Industrial cybersecurity company OTORIO has released an open source tool designed to help organizations harden Siemens’ SIMATIC PCS 7 distributed control systems (DCS).
The tool has been made available on GitHub as a PowerShell script, and OTORIO says it has been tested on Windows 7, Windows 10, Windows Server 2012 R2 and Windows Server 2016. Users only need to run the script as an administrator.
According to the cybersecurity firm, the script is designed to assess the security configuration of the SIMATIC PCS 7 OS client, OS server and engineering station.
It collects data from various sources, including the Windows registry, Windows Management Instrumentation (WMI), running services, PCS 7 Web Navigator and Information Server configuration files, RsoP (Resultant Set of Policy), and security policies related to passwords. The data is then analyzed based on OTORIO’s research into PCS 7 DCS and security recommendations from Siemens documentation.
Matan Dobrushin, OTORIO’s head of research, told SecurityWeek that based on his team’s experience, it’s more cost-effective to start with server configurations when securing an environment. Additionally, it can be far more efficient compared to patching software vulnerabilities, considering that the process reduces risk to the entire operational project, unlike plugging a single security hole on a single asset.
“The control servers are the ones responsible for the complete operational process, making them the ‘crown jewels’ of the network,” Dobrushin explained. “Based on the knowledge gathered from studying previous attacks, we see that the number of vulnerabilities exploited is not high (in comparison to other security issues exploitation). From our experience, this is the case in a lot of modern attacks. So, if you have limited resources, and you always have limited resources, you should probably start mitigating the easy, and most cost-effective issues.”
The researcher believes it’s important that industrial organizations secure PCS 7 environments as this is one of the most commonly used DCS solutions in a number of verticals, particularly manufacturing.
“Once an attacker has a network with PCS 7 in his sights, he really does not have a better way to impact the network, other than to exploit the PCS 7 itself” he said.
Dobrushin told SecurityWeek that internally they have a tool that not only flags potential security issues but also fixes them.
“However, from the OT personnel perspective, fixing gaps automatically is something that may sound alarming to some, so we decided to only publish the tool for detecting those issues and allowing everyone to use their own mitigation tools,” he explained.
OTORIO plans on releasing other DCS and SCADA security tools in the near future, for products from Siemens and other prominent vendors.
“Some tools that are already in the pipeline are even more complex and check more configurations than just the Windows configurations,” Dobrushin said.