PN928 | PowerFlex 7000 Writeable Parameters

Introduction

Description

PowerFlex 7000 Writeable Parameters

Version 1.0 - June 6th, 2016

This advisory is intended to raise awareness to control system owners and operators of PowerFlex 7000 medium voltage drives. A January 2016 presentation at the S4 ICS Security Conference highlighted a potential weakness in Variable Frequency Drives that allows unauthorized users to change configuration parameters in these devices. The presentation highlighted products from four vendors including Rockwell Automation. This presentation spawned several news articles, including one entitled "An Easy Way for Hackers to Remotely Burn Industrial Motors" from WIRED Magazine. This article reminds us that cybersecurity threats are present and not always easy to anticipate. Unfortunately, neither the article’s author, Kim Zetter, nor her source, Reid Wightman, have contacted Rockwell Automation at the time of writing with any specific information -- so we can only try to guess how their statements apply to our drives.

This article implies that all the drives they reference can be easily accessed and provide an easy means to change parameters, that could result in motor damage. It overlooks many self-monitoring features that are built into modern drives to prevent changes to parameters while the drive is running, detecting improper operation and monitoring external sensors for equipment, such as motors that are exceeding design parameters.

Variable frequency drives, by their nature, are designed to support a wide variety of applications and it is possible that the improper setting of a parameter or parameters can create application issues. Rockwell Automation is aware of this and constantly looks for ways to eliminate these situations or, where the possibility is created by a customer need, alert the user to the problem with a fault or error message before it causes potential damage.

RISK MITIGATIONS

Below are recommended mitigations and resources to help protect your deployed Rockwell Automation products, including variable frequency drives. We strongly recommend that you evaluate your current products and environment, and apply the following mitigations where applicable.

1. Review and employ the recommendations in the Converged Plantwide Ethernet Design and Installation Guide (DIG). It contains important information relating to proper network design practices, including aspects of security capabilities available through the network infrastructure.
2. Consider using Rockwell Automation’s FactoryTalk AssetCentre. Version 6.0 offers compatibility with drives. AssetCentre can be configured to automatically backup your configuration, and compare it to a known good version, and log any changes into FactoryTalk Audit.
3. Use trusted software, software patches, and anti-virus / anti-malware programs and interact only with trusted web sites and attachments.
4. Employ training and awareness programs to educate users of the warning signs of a phishing or social engineering attack.
5. Minimize network exposure for all control system devices and/or systems, and ensure that Internet access is carefully evaluated, protected, and controlled.
6. Locate control system networks and devices behind firewalls, and use proper techniques to isolate them from the business network.
7. When remote access is required, use secure methods, such as Virtual Private Networks ("VPNs"), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
8. Subscribe to Rockwell Automation’s Security Advisory Index, Knowledgebase article KB:54102 (https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html), so you have access to the most up-to-date information about security matters that affect Rockwell Automation products.
   

We also recommend concerned customers continue to monitor this advisory, Rockwell Automation’s Security Advisory Index at https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html, and the company public security webpage at http://www.rockwellautomation.com/security for new and relevant information relating to this matter.

Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status