The BSI has released Snort rules for TriStation
Operators of industrial plants, especially in the chemical industry, should listen up. The German Federal Office for Information Security is currently working on new security rules for industrial security systems.10 Jul. 2018 David Schahinian
An attack on a security system of an industrial plant in the Middle East transpired in December 2017. Security experts reported that valid TriStation commands were used to transmit the malware. This is a Schneider Electric communication protocol, which is used in security systems for industrial plants. It is mainly used in the chemical industry, but according to heise.de it is also used in the energy and pharmaceutical industries. TriStation is used for diagnosis, configuration, and programming of manufacturer’s safety controllers. etz.de reported that this was the third hacker attack on an industrial controller, but the first on a security controller was affected. However, due to an unsuccessful validation, the system safely shut down. "The obvious goal was to damage the industrial plants, the environment, or production," etz.de continued. Schneider Electric commented on the incident as well.
The German Federal Office for Information Security has now released Snort rules for the protocol to protect against similar attacks. Snort is an open source solution for monitoring networks. These rules are based on the findings of the attack last year. Thus, valid packages that show abnormalities trigger an alarm. In addition, the sending of important valid packages is documented in a logfile and can be examined for legality. However, TriStation is not the only protocol used in security systems for industrial installations. Therefore, according to its own information, the German Federal Office for Information Security will look into the creation of Snort rules for other protocols.
Interested in news about exhibitors, top offers and trends in the industry?
Your web browser is outdated. Update your browser for more security, speed and optimal presentation of this page.Update Browser