Cybersecurity Considerations in Uninterruptible Power Supply (UPS)
This article discusses common implementations of UPS in control systems and important design considerations.
Cyber attacks are on the rise at a faster rate than ever. In 2020, the COVID-19 pandemic brought many rapid changes to human society globally, including how regular business is conducted.
The Rise of Remote Access Systems
With an unprecedented number of people now working from home, the need for remote access systems has increased proportionally. With remote access capabilities increasing, so have cyberattack incidents.
A few attacks are big enough to reach front-page news, such as the recent SolarWinds backdoor breach that compromised thousands of companies and government offices' data.
There is, however, a large majority of hacking events that can still be very damaging to a single business.
Ransomware attacks have long been the number one type of cybercrime, even before the pandemic. There is a growing concern about new emerging trends.
Among these trends are attacks directly aimed at manufacturing processes, particularly automation, process control, and SCADA.
One of the earliest examples of this type of attack is Stuxnet, a computer worm that targeted PLCs. This attack was well-known for damaging about one-fifth of Iran's nuclear energy production capacity.
Earlier this month, giant brewer Molson Coors was hit with an attack that severely disrupted its operations and is causing shipment delays. Still, under investigation, the hack appears to have destroyed large amounts of data and databases and their backups.
In many cases, all it takes for a cybercriminal group to inflict damage to a business is gaining access to a single component within that businesses' network. Modern uninterruptible power supplies (UPS) have an almost innate vulnerability making them one of the possible entry doors for an attack.
Why is UPS Vulnerable?
IIoT and the cloud have provided many companies with new processes that are more efficient, some to the point that they require minimal human intervention.
All of this is happening at a very rapid pace. But increased connectivity to the outside world has brought in new vulnerabilities as a byproduct with many types of hardware,
In the case of the uninterruptible power supply, the ability to remotely monitor them has opened up these devices to external networks.
Naturally, a UPS without a network card or any other way of remote accessing it is not directly exposed to a cyber-attack.
Fig. 1. A diagram showing Siemens SITOP UPS with direct connections to the control system and external networks, represented by PROFINET. Image used courtesy of Siemens
The main reason that a network-accessible UPS is vulnerable stems from the reliance on the internet standard simple network management protocol (SNMP).
Even with the improvements released with SNMPv3, this protocol can be fundamentally unsafe because the data is not encrypted. As the name states, SNMP is based on simplicity.
The protocol works using a group of eight different protocol data units (PDU) that contain variables and data about the network or the managed component (the UPS in this case). SNMP uses the UDP protocol for the data transfer, and because it is not encrypted, all the managed data is exposed.
Once a malicious attack has gained access to the data shared by one device via SNMP, the rest of a network can potentially be discovered if more devices also use SNMP or other protocols, such as Modbus or HTTP.
In addition to this, because of the broadcasting nature of SNMP, hackers can also obtain other detailed information contained within the PDU's. This information may include user credentials, firmware versions, and parametrization values.
Fig. 2. A diagram of the basic functions of the SNMP protocol. Image used courtesy of Rene Bretz
What the attacker can do with that much information at their disposal can severely impact the continuity of a business.
Besides the network infrastructure exposure, there are other different ways to exploit a UPS's vulnerability. A common one is when the UPS is hacked and directed to power off a control system in an organized manner.
This can be done to sabotage or manipulate a production environment during the power outage. Another way is when the data broadcast by the UPS is used to gain access to the PLC and other lower-level devices.
Although this requires some automation skills and system insights from the attacker to alter the control logic, it is not unheard of.
How to Secure a Remote Monitored UPS
The same best practices followed for other SNMP-based devices can be implemented to shield a remote monitored UPS from any attacks. Some of them are:
- Set SNMP to "Read-only" whenever possible. Data will still be broadcast in this mode, but settings can not be changed from a remote connection.
- Change the community string to something different from the device default. The community string is a way to configure traps for messages broadcast in SNMP.
- Turn off or deactivate any ports and protocols available in the UPS that will not be used in the application.
- Block UDP ports 161 and 162 from a network firewall.
- Isolate the SCADA and the UPS devices from external networks if possible.
Fig. 3. SINEMA RC from Siemens is an application that helps establish a secure VPN connection to an industrial network. Image used courtesy of Siemens
Many companies are exploring better ways to control external access to industrial networks. There are now applications that establish secured remote connections using trusted certificates.
An isolated UPS network with a single point of access using one of these devices constitutes a good solution that balances security and flexibility.
Companies will always face cybersecurity threats, but there are several preventive measures people can take to secure their uninterruptible power supply systems.