Lost in Translation: When Industrial Protocol Translation Goes Wrong

This paper looks at the protocol gateway (also known as the protocol translator), a small, simple device that mainly translates various protocols and physical layers (i.e., Ethernet and serial lines).

This translation allows different sensors, actuators, machinery, and computers that operate factories, dams, power plants, and water processing facilities to communicate with one another.
We found various security issues and vulnerabilities in these devices, including:

Authentication vulnerabilities that allow unauthorized access.
Weak encryption implementations that allow decryption of configuration databases.
Weak implementation of the confidentiality mechanisms that could expose sensitive information.
Conditions for denial of service (DoS).
And most importantly, specific scenarios wherein an attacker could exploit vulnerabilities in the translation function to issue stealth commands that can sabotage the operational process.

These vulnerabilities could affect a facility’s safety, processes, and output significantly. The flaws could allow an attacker to use denial of view1 and denial of control2 techniques on the industrial control system (ICS) equipment behind the protocol gateway, or manipulation of view3 and manipulation of control4 methods that can affect the integrity of the command, data, and control process. Denial and manipulation of view and control prevents engineers from controlling or monitoring factories, power plants, and other critical facilities. This loss of control could result in the target facility’s failure to deliver essential output such as power and water, or affect the quality and safety of a factory’s products.

Complete the form below to download your FREE copy of ‘Lost in Translation: When Industrial Protocol Translation Goes Wrong’.