On the Impact of ICS Cybersecurity ThreatsThe attack described above was targeting the entire network, including the Internet of Things and SCADA systems. This can have severe consequences in an environment that is machine/ICS-centric. When industrial control systems are down, it directly impacts manufacturing and industrial activity, which directly correlates to a loss of revenue. Regardless of the attack vectors, ICS and SCADA systems are increasingly becoming the victims of targeted, sabotage-type attacks. In October 2019, for instance, North Korean state-sponsored attackers targeted India’s nuclear plants using Remote Access Tools (RATs) to collect information such as host IPs, running processes, password hashes and browser history. News of that attack arrived several months after solar power company sPower suffered a distributed denial of service (DDoS) attack in March 2019 that targeted exploits in firewalls, forcing unexpected reboots of devices.
Strengthening Your OT Environment Against ThreatsThese ICS attacks are clearly varied, but one theme that is rapidly emerging is that OT cybersecurity is crucial and can no longer be overlooked. This, however, is easier said than done. One of the biggest challenges that organizations within the OT sector face is to recognize cybersecurity as an issue. Traditionally, OT infrastructure was never built with security in mind. This was done deliberately to encourage a rapid adaption to technology as well as cross-pollination. This mindset is changing, fortunately, as organizations are looking at several core IT security approaches to deal with breaches in their OT environment. Here’s a three-pronged methodology that will help:
- Visibility: By far the biggest challenge the OT industry faces is the issue of knowing what constitutes their network. Large manufacturing and services-based companies find it difficult to inventory and then keep current the list of networked assets within their environment. You can’t protect what you can’t see. Simple enough. As OT networks are not designed to withstand active scans, these companies are now looking at ‘passive sniffing discovery’ processes to ensure they have an updated and current list of all assets, including make, model, firmware and configuration as well as security-related information like known vulnerabilities impacting these systems and levels of access.
- Access: Once the issue of visibility is addressed, managing access becomes paramount. The OT network topology is governed by the Purdue Model, an architecture that’s not too different from the IT OSI stack. It provides a reference model for organizations on how to architect their systems in different layers of communication. This equips OT administrators with context around which devices should be communicating across layers and more importantly which must not. The issue of access is therefore not only limited to human access but machine access, as well.
- Configuration Integrity: Finally, ensuring the configuration integrity of systems in an OT environment is critical. Consider a scenario where a simple change in register value for a PLC from a 0 to 1 can reverse the direction of a coolant valve on a factory floor. Or that the configuration settings of a firewall in level 3 of a Windows server allowed unfederated access to engineering workstations or HMIs in level 2. A lot of OT attacks try to change the configuration of these OT devices. Ensuring that this type of misconfiguration is detected before it happens is critical.