Anatomy of ICS Attacks

The potential of physical, financial and ecological damage, combined with the vulnerability of ICS networks and lack of visibility and control, makes ICS an attractive target. ICS attacks essentially amount to altering controller logic. The controller logic determines the process limit settings and the steps to prevent the process from reaching these limits (for example: never let the temperature go above 110 degrees).

Day-to-Day Operations

If a malicious attempt is made to change a process control parameter (e.g. raise the temperature in a turbine to an unacceptable degree), the controller will prevent the change thus negating possible damage to equipment.

Regular
Activity

Unauthorized Activity/ Attack Scenario

If an attacker changes controller logic and removes these thresholds, the process can deviate from safe operating conditions. A more sophisticated, yet simple to code scenario would cause a controller not only to bypass thresholds, but also send back false data to HMIs and Historians.

Attack Scenario/
Unauthorized PLC changes

To gain visibility and prevent disruptions and operational damage from unauthorized or mistaken PLC logic changes, proprietary control-layer activity must be monitored.

Why Indegy?

Want to see a demo?
We will be happy to schedule one for you.