Safeguarding Your ICS Against the Log4j Vulnerability

Although no information about industrial control systems being breached via Log4j has yet been made public, the threat exists.


Quick hits:

  • log4j漏洞是一个网络安全的环孔,用于一个小型,几乎普遍的软件log4j,which is used for recording the activities of various computer programs.
  • If a log4j attack were to occur on an ICS, malicious code could be executed, granting a threat actor the ability to take control of applications used to view and control physical processes.
  • ICS供应商和厂商可以帮助最终用户快速眼动iating the Log4j loophole by openly announcing which of their products are vulnerable and sharing information on how they can be patched.

Related to this episode:

Listen to the story here:

阅读以下成绩单:

你好,欢迎来拿五with Automation World. I’m David Miller, Senior Technical Writer forAutomation World. Today, I’m going to be talking about the Log4j vulnerability, how it might affect industrial control systems, and how industrial operators can defend themselves from it.

Now, the first and most important question to answer is of course: What is the Log4j vulnerability? Well, viewers many have probably already heard of it, but if you haven’t that’s okay. Essentially, the Log4j vulnerability is a cybersecurity loophole that works by exploiting a very small and nearly ubiquitous piece of software called – obviously – Log4j, which is used in all kinds of computer programs to record or log events, errors, and routine system operations so that diagnostic messages and other types of things like that can be produced and sent onward to system administrators or others when certain events occur that, again, quite simply need to be logged.

log4j漏洞利用这种常见和必要的机制来允许第三方将软件代码提交给log4j,这可以触发目标系统上的性能恶意操作。因此,我们正在谈论窃取敏感信息,控制系统,或将这种性质的某种恶意代码传递到与受影响系统通信的另一个系统中。

Currently, there’s been no publicized information about a log4j compromise occurring in connection with an industrial control system – rather the examples we’ve seen have been things like hackers trying to take control of computers to use them to mine cryptocurrency, or another much more high profile example was computers at the Belgium defense ministry which had information stolen from them. But industrial control systems do most certainly use Log4j, and therefore, they are vulnerable.

而且,如果工业控制系统被渗透,您可以想象后果。威胁演员可以监控甚至控制不仅需要在公共基础设施的清洁废水等任务关键应用所需的物理过程,而且还可以涉及大型危险机械,扰乱的操作可能导致灾难性对员工的安全危害。

As promised, the question to be answered now is: How can industrial operators protect themselves against Log4J attacks? There are a few ways.

First of all, update the version of log4j being used in your system.The National Institute of Standards’ National Vulnerability Database曾报告说明log4shell - log4j漏洞的名称已禁用log4j 2.15.0,并完全从2.16.0版中删除。因此,如果您可以识别您使用的那些软件,则使用它的Log4j并更新它们,这将解决您的问题。就这么简单。

Beyond that, the tried and true method of isolating any critical industrial control systems from external business networks or the broader internet continues to be of value. This enhances safety tremendously.

It’s also important to monitor any outgoing connections that do exist for cyber threats. Many industrial control systems produce outgoing communication in the form of messages pertaining to maintenance, metering, diagnostics, and more. So again, when these are absolutely necessary, they should be monitored for abnormalities.

最后,运营商应确保进行频繁备份,并达到非常非常严格的备份程序。因为如果您对工业控制系统的稳定备份,那么上帝禁止如果发生事件,您将能够尽快将系统带回。

The one final thing I would note is that this is not just something for end users of industrial control systems to pay attention to, but vendors and OEMS as well. They can assist in this process by openly announcing which of their products have Log4j vulnerabilities, and sharing information about how patches, remediations, and updates to fix these vulnerabilities can be implemented.

除此之外,这就是我今天为你所拥有的一切,所以我希望我们的观众发现这很有用。我还要补充一点,如果您公司的Log4J有任何个人经验,并认为您有宝贵的经验分享,我们很乐意听到更多关于它的信息。如果你想这样做,你可以联系我dmiller@pmmimediagroup.com. Otherwise, that's all I have for you today.

More in Take Five