During the last few months, several vulnerabilities attributed to microprocessors have been revealed, highlighting the importance of having systems with internal cybersecurity. These types of vulnerabilities are warning us of potential cyber risks in emerging technologies based on IoT and IIoT. Some time ago we published a very interesting article of MAXIM INTEGRATED about crypto-processors that can be accessed from here.
SPECTRE and MELTDOWN are two recently discovered vulnerabilities that affect the hardware that runs on most devices in the world. Most likely, each user has an affected device in their vicinity.
Almost all machines with a modern processor are affected, from workstations to control systems, servers, phones and tablets.
This includes Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on Intel processors, ARM and embedded systems. Most INTEL chips manufactured after 2010 are vulnerable, while many AMD, ARM and other chips are also affected.
SPECTRE and MELTDOWN are different, but related, vulnerabilities. SPECTRE comprises two vulnerabilities: CVE-2017-5753: boundary verification bypass and CVE-2017-5715: branching target injection, while MELTDOWN consists of one: CVE-2017-5754: cache load with false data.
These vulnerabilities make systems susceptible to so-called "side channel" attacks, which are based on the implementation of physical hardware and do not directly attack logic or code. These types of attacks generally include actions such as tracking electromagnetic radiation (ie TEMPEST), monitoring energy consumption, analyzing intermittent lights, cache analysis, etc.
Since IT, IoT and IIoT devices are very frequent and are updated infrequently, the presence of vulnerable devices can remain in production environments for several generations to come.
What is the impact of SPECTRE and MELTDOWN?
If one of these vulnerabilities is used to compromise a device, this could give an attacker access to privileged data in the system. Vulnerabilities do not grant access to the system; they only allow attackers to read data that should otherwise be restricted. In other words, an attacker still needs to enter the system to execute the attack.
While this may sound "encouraging", it is actually a critical concern in systems with multiple users, where data from a memory space belonging to a user must still be isolated from others.
In short, in shared or multi-tenant environments, such as a virtual environment, in the cloud or in any other multi-user environment, there must be strict barriers between users. Otherwise, any client in the cloud could access data belonging to other clients that share the same CPU.
The same compartmentalization occurs within the applications, which must be isolated from each other. For example, a web browser should not have direct access to the data used by the Windows operating system to store passwords or other confidential information.
All operating systems implement multiple levels of security to prevent this behavior from occurring, including Windows UAC, SELinux and more. For that reason, it turns out that SPECTRE and MELTDOWN vulnerabilities may not be as bad as they have been reported, especially if you are not a user of the cloud.
The following two videos explain the vulnerabilities of SPECTRE and MELTDOWN in a simple but very clear and concrete way. The news is that while the patches are being developed and published in the operating systems to avoid this problem, they cause delays in the systems. The vulnerability takes advantage of a technique created in modern microprocessors that allows them to advance part of the work to improve their performance.
In case these anticipated calculations are not necessary, the system discards them and eliminates them leaving them in unprotected memory areas within reach of other applications and / or unauthorized users.
Explanation in terms of Layman
Let's imagine, for a moment, that he has recently been awarded: Spectre Meltdown Mindreading Capability
For simplicity, let's call it SMMC. SMMC gives you the 'power' to read another person's mind, as long as both are in the same room.
Your SMMC can work on almost anyone, anywhere: the mall, the theater and even the poker tables in Las Vegas. Regardless of your location, you can read the minds of others, as long as you are in the same room as them. Now you have access to data that should be private, such as secrets, confidential or critical information, and more.
SMMC does not work remotely; must be near the other person and in the same room. In addition, you must have permission to enter this room (that is, in Las Vegas, you must have at least 21 years to enter certain casinos).
Now, let's imagine a different scenario: you are in your own room, yourself, and you use SMMC to get access to your own data. In addition to the potential outburst of the mental reflex, what is the point of executing an attack on your own mind? You already have access to the data, and you can retrieve them at will.
In a nutshell, that's the idea behind SPECTER and MELTDOWN. They are effective in a multi-tenant room where the secrets of more than one person must be kept private.
However, it does not make sense to execute an attack in a room with a single owner, since, technically, there are no secrets. As long as you're the only person who ever occupies the room, your data will be safe, even if you're still vulnerable to attack.
A detailed technical explanation requires knowledge of microprocessor programming. In this LINK will have access to relevant information published by the discoverers of these two vulnerabilities that affects all modern microprocessors on the market, except those that are crypto-processors.
Why SPECTER and MELTDOWN have received so much publicity?
SPECTRE and MELTDOWN have generated coverage in conventional media due to the large number of systems that have impacted. Almost everyone has a device that is vulnerable to attack.
However, being vulnerable does not necessarily mean that this will affect you in your plant systems. Sometimes, as in the case of the Microsoft patch, the cure causes the pain, not the attack itself. As suggested in the ANSI / ISA99 / IEC-62443 standard, mitigation actions should be the result of an assessment of cyber risks in OT and a criticality analysis as well as a careful installation and change management process.
A clear example is the impact of the MELTDOWN / SPECTER patch in Rockwell Factory Talk, which caused interruptions in the FactoryTalk servers. As of now, the patch has not yet been tested by Rockwell, and is currently not approved for use on any FactoryTalk system (it may not be for a while ...). In the case of Wonderware, the patch affected the traditional plant history. The update of Microsoft "KB4056896" has generated unexpected consequences for the SCADA software leader causing instability in the system and blocking access to data servers.
Mitigation is still a subject of considerable debate. Some have had a negative impact on performance, rendering the systems useless and creating other problems that are still being solved by several providers and user communities. Some patches are no longer available to the public and have not yet been reissued.
Attacks on industrial systems are increasingly sophisticated, capable of causing more and more damage. At the beginning the attacks were concentrated in the upper layers of the industrial networks and commercial IT technologies, while in recent years the attacks have hit the lower and proprietary networks of control systems and OT technologies. The damages caused per year, in the same number of incidents, have increased by 10 times!
What is the impact of SPECTRE and MELTDOWN on industrial systems?
Industrial environments have a wide variety of equipment, of which some of them usually include the following:
- Operacipon stations.
- Engineering Stations
- Servers over Windows (DNS, AD, etc.)
- Servers over Linux (historians, firewalls, automation systems)
- PLCs from various manufacturers
- DCSs from various manufacturers
- Instrumented Security Systems
- Engine Control Systems CCM
- HMI from various manufacturers
- Switches in electrical stations
- and many other devices with embedded systems
Almost all ICS networks are vulnerable to attack. Whether or not a specific device is at risk depends on multiple factors, such as the chip set, the firmware level, etc. Needless to say, we can expect substantial research and patches in the near future.
Many HMIs, panels and displays use the affected microprocessors. The vast majority of manufacturers industrial systems are still evaluating the threat. Many systems that support industrial controllers such as automation systems, batch control systems, production control servers, printers, OPC systems, SCADA systems, peripheral devices and IIoT devices, including cameras, sensors, etc., are the most vulnerable.
How can we help mitigate these types of vulnerabilities?
Whether it is new systems that will be incorporated into industrial plants and then have to be supported for decades, or existing industrial systems, we will have to make a decision to mitigate the risks associated with this type of threat. The same thing happens with other threats.
In the industrial field there are so many smart devices distributed in the plant that we can not treat everyone equally. An evaluation of cyber risks for industrial areas is of substantial value to determine the correct actions. This evaluation will provide us with the necessary elements to make decisions and determine the requirements of cyber security to satisfy the level of risk tolerable by the organization. A good risk assessment will provide the necessary elements to not overspend or invest less.
The segmentation of the industrial systems in Zones and Conduits will allow us to create safe industrial systems by design. There are many types of vulnerabilities in all stages of the life cycle of systems, from design and conception, through the stages of construction, configuration, installation, commissioning, operation and maintenance. Many people believe that technology has all the answers to security when in reality this is completely false. The methodology of ISA99 registered ANSI / IEC-62443 guarantees an optimal security by design that meets the needs of the organization tailored to each Zone and each Conduit.
The most practical way is to incorporate industrial systems with Cybersecurity intrinsically embedded within the team (BUILT-IN, by its definition of English) avoiding the need to incorporate Aggregate Cyber Security. Systems with Embedded Cybersecurity technologies provide several advantages for end users and integrators. These advantages are summarized in (a) lower cost of ownership of the system. (b) lower cost of security, (c) higher reliability of the system - lower failure rate, (d) longer useful life, (e) higher levels of cybersecurity to satisfy the highest requirements.
A clear example of this type of solutions can be found in BEDROCK AUTOMATION systems. For new systems, the best and safest way consists in the implementation of industrial systems with embedded Cybersecurity, such as BEDROCK. These systems of BEDROCK have been conceived with Crypto-Processors making this type of vulnerabilities virtually impossible. BEDROCK technology allows users to create a Network of Trust (ROOT OF TRUST) that can be extended to the organization.
Attack vectors to industrial systems are increasingly sophisticated. The exponential growth of the black market in the discovery and the remarkable interest in using these increasingly sophisticated methods make us think that the technologies of the systems without embedded Cyber Security will be a children's game for the bad guys in just a few years. Long before these systems think about being replaced.
For systems already installed in the first place, being aware of what exists in your industrial environment is essential to ensure it successfully. You will not be able to protect what you do not know. In turn, having an automated asset inventory in your toolbox is essential to understanding which equipment is at risk and requires attention.
Having in-depth visibility of your asset inventory is vital. Without this, you are left with a list of industrial devices that must be manually examined to determine if your specific hardware module is affected.
An automated asset inventory is key to identifying vulnerable assets and following the efforts of their maintenance. An industrial Cybersecurity solution such as INDEGY automatically collects this information from industrial devices and makes it available in its Asset Inventory.
Finally, to exploit these vulnerabilities, an attacker needs access to the network. This emphasizes the importance of having a network monitoring system, which allows you to identify any person who connects to the network, communicating with or modifying key assets.
Patch application in vulnerable systems
Patch application systems in industrial environments are by no means a trivial process, as these systems are often required to ensure the safety and stability of industrial processes.
We can help organizations with the patch process in two ways:
- To monitor patch progress INDEGY allows you to see which systems have been patched and which ones are still vulnerable. If a system is not patched by mistake, the INDEGY system will inform you about this.
- For the monitoring of personnel and systems involved in the application of patches, there is the possibility for several people to implement several mitigations, patches, firmware updates, etc. in a variety of platforms, from workstations to servers, PLC, HMI and IIoT devices. This can result in several people, in a variety of roles, from different organizations potentially entering their production environment. How will you know what each person is working on? Can any of your activities cause interruptions in your industrial processes? What about the use of unmanaged third-party laptops that may be compromised? Or in cases where remote connections are opened to enable the necessary work? All these can expose their industrial systems to unwanted threats.
With the INDEGY platform, industrial systems can be monitored safely as employees and external contractors enter and leave the plant, or when they connect and disconnect from their network. The platform allows you to track all your activities and receive alerts in real time about any unauthorized or suspicious activity.
Indegy allows you to confirm that your mission-critical industrial control systems have not been touched by unauthorized users, and that no errors were made when trying to update your systems. Contact us for more information on how to protect industrial control systems.