November 30, 2023 at 01:46PM
Over a decade after the Stuxnet attack, PLCs remain vulnerable due to users not implementing security controls or firmware updates. Researchers bypassed Siemens’ protocol obfuscation, exposing risks in legacy systems. Siemens advises upgrading to newer firmware with TLS and applying stronger security protocols.
Meeting Takeaways:
1. Vulnerability to Stuxnet:
– PLCs that were compromised by the Stuxnet attack over a decade ago are still in widespread use.
– These PLCs lack proper security measures, and users are reluctant to enable security controls like passwords.
– Updates to these PLCs are seen as too cumbersome by users, leading to infrequent application.
2. Research Findings:
– Colin Finck and Tom Dohrmann have conducted research on Siemens S7 PLCs, indicating persistent security issues.
– Siemens’ proprietary protocol for these PLCs is protected mainly by obfuscation, which has been bypassed by the researchers.
– Their findings will be presented at Black Hat Europe, highlighting the continuing security weaknesses in these devices.
3. Historical Context of Stuxnet:
– Stuxnet significantly impacted the Iranian nuclear program, damaging centrifuges by exploiting vulnerabilities.
– The attack analyzed PLC communication protocols to further exploit weaknesses.
– Post-Stuxnet, similar industrial control system attacks have occurred.
4. Siemens’ Response to Security Issues:
– A recent Siemens Security Bulletin acknowledged that previous protocols are insecure.
– Siemens advises migrating to the latest firmware version, V17, which supports TLS.
– Siemens recognizes the necessity for more accessible and regular firmware updates and promotes a defense-in-depth strategy.
5. Researcher’s Critique and Recommendations:
– The latest firmware does include improved security measures, but researchers criticize the lack of an established cybersecurity service for long-term issues.
– Researchers call for Siemens to provide more straightforward update mechanisms to improve the deployment frequency of firmware updates by users.
– Updates are currently a tedious manual process; hence, researchers recommend avoiding direct internet connections to PLCs due to security vulnerabilities.
Action Items for Siemens:
– Encourage users to enable security controls on PLCs.
– Make the update process more user-friendly and incentivize the deployment of updates.
– Continue to work on and offer robust security features and support for their PLCs.
– Communicate with users regarding the importance of migrating to updated firmware versions and applying recommended security practices.