ICS Security — The Blockchain Way
Saudia Arabia 2017, Ukraine 2015, Iran 2007 and United States of America 2021.
Now, this set of dates and locations may seem completely random to you, but each of the pairs represents a cyber attack that unfolded with malicious intent.
The petrochemical company in Saudi Arabia, the Ukrainian power grid, the Iranian nuclear facility and a water treatment plant in Florida all had one thing in common, vulnerabilities in their Industrial Control Systems.
Let’s roll back a bit…
Introduction To ICS & SCADA
Industrial Control Systems(ICS) are exactly what they sound like, they are a group of control systems and several different types of processes that are deployed and executed to manage industrial processes. An ICS could be a network, a process, a controller or even a sensor.
Currently, most industries employ systems such as SCADA, PLC, and DCS with SCADA being one of the most popular ones.
SCADA or Supervisory Control And Data Acquisition is an automated software that aggregates data from multiple different sensors into a central location.
SCADA is used in conjunction with Programmable logic controllers(PLC)and Remote terminal units (RTUs) which are microcomputers that interact with physical machines, sensors and other industrial devices (turbines, valves and more). These devices then extract information from physical devices using HMI (Human Machine Interface) and feed that data back into operator computers running the SCADA software. Not only does SCADA monitor and relay real-time process information, but it also allows a user to control the industrial process from remote locations, and creates event logs.
All of this sounds great, but here’s the catch…
SCADA has been around since the 1960s and even today, it is vulnerable to basic cyber exploits including RCE, DoS, and even buffer overflows. In fact, the water treatment plant that was recently attacked(Florida Water Treatment Facility) used SCADA as its ICS of choice.
IoT + ICS = IIoT
IoT infrastructure known as IIoT or industrial internet of things has been adopted into industrial control systems for over two decades. Not only are these devices cheaper, but they also encourage M2M interaction amongst different devices allowing for efficient and accurate automation.
It was projected that by 2020 there will be over 5.4 Million IIoT devices incorporated in oil extraction sites, and the booming market is expected to reach $245 Billion by the year 2027. While most industries are hopping on the IoT bandwagon, I believe that the technology is moving too fast to be able to keep up with itself.
IIoT devices are currently not secure enough to be adopted into sensitive industries.
The Data
Recently, Cyber X Labs published a report based on their survey of IoT/ICS vulnerabilities in over 3,000 deployments, here’s what they found:
- 64% of sites have unencrypted (cleartext) passwords traversing their networks.
- 54% of sites have devices that can be remotely accessed using standard protocols such as RDP, SSH, and VNC
- More than a quarter (27%) of sites analyzed have direct connections to the internet, making them potential targets of malware, targeted attacks, and even the most basic adversarial tactics such as phishing
OWASP or Open Web Application Security Project suggested that weak/guessable or hardcoded passwords, insecure network deployments and lack of a secure update mechanism were all one of the top 10 IoT threats with weak passwords ranking at number 1.
The IoT search engine Shodan features over 221,000 industrial control systems on its website, all of which you can establish a remote connection to. This leaves them vulnerable to a plethora of OTA (over-the-air) attacks
These devices are responsible for our food, water, gas, and electricity. An intrusion at such a level is not only capable of causing destruction that comes with inordinate expenses but is also capable of causing destruction where the expense is human lives.
A Blockchain Solution
Recently, I competed in a hackathon alongside 3 other awesome people. Our solution focused on solving a large part of this problem by incorporating blockchain into industrial control systems.
Now for those of you that don’t understand blockchain quite well, I have linked some solid resources to give you a basic idea of how blockchain technology functions.
The solution primarily focused on integrating password-less authentication, user-command verification, and third-party interoperability into the ICS architecture. This would address the need for stronger password choices, a secure update mechanism, and third-party vendor access.
Now third-party access wasn’t exactly on the reports I mentioned, but something related was. Recall that 27% of the sites/devices had been directly connected to the internet leaving them exposed to a bunch of attacks. We wanted to find out why that was. Upon doing a bit more digging, we realized that the industrial sites were allowing third-party access to such devices to allow the device manufacturers and maintainers to keep tabs on device health. This is something Blockchain can help us streamline in a secure and efficient way.
The Details
The solution comprised of a three-layered mechanism, the asset, IoT cloud, and the blockchain. In order to connect to and send commands to the asset, the user had to go through a series of steps.
The user journey started at the blockchain wallet. The blockchain wallet would be hosted on a trusted server or computer. Upon connecting to the wallet, the user is issued a public/private key pair which is then used to derive the account address.
The private key uses something called elliptic curve multiplication to produce a public key which is then double encoded (SHA-256 & RIPEMD160) and is introduced to base58 check encoding in order to produce an account address for the user. The account address is used to attempt and initiate a connection with the IoT cloud, where it is met with a random challenge. This challenge changes every time the user attempts to log in. Upon the successful completion of the challenge, the user is issued a Java Web Token which then allows the user to interact with the cloud and cloud APIs as they normally would.
Here’s where it gets interesting, each user command targeted at the device, will be treated as a transaction on the private blockchain. The content of each transaction will be hashed, encrypted with the user’s private key and then sent to the IoT device to be decrypted. The solution incorporates something known as selective endorsement, meaning that each transaction on the blockchain must be verified by trusted personnel on the network.
Being on the receiving end of the transaction, the IoT device compares the hash of the received content, with the hash of actual intended content. This allows the device to check for tampering and verify the integrity of the data. The IoT device then sends back a status update which includes details like software health, firmware health and more.
In terms of interoperability, the incorporated blockchain is a private one. This allows the vendors to be published third party, read on access to the blockchain to provide for real-time device health monitoring. This tackles the interoperability issue as the devices would no longer need to be provided direct access over the internet.
Network Segmentation
Parallel to the incorporation of blockchain, our solution also introduces network segmentation into the ICS architecture.
Network segmentation simply means separating an existing network into multiple subsidiary networks with their own broadcast domains. This is usually done in corporate and enterprise settings by implementing VLANs(Virtual Local Area Network). VLANs work as if they are two independent switches/routers thus one compromised router/VLAN will not compromise the whole network.
De-Brief
How do these solutions tie to our initial problems?
Allowing the user to authenticate and verify their identity using blockchain eradicates the need for passwords, let alone eradicating weak-passwords.
Treating each command as a transaction provides a safe mechanism that ensures updates are only pushed by trusted personnel, and that the file has not been tampered with.
Getting the device to broadcast health updates to the blockchain allows us to record a tamper-free log of the device's status. Moreover, we can allow third-party vendors and device manufacturers read-only access to the blockchain allowing them to monitor device health in real-time without ever connecting to it.
Incorporating this solution might not be as cool as AI dogs and gene-edited cats, but it is something that can prevent another Mirai and another Stuxnet. It is something that can save lives.