I’ve spent a lot of time in the depths of aging industrial power plants and the control houses of transmission substations. I’ve walked the aisles of countless steel cabinets taking inventory of the gear used to protect and control what’s been described as the most complex system on earth. Within these cabinets can be found a smattering of equipment both new and very old, sharing the same space.

Interspersed between the modern switch and routing gear can be found what are typically referred to as Intelligent Electronic Devices (IEDs) of varying age. Some name plates have manufacture dates from the 70s, while others have one that falls within any era in-between then and now.

Meticulous cable management indicates to me that a lot of care went into the construction of these critical facilities but it’s obvious that much of the infrastructure goes untouched for long periods of time.

A typical best case refresh rate for IT departments varies between two and four years for end-user equipment like workstations and printers, and similarly four to six years for core network infrastructure like servers, switches, routers and firewalls.

This is a far cry from what is typical for Industrial Control Systems (ICS) whose network components and IEDs (which are made up of programmable logic controllers, relays, sensors, etc.) are often not replaced until they fail (which is rare) or a forklift upgrade occurs (equally rare).

These systems flew under the radar of would-be attackers for many years until these systems began to be interconnected to external networks; they are more commonly no longer “air-gapped.” This newly established connectivity allows for convenience to facilitate remote access by engineers and telemetry data to be shared amongst partners either voluntarily or by requirement.

This, of course, exposes these once-disconnected networks to (Read more...)