Good news story on cyber-security vulnerability

In a new post on his blog themanufacturingconnection.com, Gary Mintchell highlights a success story in sorting out a cybersecurity vulnerability. This was perhaps refreshing and unusual in that for once the experts at the security services company who found the problem, IOActive (see http://blog.ioactive.com), and the hardware supplier co-operated positively and sorted out the problem, with patches made available in 3 months.

Gary comments:

“Cybersecurity experts, and especially the media that reports on cybersecurity vulnerabilities, often love to just point fingers at companies. Seldom do they acknowledge a good response.

The IOActive security services company announced on 9th January that it had uncovered multiple vulnerabilities in the Siemens Scalance X-200 Switch Family. These Ethernet switches are used to connect to Industrial Control Systems (ICS) components like Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs). The switches enable remote diagnostics and simplified configuration through a common web browser.

Senior security consultant for IOActive, Eireann Leverett, discovered two vulnerabilities in the switches. Both vulnerabilities were discovered in the web server authentication of the product. The first vulnerability could allow an attacker to perform administrative operations over the network without authentication, gaining access to critical services. The second vulnerability could allow an attacker to hijack web sessions over the network without authentication.

“Siemens ProductCERT were professional, courteous, and did not adopt an adversarial attitude when I contacted them about the vulnerabilities. Consequently, we were able to clarify the vulnerabilities quickly, and they produced a patch within three months,” said Eireann Leverett, senior security consultant for IOActive. “I challenge other ICS vendors to match this timeline for security patching in the future.”

Speedy Response

As soon as IOActive notified the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the vulnerabilities, Siemens ProductCERT wasted little time resolving the issue.

Leverett added, “The speed at which Siemens ProductCERT responded to the notification of these two vulnerabilities is something to be applauded. IOActive has always pushed vendors to respond when they receive notifications on vulnerabilities in their products. Siemens is the perfect example of how companies should respond when addressing these issues.”

Siemens ProductCERT is a team dedicated to accepting and handling security issues and vulnerabilities within their products. They co-ordinate with external and internal security researchers and work closely with the company’s product teams to develop fixes. ProductCERT publish the fixes as soon as they have been tested and credits the researchers who discovered the issues. The very existence of this team illustrates Siemens serious commitment to handling security issues smoothly and quickly.

Siemens has addressed both issues by providing a firmware update for the affected products.”

This sort of story might not make the headlines that the normal cyber-security failures achieve, but such a positive result is well worth repeating, to show that Siemens in particular takes such notifications seriously.

Advertisements

One Response

  1. Cyber Security is always been an issue in the Industrial Automation. There are various loopholes or backdoor entries in every system which may be a presentable offer for threats. Network loopholes not to mention hardware and software issues can also facilitate easy cyber threats. When we speak about hardware and software issues, it is all about unsecured remote terminal units (RTUs), computers, specific HMI, smart phones, peripherals, USBs, etc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: