Tuesday, March 29, 2011

IGSS White Paper Published

Yesterday Eric and Joel published the second white paper in their series of publications dealing with the multiple-system vulnerabilities discovered/publicized by Luigi last week. This document, published on TofinoSecurity.com, deals with the vulnerabilities identified in the 7-Technologies IGSS platform.

There will be some that will point out the similarities between this white paper and initial publication on the ICONICS Genesis vulnerabilities. This was to be expected on a couple of levels; there are common vulnerabilities in the two systems, and many of the security responses would be the same for a variety of vulnerabilities. A closer look at this new publication shows the work done on identifying the differences between the vulnerabilities in the two systems.

One of the main differences here is that the vulnerable system is not just a HMI program, but is an actual Supervisory Control and Data Acquisition (SCADA) system. Additionally, the vulnerabilities affect two different executable programs within the systems communicating on two different ports.

This new white paper also includes six ‘compensating controls’ that owners/users should take to protect their systems pending the publication of patches by 7-Technologies. Five of these controls are the same as those found in the initial white paper, which is not surprising since they should already be in place in any ICS security program.

The one new control replaces the recommendation to change the default port used in the Genesis system. The new control recommends the installation of an intrusion detection system to help the user/owner to detect someone trying to exploit these (and any other un-reported) vulnerabilities. This recommendation was made possible by the recent release of IDS signatures for the IGSS platform by the two IDS systems identified in this white paper (and no, neither is produced by Byres Security).

Another good piece of work by Joel and Eric. I look forward to seeing the two white papers on the remaining systems identified by the Luigi vulnerability release.

No comments:

/* Use this with templates/template-twocol.html */