Unlike IT system updates or patches, which can be done using automated server-based tools and are widely applicable, ICS updates are specific to the equipment vendor. Outages or interruptions (even something as simple as a reboot) might not be acceptable, and if unplanned can result in significant risk to mission. ICS devices directly control time critical processes and have little margin for delay. In an ICS, mission operations, safety, public health, and avoiding equipment damage are the primary con- cerns. In a typical IT system, data confidentiality and integrity are the primary concerns. The cyber security issues faced by ICS differ from typical information technology (IT), and this re- quires a different and more specific approach to assess, test, and mitigate ICS vulnerabilities. Unfor- tunately, these sorts of devices are often rife with cyber security vulnerabilities that can lead to significant risks for mission performance, or even unsafe conditions during routine OT&E. Executive Summary Industrial control system (ICS) field devices like PLCs play a critical role in the safe and reliable operation of Department of Defense (DOD) platforms and weapon systems operations. Also, there were key contributions by other Sandia National Laboratories (SNL) personnel supporting the analysis, particularly from Mitch Martin, Tricia Schulz, Chris Davis, and Nick Pattengale, and from Pacific Northwest National Laboratory (PNNL), especially Chris Bonebrake, Jim Brown, and Katy Bragg.
Acknowledgements The authors would like to acknowledge the funding and technical support from the Office of the Director, Operational Test and Evaluation (DOT&E) for the development of this more » paper.
This document describes an assessment methodology that addresses vulnerabilities, mitigations, and safe OT&E. Furthermore, common procedures used during Oper- ational Test and Evaluation (OT&E) may unexpectedly lead to unsafe or severe impacts for the field devices or the underlying physical process. Many have significant cyber vulnerabilities that lead to unacceptable risk. Programmable logic controllers (PLCs) and other field devices are important components of many weapons platforms, including vehicles, ships, radar systems, etc.
0 kommentar(er)
