Have you heard of Stuxnet? Stuxnet is a worm designed to manipulate and sabotage Iranian nuclear plants. For this purpose it attacked their control system and exploited a variety of vulnerabilities. These attacks were regarded as theoretically possible, however, its practical execution marked a watershed in the security assessment of industrial systems.
SCADA (Supervisory Control and Data Acquisition) is a generic term for industrial control systems (ICS) and programmable logic controllers (PLC). Such systems are used in critical infrastructures like power and water supply, local and long-distance traffic, factories, hospitals or home solar power and heating systems. In the past, executing programs and certain commands at a guaranteed time were the main requirements for these devices. Thus, for example, it is ensured that a bottle filling system bottles only as much liquid as predetermined or is stopped immediately in case of an incident.
The communication of control systems takes place via the open format Modbus protocol or the S7 communications protocol developed by Siemens. Security didn't play any role in their design, because the access to the decives understanding the protocols demanded also physical access. However, more and more devices are connected to the internet and are thereby left defenceless against new threat scenarios.
We offer our assistance for the following issues:
- Network security (Penetration, VPN, Firewalls)
- Security audits
- Protocol analysis (z.B.: Modbus, S7-Comm)
- Identifying vulnerabilities