Friday, May 26, 2017

ICS-CERT Updates WannaCry Again (#6)

Yesterday the DHS ICS-CERT provided their 6th update to their WannaCry Alert that was originally published on May 15th and last updated on May 22nd. They added links to vendor advisories from:

Both of these vendor advisories make an important note of one of those problems that have not generally been mentioned in the WannaCry debate; control system compatibility with operating system updates. Both vendors specifically state that they have verified the operation of the their Windows® based products with the March MS update that dealt with the SMB vulnerability that underlies the WannaCry attack.

I did a more lengthy post on this issue back in January of 2012 and it is something that all ICS owners should be aware of. Automatic updating of the OS on the machine upon which the industrial control system resides is not necessarily a good thing. Add to that the cases where the ICS is so intertwined with the MS-OS that the vendor has to issue their own patch (see the Spacelabs discussion about their XTR 96280) to implement the MS fix. This results in an additional delay between the identification of the problem and the time that the device owner has any chance of fixing it.

Just one more problem with implementing security on industrial (and medical, and ….) control systems.

No comments:

/* Use this with templates/template-twocol.html */