CyberX and Emerson Automation Solutions recently presented in a joint session on the main stage at the ICS Cyber Security Conference in Atlanta.
Titled “ICS Security Researchers & Automation Vendors: Building Mutual Trust,” the session described a real-world example of how security researchers from CyberX uncovered a vulnerability in an ICS product and worked cooperatively with the ICS supplier.
In this Emerson Automation Experts blog post, Emerson’s chief blogger describes key points from the session:
- CyberX provides an industrial cybersecurity platform for ICS asset discovery, identifying critical risks and attack vectors, and continuous network monitoring with behavioral anomaly detection and threat intelligence. In the course of enhancing their embedded analytics to support diverse industrial protocols, including proprietary protocols, they sometimes uncover vulnerabilities in ICS devices. They then work with the ICS suppliers to fix the vulnerabilities.
- During this research, the CyberX team uncovered a vulnerability in the DeltaV control system. They communicated this vulnerability through ICS-CERT to inform Emerson’s DeltaV technology organization and start the responsible disclosure process.
- The DeltaV product security incident response team performed root cause analysis, identified the solution, developed a patch, and fully tested across all the currently supported DeltaV versions. Once this testing was performed across all these versions, DeltaV users were provided patches to eliminate the vulnerability. Once this communication and patching process had occurred, ICS-CERT made public disclosure of the vulnerability.
- This collaboration between cybersecurity platform and ICS suppliers followed a responsible disclosure path where the solution could be identified, developed, fully tested and deployed before a disclosure was made.
The blog post concludes:
- When evaluating and improving your cybersecurity defenses, make sure to work with your supplier to develop adequate defense-in-depth strategies, work processes, training, and ongoing support.
- Just as continuous monitoring of process variables is critical for process control and safety applications, so is ongoing cyber-defense monitoring. As [Neil Peterson, DeltaV Product Marketing Director] explained in this session, continuous monitoring is essential for immediately detecting if and when cyber attackers have compromised your control network—so you can stop them in the early phases of a breach, before they can cause any real damage.