US firm posts PLC hacking methods online

A US information security company has posted hacking techniques for disabling programmable logic controllers (PLCs) on the Internet.

A PLC is an electronic control system that enables machinery to work as programmed and is widely used in production systems at factories and in key social infrastructure.

Alarmed by the hacking method released online by US firm Digital Bond, Inc., a US government organization has issued a warning stating that cyber-attacks against PLCs could cause a major systemic breakdown.

Four companies in the United States, Japan and France produce PLC control systems for automakers, electric power substations and others.

Japan's Economy Trade and Industry Ministry has also begun alerting PLC users about potential cyber-attack risks through relevant industrial organizations.

Digital Bond stated the firm posted the hacking method to "inform the public of the risks" of PLC breakdowns, arguing that both companies and governments have been slow to cope with PLCs' vulnerabilities.

About 2 million PLC units per year are manufactured domestically, approximately 1.4 million of which have been exported.

While cyber-attacks targeting computer control systems have sharply increased overseas, this is the first time a Japanese PLC maker has been revealed to be exposed to the risk of a cyber-attack.

The companies put at risk by Digital Bond's post are: Japan's Koyo Electronics Industries Co.; the United States' General Electric Co. and Rockwell Automation, Inc.; and France's Schneider Electric SA.

After figuring out the design flaws of the four companies' PLCs, Digital Bond posted programs attacking them on the firms' websites on Feb. 14, according to the US network security company.

Koyo Electronics has said it sells several thousands of its PLCs domestically, as well as in the United States and other countries every year.

The control systems are mainly used at automobile, semiconductor and machine tool plants.

Should the disclosed hacking techniques be abused, there is a danger that the systems involved could be illegally controlled by a remote party.

The PLCs made by the remaining three manufacturers feature designs that are more or less different from each other, and are also used at a wide range of factories and transformer stations.

Should these systems be hacked using Digital Bond's methods or other tricks, production and other systems involved would break down or develop anomalies such as abnormal restarts.

However, no direct links to Digital Bond's post have been confirmed, industry sources said.

In many overseas cases, factories equipped with PLCs have struggled with malfunctioning meter gauges and repeated abnormal flashing, they said.

The day after Digital Bond posted the hacking methods, an alarm against possible cyber-attacks was issued by the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), according to the sources.

In Japan, the Japan Computer Emergency Response Team (JPCERT), a government-authorized foundation to help cope with accidents involving industrial control systems, has recently begun warning PLC users about the problem.

Koyo Electronics has set up an internal task force to address the problem and is adding modifications to some PLC parts, the company said.

Koji Ikuta, chief of Koyo Electronics' Technology Department, has been sent to the United States to give the firm's customers written explanations about how to deal with the design flaws pointed out by Digital Bond's post.

The company also said it will soon offer similar explanations to Japanese customers.

Security measures for industrial control systems have been delayed due to the fact that PLCs are usually cut off from the Internet and are seldom considered to be subject to cyber-attacks.

Experts have noted, however, industrial control systems can be susceptible to cyber-attacks as they are linked to the Internet for maintenance checkups and other occasions.

"So far, we have produced PLCs under the assumption devices used within factories would not be connected with the outside world and gave little attention to the possibility of cyber-attacks. From now on, we should keep in mind the need to develop new high-security PLC models," Ikuta said.

According to Toshio Miyachi, a JPCERT director, "The cyber-attack menace for industrial control systems is rapidly becoming real.

"Taking into account the fact that the systems may be subject to attacks at any time, countermeasures must be worked out immediately. The US and Japan's alerts against PLC attacks should not be considered as a problem limited to the specific companies involved."

A type of shock therapy?

Digital Bond, Inc. was founded in 1998 as an Internet security company with Dale Peterson as its chief executive officer.

In an interview with The Yomiuri Shimbun, he said he came up with the idea to post the hacking techniques to raise awareness of the PLCs' weaknesses among the related governments and companies.

Peterson founded the company after working as a cryptanalyst, or code-breaker, at the US Department of Defense's National Security Agency.

In the interview, he said that he had warned PLC manufacturers against the system's design flaws by sponsoring Internet security symposiums and other events.

Peterson said he had found vulnerabilities in Koyo Electronics' PLC systems three years ago and made note of them several times, but the problem was never addressed. As a result, he decided to post the hacking techniques online "as a kind of shock therapy" to force PLC manufacturers to adequately deal with the problem