Yes, critical infrastructure and high value ICS need to upgrade or replace their insecure by design PLC’s and other field devices now. As stated in an earlier article, this is likely a 1 to 3 year effort, and some systems may take longer. The key is to begin the effort now, and give up the illusion that you can wait until the end of the planned lifecycle. Define a program and requirements, get a budget, set a schedule, …

My friend Eric Byres used the term “Rip and Replace” to describe upgrade and replace, and this term has been picked up by some SCADA Apologists. Yes, there are cases where Rip and Replace may be necessary, but they are the exception for anything bought in the last ten years.

The Siemens S7 PLC’s of Stuxnet fame are a great example. Security could be added to these PLC’s simply through a firmware upgrade and HMI/EWS software upgrade if Siemens chose to / customers demanded. This will be true of many PLC’s based on what we see in our lab.

If a firmware upgrade is not feasible, the next choice is a new Ethernet card with security for the PLC and HMI/EWS software upgrade. SCADA Realists, is this really so impossible? The suggested alternative is to deploy a set of less effective external security controls that are likely more work and cost than a firmware or Ethernet card upgrade.

Now if you bought a GE D20 with a CPU from the late 80’s (used in the Apple 2) and an OS that was not supported even in the 90’s you are going to do more of a Rip and Replace, but even in this extreme case there is a board upgrade path, similar GUI, etc. to go from a D20 to a D20MX. While it still has insecure by design issues, it at least is built on a platform that should be upgraded. capable of being upgraded.

Image by djrockout