The purpose of this paper is to raise awareness around common OSI Layer 2 networking misconfigurations found in Industrial Process Control Networks. These misconfigurations often introduce significant security vulnerabilities and negatively impact ICS availability. We'll discuss the commonly found misconfigurations and demonstrate how they impact ICS security and availability, and present a case study from an oil & gas refinery that suffered widespread PCN outages as a result of these misconfigurations when attempting to upgrade two existing PCN switches.
Prepared for Presentation at
SANS ICS Security Summit & Training March 2019
Keywords: PCN, Process Control Network, ICS, OSI, Configuration, Security, Safety, Cybersecurity