Are Control Systems Safe and Reliable?

Joe Weiss has an interesting blog posting over on ControlGlobal.com that briefly addresses the different issues that affect cybersecurity in IT systems and ICS systems. No new information, just a review of what Joe has been saying for quite some time. What caught my eye though was the title (which has little to do with the subject, BTW); “Industrial control systems are reliable and safe, just not secure”.

In light of recent disclosures about engineering decisions made in the design of control systems from Schneider Electric and Siemens (among others, of course) makes me seriously doubt the assumption explicit in Joe’s title.  While there is certainly a long history of system stability and reliability in industrial control systems (and no one would be investing the money in these systems if they didn’t have that history) the basic insecurity of these systems calls that history’s extension into the future in question.

If systems as currently designed, installed and deployed are able to be attacked by attackers with a wide range of skill sets (and just read the ICS-CERT advisories if you think they are not), it is only a matter of time before one or more systems are successfully hacked and manipulated. Once that happens to one system the whole ‘safe and reliable’ mantra of the industry goes out the window.

How can something be safe when anyone with the proper skill set and access to a modem can change (okay a slight exaggeration) whatever settings they want? How reliable is a system that is readily susceptible to a denial of service attack?

Schneider and Siemens have essentially forfeited their right to claim that their systems are ‘safe and reliable’. Other manufacturers are seemingly actively working with independent researchers to correct past errors in their system designs, but is anyone actively working on designing a safe, reliable and secure system? More importantly, would anyone be interested in paying a premium for such a system?

Right now these are academic style questions. As soon as a hacker successfully attacks a control system and causes economic damage to a major manufacturer, a community or the nation; or worse yet uses a compromised ICS to turn an industrial facility into a chemical weapon, the questions will become political questions. And anyone that has looked at the post-911 response by politicians will realize that the answers to those political questions could do as much damage to control systems as the attacks themselves do. They will certainly affect a wider swath of control systems.