The risk of attacks against ICCP servers is high and can have severe implications. Protecting the ICCP server mitigates the attacker’s possibility to propagate the attack over the network and special solutions are needed to do so.
Different attack scenarios are plausible against ICCP servers, each with a different level of impact:
- Eavesdropping or tampering with process control data.
- Denial-of-service attacks, or remote code execution in the ICCP server application. By exploiting vulnerabilities in the implementation, and consequently disrupting the availability and/or integrity of the server.
- Arbitrary code execution on the ICCP server machine. By exploiting vulnerabilities in the implementation of the ICCP application, or in any other services running in the machine, arbitrary code is executed, privileges are escalated, and consequently the machine is taken over. New attacks can thereafter be launched against either the local SCADA/ICS systems or against other ICCP servers.
The ICCP server process implementation and the ICCP server machine can be protected using Advenica’s ZoneGuard, a stand-alone device developed from the ground up as a security device with a hardened high assurance security platform.