ICS threats to productivity

Technical Error States in Industrial Control Systems

With a Rhebo Industrial Security Assessment, industrial companies and operators of critical infrastructure gain complete transparency of their Industrial Control System (ICS). All suspicious componentes, connections and communication processes are identified. The results enable those responsible for cybersecurity to immediately eliminate threats and to secure their ICS.

‍The following examples showcase typical results from Rhebo audits and the identified technical error state in ICS.

‍Also, explore the anomalies that threaten the cybersecurity of ICS.

Remedying Communication Errors

Analysis

Rhebo Industrial Protector identified devices which sent TCP packets with incorrect checksums. The checksum validates, if the respective communication has been transmitted correctly.

‍

TCP checksum errors usually indicate transmission problems due to faulty network components.

Productivity Threat

Incorrect communication can endanger process stability.‍

‍

Threats:

costs due to technical disruptions
financial loss due to increased downtimes

Exchanging Damaged Equipment

Analysis

The communication pattern shows errors in the transmission of cyclical messages in the ICS. The messages are sent too early, too late or are completely missing.

‍

Errors in cyclical messages indicate increased latencies in the network.

‍

The reasons can be misconfigurations, software errors or dysfunctional equipment.

Productivity Threat

Errors in cyclical messages impair real-time processes in particular, which are dependent on a time-critical delivery of data. This can seriously disrupt production processes.

‍

‍Threats:

costs due to disruptions, troubleshooting and repairs
financial loss due to increased downtimes

Check Your ICS for Malfunctions

Securing Real-Time Processes

Analysis

Individual communication shows a deviating round-trip time, either repeatedly or during certain network states. Stable round-trip times are an indicator for a consistent network quality and optimal functioning of the ICS.

‍

Increased round-trip times indicate overload conditions.

Productivity Threat

Increased round-trip times impair real-time processes in particular. Amongst other, this can lead to interruptions, quality problems or downtimes in production.‍

‍

Threats:

financial loss due to quality problems
costs due to disruptions and troubleshooting
financial loss due to increased downtimes

Securing Process Stability

Analysis

Rhebo Industrial Protector reported that communication is missing either the ACK or SYN-ACK packet in a TCP handshake. Several parameters suggest that this anomaly was not caused by malicious scanning activities.

‍

In particular, the anomaly may indicate regular packet losses in ICS communication.

Productivity Threat

The process stability is endangered by misconfigurations or errors in the transmission channel. The packet losses can lead to process errors and thus to malfunctions or system downtimes.‍

‍

Threats:

financial loss due to quality problems
costs due to troubleshooting and additional quality control
financial loss due to increased downtimes

Eliminating Overload Conditions

Analysis

Several devices (e.g. ports or other network components) show a TCP window size of 0.

‍

The affected device is probably overloaded or the respective application runs in an endless loop.

‍

The affected device can no longer receive and process data as planned.

Productivity Threat

The anomaly endangers the process stability to a high degree. In particular, real-time processes are affected. This can lead to interruptions or downtimes in production.‍

‍

Threats:

cost due to disruptions, troubleshooting and repair
financial loss due to increased downtimes

Get in touch with us

Write or call us to discuss your requirements for OT cybersecurity and intrusion detection.

Schedule a online demo

Let us show you hands on how Rhebo advances your company’s OT cybersecurity posture.

Schedule an online demo