On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols

E.J. Byres, D. Hoffman and N. Kube; “On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols”, 5th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November 2006

Abstract: The recent introduction of information technologies such as Ethernet® into nuclear industry control devices has resulted in significantly less isolation from the outside world. This raises the question of whether these systems could be attacked by malware, network hackers or professional criminals to cause disruption to critical operations in a manner similar to the impacts now felt in the business world.

To help answer this question, a study was undertaken to test a representative control protocol to determine if it had vulnerabilities that could be exploited. A framework was created in which a test could express a large number of test cases in very compact formal language. This in turn, allowed for the economical automation of both the generation of selectively malformed protocol traffic and the measurement of device under test’s (DUT) behavior in response to this traffic.

Approximately 4000 protocol conformance tests were run against two major brands of industrial controller. More than 60 errors were discovered, the majority of which were in the form of incorrect error responses to malformed traffic. Several malformed packets, however, caused the device to respond or communicate in inappropriate ways. These would be relatively simple for an attacker to inject into a system and could result in the plant operator losing complete view or control of the control device. Based on this relatively small set of devices, we believe that the nuclear industry urgently needs to adopt better security robustness testing of control devices as standard practice.

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols - White Paper (98kb)