Common Hardware Component Vulnerabilities Across Multiple ICS Vendors

Stage 2

INL investigated whether there was reason to believe that widespread use of multi-functional hardware sub-components could occur in OT-based products and to a limited degree, whether such use might risk common mode failures by examining four smart meter products.

The reuse of hardware components creates the potential for a common vulnerability to be shared by multiple manufacturers. In the software world, code-reuse is an essential element of product creation, and similarly, in the hardware world, multi-functional hardware components provide the capability building blocks for larger hardware-based systems. Many of these hardware and software components are also used extensively within OT environments.

In a separate effort, examining the possibility of valid but undisclosed sub-components within OT products, INL proposed an initial approach to assessing hardware at the component level to identify subcomponents which could form potential common attack surfaces.

This talk will discuss both research efforts and findings to inform practitioners and decision makers of the potential for vulnerabilities underneath what is considered the current “attack surface”.

Attacks and Attackers