Why It’s Crucial to Secure Industrial Control Systems
Industrial Control Systems are crucially important to everyday life, but as recent events have shown, they are also uniquely vulnerable to attack.
These systems enable most of the services that drive industrialized societies, keeping our drinking water clean, ensuring that manufactured goods are consistent and safe, maintaining a steady flow of electricity to our towns and cities, and much, much more. Also referred to as Operational Technology (OT or ICS for short), each of these systems usually has a single job like maintaining a target state or performing a specific task in an industrial environment through final control elements (FCEs), like control valves or pressure sensors.
So given their enormous importance to our everyday lives, you’d be right to think that it’s crucial to secure these types of systems from malicious activity. Applying layers of security to ICS can be challenging, however. Here are the main reasons why:
- Inherited Insecurity – In pretty much every industry in which they operate, these are inherently simple devices. They are among the oldest computerized devices around, and from the beginning they were designed and programmed to perform their tasks and nothing more. Security features were never incorporated into ICS because for decades, these devices were “air gapped,” meaning there was no means of connecting to these devices from outside networks, so they were rarely, if ever, exposed to external attacks. Security must therefore be layered around these systems by restricting and monitoring every conceivable access point into them.
- Increased Connectivity – Because the success of organizations is usually closely tied to the performance of these devices, managers want to see how they’re performing all the time. The desire for that data in recent years has prompted organizations to add many more connections into their ICS/OT environment from the business side of the corporate network, which itself is connected to the Internet. Every new network connection into OT increases risk.
- Narrow Maintenance Windows – Most of these systems hardly ever get a day off. Whether their goal is to drive profits or maintain health and safety, ICS/OT usually needs to operate all the time and the functions they perform often require pinpoint precision. Shutting off ICS off for hours at a time to perform upgrades is simply not an option. Instead, organizations frequently schedule the maintenance windows for these systems to happen once a year, and these windows must be meticulously planned to minimize disruptions to overall operations. Security practitioners can usually only perform security upgrades during these maintenance windows, putting pressure on them to get this crucial work done quickly and correctly the first time.
With this lack of intrinsic security and increasing exposure to outside networks, it’s no surprise that ICS threat activity keeps making headlines, mostly recently with governmental warnings about the potential for Russian-backed cyber-attacks against critical infrastructure. This means that it is more important than ever to know what your organization has and how it all connects. If you have any doubts as to the security of your ICS environment, then a good starting point is with an Secure Industrial Assessment. In our experience, these OT assessments typically uncover:
- 200 critical vulnerabilities
- 25 assets of which the client was unaware
- 7 wired connections that bypass OT firewalls
Just make sure to choose a cybersecurity consultant with advanced knowledge and experience in securing ICS because they will understand the crucial importance of performing non-disruptive analysis of these systems, leveraging industry-leading tools to perform unobtrusive, passive scans of even the most sensitive industrial environments.
If you have any questions, please reach out. We are here to help you keep your business safe: https://www.ionunited.com/contact/
You might also like
iON at the Western Canada Information Security Conference
The Western Canada Information Security Conference is back on May 16-17! This year’s event will once more bring together IT Security and Audit professionals plus OEM and local vendors for two days of top-notch presentations and excellent networking opportunities. The top names in cybersecurity will be well represented at this year’s event, so if you’re…
Password Policy Best Practices
World Password Day is Thursday, May 5, which is a good reminder that strong password policies are crucially important to a sound cybersecurity practice. Password guessing based on publicly available information is one of the most common tactics of malicious actors. Weak passwords also remain a top cause of data breaches for organizations of all…
ICS Malware: Industroyer2 and Pipedream
Last week, two new ICS malware tools were unveiled to the world that have the potential to wreak havoc on North American industrial control systems.Industroyer2Industroyer2 was a major component of a recent, unsuccessful attack on high-voltage electrical substations in Ukraine. This attack was linked to Sandworm, a threat group affiliated with Russia’s GRU military intelligence…