Hacking Safety Instrumented Systems
The increasing complexity of modern Industrial Control Systems (ICSs) has opened up the doors to a number of new and emerging cybersecurity threats. As seen in the case of TRITON, BlackEnergy, Destroyer, and Stuxnet, to name but a few, advanced cyber attacks have the very real ability to cause major disruption and damage.
In response to these incidents, the process industry has been called upon to take greater preventive actions to ensure the ongoing security of these critical assets. However, too often, these initiatives have been temporary and compliance-oriented – as such, they have not fully addressed many of the underlying security issues.
Therefore, in order to protect mission critical systems such as ICSs and Safety Instrumented Systems (SISs), it is essential to understand potential threats and vulnerabilities associated with both. This chapter will examine various attack strategies employed by malicious actors, in the process revealing common attack channels in key areas. It also provides an overview of attack surfaces and a better understanding of the unique challenges faced by SISs in today’s world.
Furthermore, this chapter discusses some security practices and countermeasures that can be taken to safeguard SISs from potential attacks. Ultimately, this chapter aims to demonstrate that, in light of increasing cyber threat levels, a proactive approach must be taken by the wider industry to ensure safe and reliable operations.
We will be covering the following topics in this chapter:
- ICS attacks
- Understanding the SIS attack surface
- Attacking the SIS controller
- (P)0wning the Safety Engineering Workstation (S-EWS)
- Abusing the Instrument Asset Management System (IAMS)
- Replaying traffic
- Reverse engineering of a transmitter of field devices
- Bypassing a key switch
- Putting it all together
- Lab exercise – ReeR MOSAIC M1S safety PLC security assessment
