Applied Risk launches ICS/SCADA Security Lab to address emerging industrial security threats

The ICS Security Lab has been launched by Applied Risk

The ICS Security Lab has been launched by Applied Risk

Applied Risk, a specialist in the development of industrial control systems security, has announced the launch of its ICS Security Lab to help protect industrial assets and infrastructure from costly cyber attacks. The lab has identified its first vulnerability in Moxa EDS-405A/EDS-408A-managed Ethernet switches, allowing attackers to remotely compromise their availability, integrity and confidentiality with potentially devastating consequences for connected industrial assets across multiple sectors.

The ICS Security Lab has identified three key vulnerabilities and detailed them in its latest advisory. The first is in the administrative web interface of the switches. The control that prevents a user-level account from modifying settings could be easily circumvented to allow increased privileges.

Another is a Denial of Service issue that could allow an attacker to cause a device to restart via a specific URL.

The third vulnerability is a cross-site scripting bug in the administrative web interface which can be exploited to inject arbitrary JavaScript code in the admin interface.

Jalal Bouhdada, founder and principal at ICS and a SCADA security consultant for Applied Risk, explained: “Responsible disclosure and collaboration with vendors is the optimum approach for ensuring any and all security flaws are highlighted in hardware and software. The positive response from the vendor and its professionalism throughout the process has helped Applied Risk and Moxa to validate and issue a fix for all reported security flaws.”

‎Based in Amsterdam, Applied Risk’s new ICS Security Lab delivers “unique market and threat analysis” across the chemical, manufacturing, pharmaceutical, power, water, oil and gas sectors. Armed with the latest vulnerability research, reverse-engineering protocol and source code analysis techniques, its expert team of researchers are now able to provide early warning of emerging ICS threats and detail their legitimacy while also confirming affected code bases, products, versions and configurations.

Vulnerable and infected ICS systems can also be identified, along with exploit attempts or malware activity. Part of the ICS Security Lab’s service also involves remediation activities, including workarounds and configuration changes configured to safeguard systems for both suppliers and system owners.

Full use of operating infrastructure

Erwin Paternotte, senior ICS/SCADA consultant at Applied Risk, stated: “Left unchecked, the Moxa vulnerabilities and similar threats could have disastrous consequences. You are effectively handing a facility’s keys to an attacker and giving them full use of your operating infrastructure. The problem can sometimes lie in issues as simple as the use of default passwords, hard-coded encryption keys or the poor authentication of firmware updates. As seen with Moxa, our lab is dedicated to identifying vulnerabilities as part of the product development and ensuring security updates are issued by the vendor in the shortest time possible.”

Launched in conjunction with the ICS Security Lab, the Online ICS cyber security awareness training platform devised by Applied Risk is specifically designed to establish a widespread and deep-rooted industrial control systems security culture across organisations. It introduces participants to the challenges of technology convergence before dealing with a threat’s real-world impact, the detailed anatomy of a cyber attack and how the defence-in-depth concept is actively applied to businesses.

Other training options outline the techniques for mitigating cyber risks while identifying key elements for addressing process control system security and good practice principles.

The online training is provided in a SCORM-compliant format and can be hosted either in an organisation’s own compliant learning management system or in Applied Risk’s own hosted platform.

Jalal Bouhdada continued: “No matter the industry sector, for businesses to create the most secure and reliable operations it’s very much the case that training is a necessity. Staff must learn how to contribute to an environment that, at its core, is secure by design, secure by default and secure by deployment.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts