This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Highlighting the risks to industrial networks

23 July 2017

Barak Perelman highlights the numerous risks facing industrial control systems today. He argues that real-time visibility is key to better security.

Today’s industrial control system (ICS) networks face cyber threats from a wide range of actors - state-sponsored hacks, terrorist groups, hacktivists, professional criminals, and disgruntled employees.  The introduction of disruptive technologies such as the Industrial Internet of Things (IIoT) and Industry 4.0 complicate things further, exposing the already fragile infrastructure of so many ICS networks to such threats.
Unlike complex IT networks, which have a wide variety of sophisticated security controls, including mechanisms such as authentication and encryption - and which possess detailed logs — ICS networks lack such controls which makes them easy targets.
Most ICS networks were designed and created before the age of the Internet. In other words, before security was the 24/7 nerve-wracking concern that it is today, when cyber terrorism did not exist, and at a time when industrial networks were isolated by a physical air-gap from other parts of the organisation. Today, many of these legacy systems are still in place, unpatched, and vulnerable, exposed to the growing ICS threat landscape.
External and internal threats
External cyber attacks typically come from politically motivated sources such as nation states, terrorist groups, or hacktivists. They can also be criminally-motivated. Industrial espionage is also a common motivator since ICS can hold valuable IP related to industrial processes and products.
In the past few years, there have been a number of headline-grabbing attacks on ICS networks.
In 2016 the Ukraine suffered a power outage that affected nearly one-fifth of Kiev's population. This happened almost exactly one year after another attack had cut power to 225,000 people in the country. The Ukrainian Government claimed that both attacks were connected, along with a series of hacks on other state institutions including the national railway system, several government ministries and a national pension fund.

Last year, the US Justice Department reported that Iranian hackers had infiltrated the industrial controls of a dam in Rye Brook, New York. While they managed to access its control systems, the breach didn’t cause any damage because the facility was not functional at the time.  

Not surprisingly, security experts believe that the vast majority of ICS hacking incidents are not made public as there is no regulation or law requiring them to be reported.
The menace within
External cyber attacks are not the only concern in sensitive industrial networks. Malicious insiders and human error can pose just as much of a risk to these networks. Trusted employees, contractors, and integrators who work on manufacturing processes can create disruptions, unintended outcomes, and significant damage.
Since most ICS networks lack any authentication or encryption mechanisms, an insider will often have unfettered access to any device on a network so may be able to make changes to critical devices. This includes the sensitive controllers responsible for the entire lifecycle of industrial processes. Also, because there are no logs tracing such activities, detection is very difficult and can take days.
Human error
Human error is the leading cause of operational downtime. Basic mistakes - such as making changes to a wrong PLC and doing poor maintenance of DCS systems - can cause extensive disruptions and downtime.
If an organisation cannot track activities, it will find it very difficult and time-consuming to identify the source of problems, discover who/what caused them, and take appropriate action.
Many ICS networks lack any authentication or authorisation mechanisms. Also lacking are basic controls to enforce policies for access, security, and change-management. These networks also don’t have audit trails or logs that capture access and changes to critical control devices.
Consequently, it is virtually impossible to prevent unauthorised access or changes. It is also very difficult to discover if control systems were compromised or to determine the source of an attack. This lack of visibility prevents staff from discovering incidents and responding to them quickly and cost-effectively.
Securing a network
The key to protecting ICS environments begins with real-time visibility into every facet of the network and every action. This includes being able to monitor all activities, track all attempts to access controllers and changes being made to these critical devices (whether performed by trusted insiders or unknown sources), and to determine whether actions are authorised or not.
In other words, to not just identify malicious actions, but also to be able to look at a comprehensive audit activity and drill down to specific incidents when problems occur. With full visibility into engineering activities and changes made to critical control logic taking place in ICS networks organisations can implement security and access management policies that specify who is permitted to make certain changes, when, and how.

Barak Perelman  is CEO of Indegy.

Contact Details and Archive...

Print this page | E-mail this page