Secure Control Design
Security does not stop at the code
Embedded IoT/ICS control systems can be vulnerable to many of the traditional computer attacks. Interestingly, the can also be vulnerable to attacks that target the control specific elements such as stability and performance. An attacker can target the control system functionality by:
- Changing effective control update rates through Denial of Service or similar attacks
- Modifying data in the system from sensors (native or 3rd party)
- Finding areas of design instability that control designers did not account for
Attackers can target the control system specifically by corrupting feedback data, spoofing commands, delaying updates, and using other techniques to violate the assumptions the control designer made in the design process. Tools that attackers use to find vulnerabilities in code such as fuzzing, are easily adapted to control system attacks to find edge cases that the designer may not have considered (e.g. that combination of events cannot happen) that can lead to a system event that the attacker can exploit.
How Secmation can help
Secmation can provide security analysis in control system relevant language, not security speak, giving the control engineers actionable guidance to make their designs better. We understand that like performance and stability, security is another system trade the control engineers need to make to enable their application. We can help provide security alternatives that will make a successful design. We can also give the control engineers the tools to "think like an attacker" and quickly find and eliminate security issuers an attacker could exploit.