Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Risks to ICS Environments From Spectre and Meltdown Attacks

The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010.

The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010. Many AMD, ARM and other chipsets are also affected.

Spectre and Meltdown are different, but related. Spectre comprises two vulnerabilities: CVE-2017-5753 (bounds check bypass) and CVE-2017-5715 (branch target injection), while Meltdown consists of CVE-2017-5754 (rogue data cache load).

These vulnerabilities make systems susceptible to ‘side-channel’ attacks, which rely on physical hardware implementation, and do not directly attack the logic or code. These types of attacks generally include things such as tracing electromagnetic radiation (i.e. TEMPEST), monitoring power consumption, analyzing blinking lights, cache analysis, etc.

Which devices are at risk?

Whether or not a specific device is at risk depends on multiple factors, such as chipset, firmware level, etc. Needless to say, we can expect substantial research and patching in the near future.

Many HMIs, panels, and displays utilize the affected chips. Some PLC manufacturers are still assessing the threat

Many systems that support industrial controllers such as automation systems, batch control systems, production control servers, printers, OPC Systems, SCADA systems, peripheral devices, and IIoT devices including cameras, sensors, etc., are likely vulnerable. However, Spectre and Meltdown vulnerabilities in these systems does not necessarily mean industrial control devices are at risk.

What is the impact to industrial control devices and systems?

Advertisement. Scroll to continue reading.

The Spectre and Meltdown vulnerabilities can be used to compromise a device, allowing an attacker to access privileged data in the system. The vulnerabilities do not grant access to the system, they only enable attackers to read data that should otherwise be restricted. In other words, an attacker still needs to break into the system to execute the attack.

While this is a serious threat in systems with multiple users, like a cloud solution for example, it doesn’t pose a high level of risk in single-user systems.

To use an analogy, these vulnerabilities essentially enable you to read people’s minds — as long as you’re in the same room with them. You could access data that’s meant to be private, such as secrets, confidential or sensitive information, and more.

If you’re in a room by yourself, you already have access to all the secrets of the people in that room – i.e. yourself. What’s the point of executing an attack on your own mind, if you already have access to it?

In a nutshell, that’s the idea behind Spectre and Meltdown. They’re effective in a multi-tenant environments where one user’s secrets must be kept private from other users.

Since ICS environments are not multi-tenant, these vulnerabilities do not enable access to any data not already available to anyone with system access. 

What can be done to mitigate the risk?

First and foremost, being aware of what exists in the ICS environment is critical, since undocumented devices can’t be secured. Therefore, automated asset inventory tools are essential to understanding what equipment is at risk and requires attention.

Next, having in-depth visibility into asset inventory is vital. Without this, you’re left with a list of industrial devices that must be manually examined to determine whether their specific hardware module is affected.

Automated ICS asset inventory tools are also valuable for identifying vulnerable devices and tracking patching efforts. 

Finally, in order to exploit these vulnerabilities, an attacker needs access to the network. This emphasizes the importance of having a network monitoring system, which can identify anyone connecting into the network, as well as communicating with or modifying key assets.

Related: Learn More at SecurityWeek’s ICS Cyber Security ConferrenceSingapore | USA 

Related: ICS Vendors Assessing Impact of Meltdown, Spectre Flaws

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...