Technical Error States in Industrial Control Systems
With a Rhebo Industrial Security Assessment, industrial companies and operators of critical infrastructure gain complete transparency of their Industrial Control System (ICS). All suspicious componentes, connections and communication processes are identified. The results enable those responsible for cybersecurity to immediately eliminate threats and to secure their ICS.
The following examples showcase typical results from Rhebo audits and the identified technical error state in ICS.
Also, explore the anomalies that threaten the cybersecurity of ICS.
Remedying Communication Errors
-
Analysis
Rhebo Industrial Protector identified devices which sent TCP packets with incorrect checksums. The checksum validates, if the respective communication has been transmitted correctly.
TCP checksum errors usually indicate transmission problems due to faulty network components.
-
Productivity Threat
Incorrect communication can endanger process stability.
Threats:
- costs due to technical disruptions
- financial loss due to increased downtimes
Exchanging Damaged Equipment
-
Analysis
The communication pattern shows errors in the transmission of cyclical messages in the ICS. The messages are sent too early, too late or are completely missing.
Errors in cyclical messages indicate increased latencies in the network.
The reasons can be misconfigurations, software errors or dysfunctional equipment.
-
Productivity Threat
Errors in cyclical messages impair real-time processes in particular, which are dependent on a time-critical delivery of data. This can seriously disrupt production processes.
Threats:
- costs due to disruptions, troubleshooting and repairs
- financial loss due to increased downtimes
Securing Real-Time Processes
-
Analysis
Individual communication shows a deviating round-trip time, either repeatedly or during certain network states. Stable round-trip times are an indicator for a consistent network quality and optimal functioning of the ICS.
Increased round-trip times indicate overload conditions.
-
Productivity Threat
Increased round-trip times impair real-time processes in particular. Amongst other, this can lead to interruptions, quality problems or downtimes in production.
Threats:
- financial loss due to quality problems
- costs due to disruptions and troubleshooting
- financial loss due to increased downtimes
Securing Process Stability
-
Analysis
Rhebo Industrial Protector reported that communication is missing either the ACK or SYN-ACK packet in a TCP handshake. Several parameters suggest that this anomaly was not caused by malicious scanning activities.
In particular, the anomaly may indicate regular packet losses in ICS communication.
-
Productivity Threat
The process stability is endangered by misconfigurations or errors in the transmission channel. The packet losses can lead to process errors and thus to malfunctions or system downtimes.
Threats:
- financial loss due to quality problems
- costs due to troubleshooting and additional quality control
- financial loss due to increased downtimes
Eliminating Overload Conditions
-
Analysis
Several devices (e.g. ports or other network components) show a TCP window size of 0.
The affected device is probably overloaded or the respective application runs in an endless loop.
The affected device can no longer receive and process data as planned.
-
Productivity Threat
The anomaly endangers the process stability to a high degree. In particular, real-time processes are affected. This can lead to interruptions or downtimes in production.
Threats:
- cost due to disruptions, troubleshooting and repair
- financial loss due to increased downtimes