OT

tags : #area/watch #ot
source : the hacker news
date : 2023-06-28

  • In IT, safety means that data is protected through confidentiality. People get hurt when their sensitive, private data is compromised. For the enterprise, securing data saves them from breaches, fines, and reputational damage.
  • In OT, safety means that cyber-physical systems are reliable and responsive. People get hurt when a blast furnace or an industrial boiler does not function properly. For the enterprise, availability keeps systems running on time down to the millisecond, which ensures productivity and profitability.
    . In OT, the Purdue Model serves as a framework for how and why systems can and should communicate with each other.

In a highly simplified nutshell, the Purdue Model comprises five layers.

  • Levels 4 and 5 are the outermost layers that include web and email servers, IT infrastructure, and users firewalling in remotely.
  • Levels 2 and 3 are the operational layers that operate the software and applications that run OT environments.
  • Levels 0 and 1 hold the devices, sensors, programmable logic controllers (PLCs), and distributed control systems (DCS) that do the actual work and must be protected from outside interference.

Tools designed for IT hardly ever translate to OT.

  • Basic functions like vulnerability scanning can interrupt OT processes and knock systems completely offline, and most devices do not have enough CPU/RAM to support endpoint security, anti-virus, or other agents.
  • Most IT tools route traffic through the cloud. In OT, this can compromise availability and cannot support the numerous unconnected components common to OT environments.
  • The life cycles of IT tools are typically much shorter than the life cycles of OT devices. Due to the always-up nature of OT environments, any tool that needs frequent patching, updates, or downtime is not applicable.

Hundreds of solar power plants at risk for Mirai takeover

There are more than 600 solar power facilities around the world running SolarView monitoring hardware and software that's vulnerable to a flaw under active exploit. It's tied to the Mirai botnet, security researchers from Vulncheck reported this week.

The exploit in question – CVE-2022-29303 – allows remote command injection due to failure to sanitize user inputs, and could lead to takeover by a Mirai-stylebotnet. If exploited, attackers could pivot to attack additional ICS hardware, as well as cutting off monitoring of solar power facilities, affecting productivity and revenue.

Vulncheck said that IoT search engine Shodan reports more than 600 SolarView systems are connected to the internet despite the fact they should be restricted to ICS networks. While patches for the exploit, found in version 6.00 of SolarView software, have been available since last year, less than one third of the affected systems have been patched, Vulncheck said. 

To make matters worse, several newer CVEs identified by Vulncheck also affect SolarView systems, meaning even the patched third of systems could still be at risk.

The lesson? Keep your ICS network and hardware segmented from the internet, regardless of your stellar patching habits. ®

Interactive Graph
Table Of Contents
OT
Hundreds of solar power plants at risk for Mirai takeover