‘Redundant installations such as the Simatic S7-400H fault-tolerant type of controllers may offer a high degree of operational safety. But who can guarantee that no one will take over the controller, crash it and compromise its security?’ asks Dr. Stefan Lüders from the computer security team of the IT department at CERN. ‘Most controllers, field devices and even actuators are now directly connected to Ethernet.’

The team led by Dr. Lüders therefore developed a special test bench for dedicated examination of the vulnerability of controllers, SCADA (Supervisory Control and Data Acquisition) systems and other Ethernet-connected devices in the market to cyber-attacks. This not only relates to protection against hackers with more or less criminal intent, but also against viruses and worms that can be introduced through a variety of channels—including USB sticks and CF cards. In contrast to the usual patches that can be installed in an office environment, controllers cannot be easily updated daily with the latest antivirus protection, even if it is available.

As part of the validation of controllers used at CERN, at the test bench on Control System Security at CERN (TOCSSiC), 31 devices from seven manufacturers were systematically tested for penetration resistance with the vulnerability scanners Nessus and Netwox. Taking all different firmware versions into account, this led to 53 tests in total. In addition to interference through overload (Denial of Service, DoS), the tests also included provoked attacks on vulnerabilities in operating systems by infiltration of malicious software and ‘malicious’ manipulation of TCP/IP-based protocols. About one third of the tested devices failed these tests and has shown severe security problems.

Approximately one third of the devices came from the Simatic S7 product series, some with an integrated Ethernet interface, some with separate communication processors, such as the CP 343-1 Lean for the S7-300 series.