If there weren’t already enough ways that a determined cyber attacker could gain unauthorized access to an industrial control system, a developer has come up with an iPhone app that allows for remote communications with Omron PLCs, according to a recent blog posting at Hennulat.WordPress.com.
The article claims that: “Security is guaranteed through encrypted passwords and TCP/IP tunneling.” Unfortunately, it later notes that: “ScadaMobile connects directly to the PLC without routing through servers or personal computers, using a direct TCP/IP link between the iPhone and the PLC, with minimal configuration.” It would seem to me that if a system was not properly secured (and that never happens….) this could allow unauthorized access.
This is one of the big problems with cyber security in general and ICS security specifically; developers work hard to make access to systems easier to simplify the life of people working on or with the system. Unfortunately, if this is not done very carefully, it also makes it easier for unauthorized personnel to gain access to the system.
BTW: If your facility is using Omron PLCs, make sure that you are using a rigorous password policy. You don’t want them to be on someone’s iPhone contact list.
I spent 15 years in the US Army as an Infantry NCO. After getting out of the Army I started working in the chemical industry, getting my BSc Chemistry degree while working as a technician. I spent 12 years working as a process chemist in a specialty chemical company. I'm now working as a QA Manager in a specialty chemical manufacturing facility.