LOGIIC: Linking the Oil and Gas Industry to Improve Cybersecurity
Project 12. Safety Instrumentation and Management
LOGIIC conducted Project 12, Safety Instrumentation and Management, in 2019-2020. The final technical report highlights numerous consequential and reoccurring exploitable weaknesses found during the project and provides a roadmap for the short-, mid-, and long-term risk mitigations.
Industrial Control Systems use safety instrumented systems (SISs) to monitor operations and take automated actions to maintain a safe state when abnormal conditions occur. Instruments such as transmitters, valve controls, and fire and gas detectors provide inputs and controls to safety system function. Instruments have been modernized over time to provide smart features such as valve partial stroke testing.
The lack of security concepts in the HART protocol necessitates the use of alternative methods to protect devices from unauthorized modifications. Protections considered under Project 12 included a hardware write-protect switch on the instrument, a software-based write-protect password or pin code on the instrument, password on the IMS/AMS (or its underlying operating system platform) that remotely manages the instrument, and a variety of disparate protections provided by various SIS solutions.
Successfully demonstrated attacks used commonly available attacker tools and exploited common-knowledge architectural weaknesses that were present in all four assessments. These attacks required a low to moderate level of effort to exploit and included effects that can significantly impact device safety function.
Project 12 exposed the risks associated with the two architectures and determined the circumstances under which each architecture poses the least risk. Key findings include:
Because of this, we conclude that safety systems are vulnerable to malicious attacks that may be undetectable in practice. Extreme caution should be taken before introducing any software, which could insert malware into the process control environment. We cannot sufficiently emphasize the severity of this vulnerability.
We recommend a vulnerability mitigation roadmap of short-, mid-, and long-term actions. Short-term actions are things that asset owners can do immediately to reduce their exposure and risk. Mid-term actions are things that asset owners can do cooperatively with vendors. Long-term actions are things that standards bodies and vendors can do to improve the security of safety system products.
Additional public materials and briefings:
"Getting to the HART of the Matter: An Evaluation of Real-World Safety System OT/IT Interfaces, Attacks, and Countermeasures",
LOGIIC is a collaboration of oil and natural gas companies and the U.S. Department of Homeland Security, Science and Technology Directorate (DHS S&T). We would like to thank DHS S&T for its leadership, vision, and commitment to enhancing ICS cybersecurity. We also acknowledge the numerous vendors who cooperated in this project and provided equipment and many staff hours. This project could not have been done without this support. Finally, we would like to thank the Project 12 test team, which included Dragos and Secrabus. These two organizations provided detailed technical analyses of safety system components that were critical to the success of this project. Work performed by SRI International was funded under contract to DHS S&T.