The Myths and Facts behind Cyber Security Risks for Industrial Control Systems

E.J. Byres and J. Lowe; “The Myths and Facts behind Cyber Security Risks for Industrial Control Systems”, VDE 2004 Congress, VDE, Berlin, October 2004

Abstract: Process control systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wrecked so much havoc on corporate information systems.Unfortunately, new research indicates this complacency is misplaced – the move to open standards such as Ethernet, TCP/IP and web technologies has let hackers take advantage of the process industries ignorance. This talk summarizes the incident information collected in the BCIT Industrial Security Incident Database (incident submission form), describes a number of events that directly impacted process control systems and looks at the lessons that can be learned from these security events. As well we discuss the penetration points used by most attacks and how many firewall efforts may be misguided. Finally we look at the trends in terms of how the nature and sources of attacks have changed over the past two years, where the hacker community is beginning to focus their efforts and how the industry needs to focus its security effort in response.

The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems - White Paper (133kb)