Industrial Control System (ICS) are everywhere, they are especially present in critical infrastructures and industrial sectors. They help monitoring complex industrial processes. Nuclear facilities, Power plants and Manufacturing are examples of industries in which ICS are heavily used. Medical equipment, smart car or smart houses are other examples where ICS are used by everyone in everyday life.
Since 2005, attacks targeting Industrial Control System (ICS) are become more and more frequent. The impact of these attacks can often be serious damages in terms of production, operations, financial losses and more importantly human lives which are put at risk. Every year, there are more and more attacks targeting ICS systems. There are several attack vectors such as absence of strong network segmentation and unsecured remote access to ICS components.
In 2017, a Saudi Arabian petrochemical plant was targeted by the malware called Triton (also known under names such as Trisis or HatMan). The attackers took control of a subcategory of ICS: Safety Instrumented System (SIS) controller by Triconex which detects abnormal conditions and returns the system into a safe state. The Triconex SIS distributed by the Schneider Electric is used in thousands of industrial plants in nuclear, oil and chemical industries.
SIS controllers are automated monitoring solutions aimed at maintaining the plant in a safe state condition or bring it back into a safe state when some of the parameters (for example temperature or pression) are becoming abnormal. SIS is the last line of defense to protect human lives and industrial plants against physical damage.
The Triton attack framework developed by hackers was made to reprogram the SIS controller and modify its behavior.
CYSEC LAB is a security evaluation lab performing research of front-edge technologies. The team, made of embedded engineers, security researchers and cryptographers, has the complementary skills that allows CYSEC to engineer and develop home made test benches with high performance.
For more information, please visit: www.cysec.com/lab/