A new open-source security tool called ICSpector has been released by Microsoft to enhance threat analysis for industrial control systems and combat increased nation-state attacks on critical infrastructure.
The tool is designed to examine industrial programmable logic controllers (PLCs), which are essential components used in managing and controlling operations in industrial settings. Microsoft developed ICSpector to address the challenges associated with analyzing PLCs, including the lack of adequate threat detection tools and expertise in the sector.
ICSpector, available on GitHub, can detect malicious modifications, extract timestamps of system changes, and provide an overview of task execution flows. The tool currently supports three OT protocols: Siemens S7Comm, Rockwell RSLogix, and Codesys V3.
Concerns about poor OT security threat detection have been raised by various vendors, with Dragos warning about the lack of segmentation between OT and IT systems. Nation-state hackers from Russia and China have been targeting energy companies and water utilities with disruption and espionage campaigns, prompting federal authorities to call for increased funding to bolster critical infrastructure defenses.