An ICS vendor still in denial

Oct. 26, 2016

The demonstration of hacking the SEL751A not only showed how the system could be hacked and the operator “blinded” but also offered a solution. An SEL conference attendee, under the pretense of asking a question, told the audience the test was rigged to make the relay fail which was not the case.

I will be providing my observations from the 2016 ICS Cyber Security Conference later. However, there was one incident that occurred yesterday (10/25/16) that I want to make public now. MSI performed a demonstration of hacking an SEL751A relay and then taking control of a motor. The choice of the SEL relay was arbitrary because the demonstration was typical of any Intelligent Electronic Device - IED (smart relay). Because of industry’s skepticism of the INL Aurora test, we were very careful to make sure this demonstration was real and relevant. Consequently, the test approach was guided by a very seasoned utility substation expert. The demonstration not only showed how the system could be hacked and the operator “blinded” but also offered a solution. Attendees asked if SEL was informed of this vulnerability. Both MSI and myself contacted SEL. What was very disappointing was an SEL conference attendee, under the pretense of asking a question, told the audience the test was rigged to make the relay fail. This was absolutely not the case!  The next presentation was by Indegy of a vulnerability in the Schneider Modicon PLC software-based simulator. This was a success case as Indegy found the vulnerability, disclosed the vulnerability to Schneider and, Schneider provided a fix in an expedited time frame. Without intending to, the back-to-back presentations illustrated the difference between an ICS vendor and security researcher working together to resolve a vulnerability and an ICS vendor in denial.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...