In the never-ending race to offer more features at a faster pace, industrial control systems are getting more complex, open, and inter-connected, making it a significant challenge to ensure robustness and reliability. Accelerated convergence of IP technology along with the increased sophistication and frequency of cyber threats further exacerbates the problem, making system robustness testing ever more important than ever.
The Achilles Satellite, a unique stand-alone software/hardware platform, is designed as a universal test bench to allow equipment manufacturers of all sizes to conduct comprehensive security and robustness testing throughout the product development life cycle.
The Satellite is designed to offer both professional testers and automation software developers all the capabilities they need to proactively expose and fix vulnerabilities, and validate system resiliency in a real-time environment, before the products are released and deployed in high-availability process control networks.
Why Achilles?
Unlike traditional fuzzing technology, or new security analyzers, that are designed with a standard IT-centric framework, the Achilles Satellite is the only tool built from the ground up for manufacturers of devices, systems and applications used in high-availability process control networks.
Our patented framework and test methodology is based on determining system failure modes and device resilience profiles. By creating a real-world environment, the Satellite acts a bridge, and enables the user to not only understand the precise details of any network fault, but more importantly for control vendors, the resulting failure to process integrity.
In other words, traditional security analyzers may diagnose a disruption in the communications stack, which is necessary but not sufficient, Achilles can determine the resulting impact on device functionality. How did this fault impact process integrity? Was discrete I/O impacted? Did it recover? Did we lose visibility to the HMI? Permanently? These are all critical questions a control system vendor must answer in order to truly determine the nature and impact of any given vulnerability.
Other Security Analyzers
The Achilles Satelite Test Bench
What to Test With Achilles?
The goal was to build a universal test bench framework that could support the robustness testing of any IP-enabled network component found on the plant floor. Whether a complicated distributed control system or a simple SCADA PLC, sophisticated AMI or an end-point smart meter, whether over wireless or a traditional copper physical layer, if it touches a control network there is no reason it shouldn’t be subjected to security testing to det ect potential vulnerabilities
| Embedded Devices |
 |
A special purpose device running embedded software designed to directly monitor, control or actuate an industrial process.
- SCADA PLC, RTU
- DCS Controller, SIS
- Smart Meter, HAN Device
|
| Host Based Devices |
 |
A general purpose device running a general purpose operating system capable of hosting one or more applications, data stores or functions.
- Human Machine Interface
- Engineering Workstation
- Historian, Domain Controller
|
| Control Applications |
 |
Software programs executing on the infrastructure {embedded, host, and network devices} that are used to interface with the process.
- OPC Servers, Data Historians,
- Special Purpose Applications
|
| Network Components |
 |
A device which moves data from one device to another, or restricts the flow of data, but does not directly interact with a control process.
- Router, Switch, Firewall
- Gateway, IPS, WAP
- Firewall, UTM, TGB
|
When To Test With Achilles?
Any software developer will tell you that finding bugs in a program early in the product development process is ideal. The costs and consequences, in real financial terms, simply increase over time and this is no different for developers of control systems. However, control system vendors face a number of other issues that make security and robustness testing critical.
First, they often use third party components, such as network stacks, which can cause problems as protocols are implemented. Second, the costs of failures in the field are substantially greater in the industrial automation industry. A customer may experience downtime, which will directly impact a vendors bottom line in terms of
support costs, and reputation damage, and what’s infinitely worse, someone could get hurt due to a defect or malfunction in their product. The Achilles platform can be used throughout the development life cycle - from design through deployment. With this approach, a device, system or software application can be subjected to real-world security and robustness testing, in a consistent, and repeatable fashion, providing the greatest level of insight into product resiliency.
More Information