Image

Impact | Why? |
Your entertainment—watching movies on your TV or laptop, listening to music, etc. | ICS are a critical component in the process of generating energy* to power your electronic gadgets that offer you with entertainment. |
Your transportation | ICS manufacture the vehicles you drive. ICS help run air traffic controls. |
Your water supply | ICS process and generate clean water and dispose of sewer water. If not properly done, this could cause a significant hazard to your health. |
Your nourishment | ICS are key to processing and packaging our food. If disrupted, food may not be made available or could become contaminated. |
Your medication | ICS play a role in the manufacturing of drugs. If not working at 100% efficiency, defective drugs are more likely to arise. Pharma was Dragonfly malware’s key target. |
Obvious ICS Defenses
There are some glaring defense efforts organizations with industrial control systems can take. Proprietary: A Blessing? Many ICSs are proprietary controllers with life cycles of up to 30 years. The proprietary nature lowers the potential attack risk since their system is not a known public entity. Having said this, an attacker could decide to target these specialized devices and become knowledgeable on them. This cannot be the only thing to depend on. Asset Inventory and Assessment You can’t protect what you don’t know you have. Knowing what you have and the condition it’s in – for example, is it running an older OS and, if so, what are the vulnerabilities and the risks associated with it – are fundamental towards securing your environment and understanding your risks. Develop and Test Incident Response Plan Coordinate with your ICS vendors a proactive plan if a breach occurs. What makes these plans better are simulated exercises to address any glitches in the plan. ICS devices need to be segmented from public access. Industrial-strength firewalls act as gateways that know the industrial protocols and provide solid access control and filtering of malicious attempts. This is a good effect, but the reality is it is very difficult to completely segment the ICS environment. Other attack vectors could be a simple USB insertion or Uninterruptible Power Supply (UPS), as noted in a recent ICS conference. The key concern for ICS is uptime. If there is a breach, most cases there will be an attempt to bring the system down. To contain and mitigate the damage, having a redundant system will ease this potential burden. Real-time Monitoring Watching for abnormal patterns or behaviors in ICS may help catch a breach in action and/or alert an organization to operational difficulties. Be educated on Known Backdoors and Vulnerabilities Lean on your ICS vendor to be aware of all known backdoors and vulnerabilities and the associated risks necessary for you to make an informed decision.More Lessons to Learn
When things go wrong, the best reaction is to learn from it. Let’s take a look at Havex malware. According to SANS 2015, the three attack vectors were:- Sending spear-phishing emails with a malicious file attached.
- Infecting ICS vendor websites with malware and compromising ICS defenders when they visited those websites (known as a watering hole technique).
- Providing a trojanized version of ICS software installers that infected the host system when staff ran the installer.