The problem with ICS security improvements

In the BruCON workshop on ICS and SCADA security (which you can read about here), we learned how to hack ICS systems using Wireshark. In the progress of which we also came to some conclusions about problems with ICS security in real life.

One problem with ICS and SCADA systems is the limited hardware. Old PLCs run very limited chipsets, not at all comparable to the hardware that now runs our small devices. These systems were only designed to handle a very small set of data and logic actions. Even if you wanted to include them, there just isn’t any room for advanced software features like proper authentication or encryption.

Furthermore, many industrial facilities are now using unsupported PLCs. Upgrading security would mean replacing all of these old devices.

Then, if you decide to do so, making changes in the PLC environment is not so simple, when the environment is live. The focus of the business is on uptime. Awareness of ICS security is too low, so security improvements are not held in great value by the business, compared to the cost of stopping a production line.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *