Critical cyber risk identified in variable frequency drive controller

Researchers have identified a critical cyber risk in a variable frequency drive controller that may be used in production and processing facilities at mining sites. The risk highlights potential cybersecurity issues that may impact on safety at mining operations if exploited by hackers. Identification of the risk has also highlighted the importance for organisations to review IIoT devices for security flaws that may impact safe production.

What are IoT and IIoT?

While most people may think of IoT (Internet of Things) as “dumb” devices that power minor appliances in homes and gadgets, many IoT are also in critical infrastructure components on mining sites and processing plants known as Industrial IoT (IIoT).

These IIoT are also simpler devices like IoT,  and often lack the necessary hardware and software necessary for protecting against hacks, and sometimes, are also have “bugs” (software errors) that invariably give holes to hackers to exploit.

The critical cyber risk and what it means for safety?

Recently, a bug was uncovered by security researchers in a Rockwell Automation (Allen-Bradley) drive component that powers industrial motors, specifically the Powerflex 525, which is used in conveyors, fans, pumps and mixers. The drive offers a wide range of motor and software controls from regulating volts per hertz and software used to manage EtherNet/IP networks.

“For a variable frequency drive, which controls the speed of motors in a live production environment, that kind of shutdown could have a serious impact” Researchers said.

“A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors.”

The flaw, CVE-2018-19282, could be exploited to manipulate the drive’s physical process and or stop it, according to researchers with Applied Risk who identified it.

The bug has a critical score of 9.1, which makes it important for sites to address(source: https://threatpost.com/critical-rockwell-automation-bug-in-drive-component-puts-iiot-plants-at-risk/143258/).

Industrial safety and industrial cybersecurity are becoming increasingly important topics because of their ability to cripple organisations or cause safety events or even disasters because of cyber-attacks.

Other relevant stories on AMSJ:

• Transport Sector Warned about risks from cyber attacks.

• Software, Sensors and Safety Add-Ons | The cost of remaining safe.

• Codelco takes on AI for equipment health monitoring.

Read more Mining Safety News