Vulnerabilities in control system networks depend on the type of system. Legacy implementations rely on proprietary protocol and low bandwidth data channels. Accounting and logging are usually non-existent, making it impossible to find the basis and reason for vulnerabilities. Configuration passwords are often simple and may be limited in effectiveness by the device itself.
Little or no network restriction is implemented within the perimeter of network, allowing ‘telnet hopping’ from innocuous network devices to sensitive utility equipment. Two other factors contribute significantly to the vulnerability of control systems:
1. The blind trust in the capability of PCS links to faithfully transmit data. The geographically sparse PCS network generally forces links of considerable span. These are need filled by either cabled or wireless connections, which may be exclusively used by the PCS or shared. Shared links are more economically sensible, but many times PCS system at either end of the links is not adequately shielded from other entities using it. Furthermore, unsecured information on wireless and shared links is susceptible to eavesdropping or manipulation, and even long or unprotected unshared cable links may be vulnerable to a significant degree.
2. The connections between the PCS and external networks. An external network is any network that is not part of the PCS. Examples include interfaces to an administrative network or connections to other PCS systems for information transfer or mutual control. Often, interfaces to external systems assume that the outside network can be trusted, which leaves PCS security dependent on one or more organizations. This includes backdoor network access for strategic partners or IT consultants who are not secure by adequate firewall measures command logging or privilege control.