(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Of PLC Controllers and Obvious Statements

with one comment

The Summary from :



Teague Newman
Tiffany Rad, ELCnetworks, LLC
John Strauchs, Strauchs, LLC

A logical conclusion to this research is that our findings do not only pertain to PLC and SCADA vulnerabilities in correctional facilities, but in any high-security location that uses these technologies as well as in manufacturing plants, transportation and just about anywhere that multiplexing is used. When securing the country’s most dangerous liabilities, we encourage that more attention be paid to access control, network security/segmentation and personnel policies. And as was the case with Stuxnet, proper adherence to secure operating procedures will greatly reduce the chances of infection of PLCs and control computers from the inside and outside of a secure facility.

Wait, you’re telling me that PLC systems (SCADA) are vulnerable and there are systems out there that are rather important that are likely vulnerable because of this?



Sorry, just had to get that out of my system there. Seriously though, there is nothing new at all here with this white paper other than the fact that the prisons actually use these systems to keep the doors shut. Sure, if someone were savvy enough to get some code together (and it seems that there were some off the shelf exploits by the wording in the document) could possibly cause all of the doors in a penitentiary to open or close.

Uh, yeah.. Just like the same kinds of exploit code written for any other PLC system that is vulnerable (and lets face it, they all are) to make, say, a generator eat itself and burn up (see video here by DHS) Or maybe say, oh, I dunno, affect the rotational speeds of centrifuges in a nuclear fuel processing center?

Oh yeah, I remember now! That’s been done!

Stuxnet, still making waves in the news cycle was an important wake up call for the general public and not so much for the security world. Sure, the complexity and chaining of exploits (0day) to keep the Stux in the Natanz systems was APT all the way, but the concept of affecting SCADA systems adversly had been around for quite a long time. Just ask anyone who has maybe ping sweeped a factory with computer controlled PLC’s.

Shit will happen.

So, post Stuxnet, this paper and the presentation to follow at DEFCON this year seems more like a call for attention and perhaps a marketing scheme than anything revelatory befitting a talk at DEFCON. Having read the paper, it leaves me nonplussed as to why this s being presented at all. What is surprising is that companies and entities government or otherwise have not taken steps to insure that their PLC systems are not vulnerable. Furthermore, all those who use these systems for important functions like power regulation should in fact be screaming for security testing and upgrades to each and every maker of PLC systems. What we get though usually are excuses if not just silence


So, this paper and talk point out that prisons use the PLC’s and they are vulnerable to attack. It also makes mention that these systems seem to be connected to networks with internet connectivity!


Not much else to see here is there? These things we all know. In fact, the whole point of the Stuxnet attack was to blend it so that it would work in an air gapped as well as network environment! So, what exactly are you saying here Strauchs’ that is telling us anything we already didn’t know? Had the writers actually come up with some plans or legislation or even a call to arms for all PLC makers to secure their products, then I would say they have something to hang their hat on.. What you get here is “ho hum”

“Many places use PLC’s to control their operations”

“Many of those places connect their systems to networks with internet connections”

“The majority of PLC code is vulnerable to attack!”

…. Wait… Is that the CAPTAIN OBVIOUS sign in the sky over Las Vegas!?!?

See you there.




Written by Krypt3ia

2011/07/31 at 00:14

One Response

Subscribe to comments with RSS.

  1. The problem with saying that PLC or SCADA systems are vulnerable to attack is that it’s awfully close to saying that transistors or power supplies are vulnerable to attack. Yes, they can be used to affect the systems they control, much like a “hacked” brake system could affect the operation of a car. PLC and SCADA are right down on the “bare metal” of industrial operations. They’re not where the vulnerability lives, since they’re functionally equivalent to “layer-1.” PLCs and SCADA systems will execute any command given to them, precisely because THAT IS THEIR FUNCTION. They’re not intelligent enough to make any “this is good/this is bad” decisions, because the intelligence is supposed to be built into the management systems that control them.

    The mistake is that PLCs and SCADA systems are plugged directly into the net. It is possible to build a very simple device, using a NIC, an embedded controller and a transistor, to toggle a lamp when it receives a UDP packet. That lamp would be “vulnerable” to hostile control, precisely because it’s designed to do just what it does, take a UDP packet, and respond. SCADA systems work the same way – they scan devices for status, switch relays and set analog output values, and report back their findings to a management and control system (whether by ethernet or RS-422, RS-485 or even good old RS-232 serial port attached to a 300 baud modem). The hack occurs one level up, by gaining access to that connection, by attacking the management system or hacking into Layer-1/Layer-2 to talk directly to the device. Even Stuxnet did its damage by taking over the PCs controlling the PLCs, not by invading the PLCs themselves.

    Bottom line: SCADA and PLC is too stupid to be “hacked.” So is a transistor. The hysteria surrounding the vulnerability of SCADA systems is misdirected – the real vulnerabilities are in how they receive communications.


    2011/08/16 at 14:26

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: