Industrial Control Systems (ICS) are all around us: in water, gas and electricity distribution networks, running power plants and critical infrastructure, for automation in production lines and transportation networks, and more. These systems are ever more connected to corporate IT networks and organizations are now also deploying Industrial Internet of Things (IIoT) technologies to migrate to Industry 4.0. This deeper integration between IT, cloud, and industrial networks is creating many security issues that are now becoming the primary obstacles to industry digitization efforts.
Protecting industrial networks is key to help ensure integrity, continuity, and safety of your operations. It is also a very specific challenge.
Cyberattacks are particularly difficult to detect as they can look like legitimate instructions to assets. Industrial automation technologies can be quite old and have not been designed with security in mind. They generally use specific communication protocols that IT security tools do not understand. In fact, many organizations don’t even have an accurate inventory of industrial assets installed in their networks.
The Risk Landscape
In the traditional IT world, the risk involves threats that would undermine the confidentiality, integrity, and availability of data and systems. The impact is mainly financial, such as the cases of extortion, bank fraud, or denial of service attacks distributed on web servers used by e-commerce sites.
Industrial control systems (ICS) drive the physical world where operational technologies are used. The risk in ICS environments involves threats that would undermine the operational safety (physical security of goods and people, environmental impact) and the availability or even the physical integrity of the production tool. Theft of critical industrial data is also feared. The impacts are economic but also social; the civil and criminal liability of the leaders is also engaged.
Unlike consumer-based networks, in which the main threat vectors involve the internet, in an ICS the fear is that malicious programs will be inserted through USB keys or by the lateral movement of malware to the stations that pilot the ICS.
Remote diagnostics and remote maintenance require remote access to networks and industrial control systems. Remote access is an even more serious threat vector because it interconnects networks of different criticalities and sometimes involves third parties.
Remote access workstations connect to the heart of critical industrial control systems to perform operations that can have a significant impact (such as updating software or downloading new firmware). They cannot simply be banned, but they must be controlled by effective monitoring mechanisms.
All of these threat vectors are, for the most part, specific to the industrial world. The security measures implemented in industrial control systems must take into account the operational reality that the OT staff need to continue to operate the facilities and work efficiently. They cannot simply ban all remote access or rely solely on access controls and organizational measures.
OT Systems Are Not Designed to Fight Against Malicious Activity
In addition, industrial control systems have never been designed to deal with cybersecurity threats. They are created with the objective of ensuring operational safety and the continuity of operations, and they often do not take into account the possibility that a motivated and malicious intruder could reach their digital interfaces. This is why, so far, automation products have only a few cybersecurity functions.
Industrial systems are built on a set of protocols that allow the exchange of communications between the components on the networks. Some standards exist, such as MODBUS or PROFINET, but the protocols for reprogramming or modifying the control systems are mostly proprietary and closed. The majority of them (Siemens, Schneider, ABB, Rockwell Automation, etc.) have no plans to open their protocols, for legitimate intellectual property reasons.
Therefore, it is not feasible to apply IT techniques such as a protocol conformance check (syntax or semantic verification of compliance with a standard on all messages). This technique remains useful on those parts of the messages (protocol headers) that respect open standards (MODBUS for example), but it would be very difficult to apply on a closed protocol.
Understanding ICS Attack Tactics
To build an effective ICS cyber security strategy, it is crucial to identify the security events that are most likely to occur. This will let you focus on implementing the appropriate measures to protect the assets that are most likely to be targeted and improve the security of sensitive assets that an attacker could use to penetrate your ICS.
In the field of ICS cyber security, a feared security event involves a cyberattack on an industrial information system that would cause significant harm to the company’s operations, production tools, production output, or even its employees or customers. These events will have a material impact in the physical world. In some cases, they could lead to hefty fines for non-compliance (for example, NERC) or even criminal cases targeting the company’s leadership.
ICS Cyber Security Gaps as Seen by Genieall
Having visited multiple facilities (both renewable and non-renewable) globally over the last decade, we discovered that sites have a few common weak points when it comes to cyber security:
- Lack of network segregation
- Minimum to no visibility into OT environment
- Legacy systems that are unprotected
- Increasing risks from remote access requirements by vendors and staff
- Lack of cybersecurity mindset
Unsurprisingly, these findings resonate with many reports and surveys on industrial network security.
Although providing security services to industrial environments can be difficult based on the sensitivity of systems, age and diversity of devices, the good news is that there are solutions available to help address the above-identified gaps.
Genieall partners with the leading OT connectivity and security providers to offer innovative, flexible OT-focused suite of services to increase the security baseline of any facility in the following ways:
- Ensuring continuity, resilience and safety by providing visibility into industrial networks;
- Proactive monitoring, detection and prevention of cyber attacks at the network level;
- Robust cyber protection of legacy and isolated systems with limited resource usage;
- Removable media scanning solutions for unsanctioned guest/contractor devices.
Stay in Touch
Email: [email protected]
Phone: (866) 214-7863