Disclosure Issues - Unintended Consequences

July 5, 2011
I was approached by an IT penetration tester early this year wanting to test ICS equipment. This seemed like an ideal test to see if ICS equipment would be too arcane for the IT community to understand. It took less than a day for the IT tester to find many vulnerabilities, some extremely critical, including allowing control of the VxWorks device. This would normally have been bad enough.
I was approached by an IT penetration tester early this year wanting to test ICS equipment. This seemed like an ideal test to see if ICS equipment would be too arcane for the IT community to understand. It took less than a day for the IT tester to find many vulnerabilities, some extremely critical, including allowing control of the VxWorks device. This would normally have been bad enough.
However, an unintended glitch arose. The unintended consequence of the need to protect intellectual property (computer code) can prevent review of code for security reasons. Review of code also extends to penetration testing. This unforeseen problem can preclude even the asset owners from having vulnerabilities in their own equipment disclosed which is what happened in this case.
One needs to consider the case of what happens when you download software.  There is generally an agreement that needs to be signed before you can download the software. It may include a statement prohibiting third parties from reviewing the software. This needs to be modified for security purposes.
There will be discussions on these issues at the September ACS Conference.
Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...