Because of the broad distribution at the sites of state significance SIMATIC WinCC is often a target for cybercrime and cyberterrorism.
Positive Technologies, and Siemens, a joint work aimed at improving the security of popular SCADA-system. SIMATIC WinCC is used for mission-critical and potentially dangerous objects infrastructure in Russia and other countries – nuclear power, oil and gas and chemical industries, transportation (eg, high-speed trains “Peregrine”).
Because of the broad distribution at the sites of state significance SIMATIC WinCC is often a target for cybercrime and cyberterrorism. The world famous “worm» Stuxnet was designed specifically for the system SIMATIC WinCC, which is often used in the nuclear industry, including the Bushehr plant in Iran. In analyzing the security control system that uses a system of Siemens SIMATIC WinCC, Positive Technologies experts have discovered a number of vulnerabilities that allow for complex attacks. Taking advantage of these vulnerabilities, an attacker can get full control of an industrial object. in the project to identify security weaknesses Siemens SIMATIC WinCC specialists attended the research center Positive Research – Denis Baranov, Sergey Bobrov, Yuri Goltsev, Gleb Gritsai, Alexander Zaitsev, Andrei Medov, Dmitry Serebryannikov and Sergei Scherbel.
“Technology, which built modern SCADA-systems, primarily focused on the tasks of process control. The security features in them are either completely absent or implemented as a residual. This situation will inevitably lead to an increase in incidents similar to the case of Stuxnet. The participants of security market has no choice but to prevent information security risks and work together to address the shortcomings in the systems of protection. Price trivial “holes” in the system in the case of PCS – is too high “, – said Sergey Gordeychik, technical director of Positive Technologies.
The official website of Siemens’ June 5, 2012 was published a list of vulnerabilities in the SIMATIC WinCC 7.0 SP3 and the necessary steps to correct them. Users of SCADA-system is recommended to install Update 2 and not to use the component DiagAgent in favor of the alternative software (SIMATIC Diagnostics Tool or SIMATIC Analyser). High professionalism of Computer Emergency Response Siemens Product CERT, as well as operational issues associated with the removal of detected threats, helped greatly accelerate the process of eliminating the problems in the security system SIMATIC WinCC. At the moment, checking for vulnerabilities identified in the SIMATIC WinCC added to the database Knowledge of security analysis and compliance MaxPatrol. It is worth noting that some of them found heuristic updates MaxPatrol and without knowledge of the product.
In the past 30 and 31 May an international forum Positive Hack Days 2012 were announced initiatives Positive Technologies in the field of production control systems. In addition to interacting with the Positive Technologies, Siemens and other leading developers of the various components of the PCS in the search area and eliminate vulnerabilities in SCADA – development of standards will be held secure configurations of such components.