Protecting Industrial Intelligence Against Attacks
In recent years, many of the world’s isolated industrial control systems (ICS) in manufacturing and critical infrastructure have been joined with information technology (IT) networks. There are clear benefits to this from a business perspective in terms of gathering remote intelligence and simplified management, but there is a trade-off. Protecting these older systems against modern threats is a major challenge.
Over the past couple of years, reports of cyberattacks on industrial and critical infrastructure have highlighted the problem. Leading authorities like the World Economic Forum (WEF) expect things to get worse.
Enabling ICS and Critical Infrastructures to withstand today’s cyber threats involves a whole range of measures from staff training, risk assessments and incident response procedures to application, data and network management.
A proven and effective strategy for securing remote networks is to use centrally managed virtual private networks (VPNs).
Cyber attacks targeted at industry and critical infrastructure are showing growing potential to cause real harm. A new type of malware specifically developed for critical infrastructure has recently been identified. Known as Industroyer, the attack is aimed at electricity substation circuit breakers with industrial communication protocols. It represents a clear and present danger to power stations as well as water and gas utilities.
In 2016, it was reported that state-backed hackers had accessed the command and control system of the Rye Brook dam in New York. More recently the FBI and Homeland Security issued a joint report on cyber attacks on U.S. nuclear power stations. It named Kansas-based Wolf Creek Nuclear Operating Corporation had been targeted although no details of the methods used were released.
Attacks are not confined to the U.S. The Ukraine suffered a major power outage in 2015 following a supervisory control and data acquisition (SCADA) cyber attack. Meanwhile the National Cyber Security Centre (NCSC) in the UK has also warned of cyber attacks on the country’s energy sector.
Threat Levels Rising
Now, manufacturers are adding Industrial Internet of Things (IIoT) devices into the mix to allow them to analyse data from their industrial control systems remotely.
Reports put the number of IP-connected devices in existence at around 8.4 billion. This number is expected to reach 20 billion by 2020. By 2025, some 35% of overall Industrial Internet of Things usage will be in manufacturing.
Given that cyber security for IIoT devices is still very much in the early development stages it is vital that manufacturers are alert to the risks and have a clear plan of action for dealing with cyber attacks on their networks and systems. The World Economic Forum (WEF) has rated cyber-risk as the third most likely risk to cause damage to businesses in 2018.
Defense in Depth
Critical infrastructure and industrial control systems are characterized by proprietary protocols, legacy software, air-gapped networks and robust physical security systems.
Industry’s convergence of such closed environments with IT systems makes them suddenly vulnerable and risks exposing valuable industrial intelligence to outsiders and undesirables.
The response of U.S. Homeland Security has been to recommend a holistic approach as laid out in its Improving Industrial Control System Cybersecurity paper. The document covers all aspects from keeping abreast of the latest threats to staff training and from operations to technology. Certain sections, such as policies, procedures and training, deal with the human aspects of security. Its heart and center, however, is all about application and data security.
Among the host of recommendations are risk assessments, systems audits, physical security checks, incident response plans and host hardening. There are also guidelines for securing applications and data as well as network management.
It argues that a well-planned and implemented security strategy allows network administrators to quickly detect, remedy and repel a cyber attack. To be fair, most industries already take a defense in depth approach to their IT security, but the same approach is not always extended to their ICS operations.
Network Management for ICS
Homeland Security also lists a series of recommended actions to secure access to ICS infrastructure. These include network access control with multi-factor authentication and segregation of corporate and industrial control networks with separate credentials for each. Never share active directories or other trusted storage between the two networks, it says. Additionally, it calls for remote access to be operator controlled and with strict time limits. A centrally managed VPN can ensure secure remote access to both types of network.
In summary, cyber attacks are evolving quickly and industry needs move quickly to implement the various steps required to mitigate the possibility of cyber attacks on any ICS that may have been opened up following convergence with IIoT and IT infrastructures.
A centrally managed enterprise-class VPN is an essential part of building-in remote access security helping to minimize the risk of disruption or loss of revenue resulting from cyber-criminal activity.