Saturday, January 23, 2010

Another Cyber Attack Route

If there weren’t already enough ways that a determined cyber attacker could gain unauthorized access to an industrial control system, a developer has come up with an iPhone app that allows for remote communications with Omron PLCs, according to a recent blog posting at Hennulat.WordPress.com. The article claims that: “Security is guaranteed through encrypted passwords and TCP/IP tunneling.” Unfortunately, it later notes that: “ScadaMobile connects directly to the PLC without routing through servers or personal computers, using a direct TCP/IP link between the iPhone and the PLC, with minimal configuration.” It would seem to me that if a system was not properly secured (and that never happens….) this could allow unauthorized access. This is one of the big problems with cyber security in general and ICS security specifically; developers work hard to make access to systems easier to simplify the life of people working on or with the system. Unfortunately, if this is not done very carefully, it also makes it easier for unauthorized personnel to gain access to the system. BTW: If your facility is using Omron PLCs, make sure that you are using a rigorous password policy. You don’t want them to be on someone’s iPhone contact list.

2 comments:

Harold Ennulat said...

Good reminder about the security concerns. We'll have to wait and see how people actually use this kind of capability with devices like the iPhone.

It seems inevitable to me that they will be used and the security issues will be addressed satisfactorily.

PJCoyle said...

For my response to Harold Ennulat's comments see: http://chemical-facility-security-news.blogspot.com/2010/01/reader-comment-01-25-10-iphone-security.html

 
/* Use this with templates/template-twocol.html */