TUV said: EVERY LITTLE INTERNET INFRASTRUCTURE IS ATTACKED and many dangers threaten are daily done, it is common knowledge today. But because more and more machines, production facilities and all attachments over the Internet network are, keyword industry 4.0, will assess the risk of hacker attacks as possible real industry. Now shows an experiment: the risk situation is a huge threat greater than previously feared – and also for small companies.
Nobody is too small or too insignificant, even a mini – hydroelectric power plant on the country not to become a target of attacks from the Internet. This shows an eight experiment of TÜV Süd. Its professionals have created a so-called HoneyNet which was visible in the Internet as a small insignificant waterworks in a German town. “A Honeynet is a system that should attract attackers and allow the analysis of access and attack actions,” says Dr. Armin Pfoh, Vice President of strategy & innovation at TÜV Süd.
Honeynet together with the utility industry guard
So the Honeynet convincingly acted as real water works in the Internet, the TÜV experts together with representatives of the utility industry developed the practical design of the system and the safety precautions and implemented. Because only if the system really works, it is interesting as a target for attackers. “To this end we have set up a so-called high interaction Honeynet, which combined real hardware and software with a simulated environment”, explains.
60,000 requests from 150 countries
The balance: more than 60,000 hits on their virtual infrastructure from over 150 countries experienced IT professionals. The first access was on the honey net almost simultaneously with the “arming” of the virtual plant and the enemy never rests.
“So we could prove that even a relatively minor infrastructure network is perceived and researched out”, says Dr. Thomas Störtkuhl, senior security expert and team leader industrial IT security at TÜV.
China and United States attack the most according to IP addresses
Led the list of attackers countries of China with 2995 followed attacks in the eight months, by the United States with 2318 attacks. Three stands with 934 attacks South Korea ranked. 366 times attacked the virtual water from their own country.
However, it is clear that the national IP addresses allow not load enabled statement about the actual location of the attacker. Also, the traffic in part through covert IP addresses were carried out.
Also industrial protocols are affected
Visits are not limited to the standard protocols of Office IT, but came through industry protocols such as Modbus TCP, or S7Comm. “The requests about industrial logs were significantly less common, but also came from all over the world”, warns Störtkuhl. This means that gaps in the security architecture of control systems are discovered and the systems are thus vulnerable to any attack.
No one is spared from attacks
“Even small or unknown companies are discovered or seen because constantly from San Diego’s actions in the Internet”, warns Störtkuhl. Because these companies can become victims of a wave of attack, even though they were not explicitly selected. “If companies once ended up with San Diego from actions on the monitor from potential attackers”, says security expert, “Also a targeted attack at a later time is easier.”
Warning shot to the industry 4.0
Thus, the experiment is a clear warning shot to the industry 4.0, where everything on the Internet is connected. The companies are invited to rethink their security arrangements. Because the increasing digitization and networking is the infrastructure and production facilities and creating new gateways for possible abuse. The range of espionage to the sabotage.