Last week two ICS security related offerings were highlighted by Microsoft, one old and one new. Kevin Sullivan suggested again that ICS vendors with legacy applications running on any version of Windows look at the Enhanced Mitigation Experience Toolkit (EMET). According to Microsoft,
The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult. EMET is designed to mitigate exploitation attempts (even of 0-days) by making “current” exploitation techniques harder and less reliable.
Some new features were added in May 2011 that give a good example of how they make it harder to write a reliable exploit for an application vulnerability (again from the Microsoft page).
- “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations).
- Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
- SEHOP (structured exception handler overwrite protection) mitigation
Imagine you are an ICS vendor with a lot of legacy code. Perhaps even a vendor actively working with a SDL now, but unable to address old code. There are likely a number of vulns in your legacy code, and the EMET will make them harder to exploit.
An owner/operator could implement EMET on legacy applications as well. Knowing this space it is unlikely to happen, but for vendors it is another control to consider while we are working through this legacy problem.
Microsoft Chemical Reference Architecture (ChemRA)
Last week Microsoft unveiled their ChemRA for the chemical and oil refinery industries. Six companies have partnered with the ChemRA launch: Accenture, AspenTech, Invensys Operations Management, OSIsoft, PROS, and Siemens.
It’s a bit hard to determine how this reference architecture will help owner/operators and asset owners at this point. The data sheet and all the documents reference “five pillars”: Natural User Experience, Application Interoperability, Enhanced Collaboration, Business Insight and Solid Infrastructure.
The Implementation White Paper then maps Microsoft solutions to each one of the five pillars. You get the full on Microsoft treatment from Silverlight to Sharepoint, Azure to Windows Phone, Office to Biztalk. It is the full set of products. The value here is if you are developing a Microsoft based solution you can see all the options you have, but it is a stretch on the control systems side.
The most interesting ChemRA document is the 27-page Vision White Paper. If time is limited jump right to the Reference Architecture Diagrams beginning on page 18. They are a bit light on the SCADA and DCS parts of the diagram but quite detailed for chemical manufacturing and pipeline for the business processes related to these control systems.
I’m not sure what the next steps are for ChemRA, but we will keep an eye on it.
Image by laura0509