two factories.
• To link permanently and securely a PLC controller with some external remote sensors.
• To insulate a control network in a factory.

To enforce the security of the transmissions, « Open VPN » can ( must ? ) be used in conjunction with one or more FreeRadius servers.

http://openvpn.net/

This free and open source library implements the secure socket layer ( SSL ) and the transport layer security ( TLS ) protocols. It is used in numerous popular applications ( Open VPN or FreeRadius for instance, or in the secure HTTPS protocol ) and by a huge amount of organizations.

• The SSL protocol encrypts the communication between two nodes in a network, by using a public key and a private key. It is designed to communicate between a web server and an web client over internet.
• The TLS protocol is an evolution of SSL, with a better robustness and more secure.

www.openssl.org

This free, open source, useful, fast and reliable network mapper package has been designed to check how secure are your Ethernet based communication networks, wired or wireless, from one single hosts up to all wide area networks. It integrates a whole set of security exchanges data dedicated software, scanning all the active hosts and all the available and responsive TCP and UDP ports in an IP network. It checks with many different techniques how easy an intrusion can be done, and where security weaknesses are located.

« NMAP » is intended to network administrators, and it can be associated with some other tools such as « Zenmap », « Ndiff » and « Nping », all available on its web site.

https://nmap.org/

• Comodo

  This very efficient internet and network firewall is delivered freely. Used by an expert, it is very powerful, allowing fine tuning for a big amount of communication protocols. The editor proposes anti-virus software and firewalls too.

  www.comodo.com

• Avast!

  Avast delivers an excellent anti-virus software without fees, with a network shield and firewall functions. A commercial version is available with more capabilities.

  www.avast.com

  ---

• Ad-aware!

  Adaware is an efficient solution to protect your systems against the spyware and the virus, free of charges. The Adaware company ( formerly Lavasoft ) provides commercial software too, such as firewall applications and protections against data stealing, and anti-malware with a lot of features.

  www.adaware.com/antivirus

• SpyBot Search And Destroy

  Spybot S&D is an excellent application in addition to Ad-Aware. It watches and protects your operating system ( mobile peripherals included ). ( You must accept cookies to view the pages )

  www.safer-networking.org

Since browsing the web means to be tracked by advertisers, internet providers, hackers, search engines and many more, may be you wish keeping away from traffic analysis. Or may be you need a connection with a remote controller for maintenance, and you do not want to take the risk to be tracked by hackers for instance.

The TOR project - the onion router - may be the good solution to avoid tracking. It allows a visitor to be anonymous and allows the data to keep their confidentiality by providing very useful tools.

The basic concept of this application is to route a web request and its response through virtual private networks ( VPN ) chained in an onion layer architecture, hiding your IP address, your location and some other informations ( see the « About TOR » section for more informations ).

First initiated with the US navy, the TOR project is a free and open source project very popular and used worldwide, simply because increasing the amount of users increases automatically the privacy.

The TOR project delivers several products such as the TOR browser bundle ( private web browsing with Firefox ), TORbirdy ( private emailing client with Thunderbird ), Tails (a very secure live operating system, Linux based and TOR based ) and other tools ( read the « Projects » section on the website ).

www.torproject.org

« Orbot » is a free and open source project using TOR, providing the same features. Orbot is especially designed and adapted to work on the mobile devices running under the Android operating system.

https://guardianproject.info/apps/orbot/

Avast provides a free version of its mobile security tool, intended for the mobile devices running under the Android operating system.

Avast mobile security prevents you against malware and virus ( yes, some malware can attacks even a Linux operating system ) and infected websites. It can block specific phone numbers, it can act as a firewall if you need this feature, and it tracks your mobile device whether it has been stolen or lost, helping you to recover it.

www.avast.com/free-mobile-security