Demonstration of a destructive cyber attack vector on “air-gapped” systems

Sept. 21, 2016

All too often, people claim their systems are air-gapped, and therefore have no cyber vulnerability. But Alternating Current (AC) power cords cross the ostensible “air gap”, and power supplies for laptops, servers, ICSs, etc. have rarely been addressed for cyber security vulnerabilities. This demonstration will remotely cyber attack and permanently disable a fully air-gapped system – in this case, a server, a router, and a PLC connected only to each other.

All too often, people claim their systems are air-gapped, and therefore have no cyber vulnerability. But Alternating Current (AC) power cords cross the ostensible “air gap”, and power supplies for laptops, servers, ICSs, etc. have rarely been addressed for cyber security vulnerabilities.

Alex McEachern from Power Standards Laboratory will provide a hands-on demonstration of two types of attack-to-failure of a real, air-gapped ICS at the October ICS Cyber Security Conference (www.icscybersecurityconference.com). McEachern’s demonstration will remotely cyber attack and permanently disable a fully air-gapped system – in this case, a server, a router, and a PLC connected only to each other. Well, that's not quite true: all three would be connected to a power outlet, which will be McEachern’s vector of attack. 

Electrical systems, including ICSs, that claim to be fully air-gapped often aren't, says McEachern. In particular, the ICS takes electrical power from a local network, or Uninterruptible Power Supply (UPS). Power supply engineers who work on power disturbances, like McEachern, can demonstrate certain types of events -- as simple as turning the power off and on in a particular pattern -- that can permanently disable typical off-the-shelf power supplies.  In this case, McEachern will use the Internet to initiate the attack, but that isn’t necessary. McEachern will explain the technical basis of both attacks-to-failure. He will initiate, from his PC, both types of attacks on the air-gapped table-top ICS. He will also briefly discuss how to detect and prevent these types of attacks.

Power supply issues can have real impacts. The attackers in the 2015 Ukrainian hack discovered a network connected to a UPS and reconfigured the UPS so that when the attacker caused a power outage, it was followed by an event that would also impact the power in the energy company’s buildings or data centers/closets. The 2010 San Bruno, CA natural gas pipeline rupture was initiated as a result of the replacement of the SCADA UPS that directly led to the overpressure that burst the weak pipe. Given these actual cases, it should be evident that compromising power supplies can have very significant physical impacts.

This demonstration of a destructive attack on an air-gapped system and the protective relay hacking demonstration (see 9/15/16 blog) have several points in common. Both demonstrations involve physics issues that have been known by industry experts for years. Both demonstrations use cyber means (remote access) to exploit these physics issues. Neither attack vector can be detected by network monitoring as these are not traditional malware attacks. Both demonstrations can use the substation protective relays to initiate the cyber attacks.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...