6 Minutes of Security: Water System Hack and the Implications for Hardware Security
By: John Hallman
Last month we talked about the SolarWinds hack and now this month another disturbing attack has taken place – this time on a water supply system in Florida.
Unfortunately, these types of attacks are becoming more frequent giving us all pause as to how secure the systems that serve our everyday life really are. What lessons can we take from this recent attack that we can implement to make things more secure moving forward.
Based on the evidence at hand, this attack took place over a network interface and remotely accessed the computer that controls the city’s water treatment system. The hacker briefly increased the amount of sodium hydroxide to 100 times the normal level. This sounds scary and it is, but experts speculate that the intruder was inexperienced and likely got a hold of access credentials to penetrate the system but did little to hide themselves. This inexperience was a considerable factor in the water supply being rescued early in the attack.
The city got lucky this time. The hole in the software was quickly identified allowing the city to close this easy means of entry. But hackers often just exploit the easiest means of entry first. The hardware could provide another point of entry for bypassing supposedly “secure” credentials. These systems have integrated circuits as part of the control units. What if the hacker was about to bypass the credentials through knowledge that there exists a test/debug mechanism to control the chemicals? Or similar to the SolarWinds attack, a hidden function the hardware may have a timed response to alter the control mechanism itself. It is no longer enough to have protections in just the software; the hardware needs to be protected and examined thoroughly as well.
How do we go about ensuring this level of hardware security? A significant piece of that solution is to perform a trust assessment on the hardware. We need to actively look for potential attack points and ensure the absence of vulnerabilities. Multiple classes of triggers, reliability issues, and deadlock conditions that could lead to denial-of-service (DoS) attacks are identified during this assessment.
OneSpin trust assessment capability is a quick and efficient method to root out these weaknesses. Using OneSpin, automated checks are run that identify known issues early. The technology can find things like backdoors and deadlock conditions fast without the need for verification or formal expertise. By performing this “audit” early, code and product quality can be improved reducing the risks of later exploits.
There are many “bad actors” in the world today that thrive off of exploiting products. Both intentional insertions and unintentional weaknesses or flaws are a means for exploitation. But just by doing an early trust assessment of your design can give you greater confidence it is secure. The assessment is easy, and we should most certainly start today. OneSpin has the solution at hand and can serve as valuable weapon in the prevention of attacks either intended or unintended. For ICs used in systems or products needing higher levels of assurance, more extensive methods and technology exist from OneSpin.