Industrial Cybersecurity in 2019: Risks and Recommendations

In 2016, Manufacturing became one of the most frequent targets of cybercrime, according to a special report by IBM. Since then, we have watched as businesses large and small have fallen victim to worms, viruses, malware, and ransomware targeting Industrial Control Systems (ICS).

In fact, the frequency of these attacks grew in the first half of 2018, according to Kaspersky Labs. Kaspersky cited attack data from its own clients and reported that 41.21% of ICS computers defended against cyberattacks in the first half of the year alone, representing more than a 6% increase over the prior year.

Percentage of ICS computers attacked 2017–Q2 2018

Emerging Security Risks

As consumers, most of the attacks we hear of are data breaches, impacting services companies. However, as the Atlanta attack in 2018 proved, when ransomware suspended municipality operations for $50,000 in bitcoin, cybercriminals are looking beyond user data. They are pinpointing vulnerable systems, systems with real impact, and holding these capabilities hostage for a fee.

Industrial companies need to be aware of emerging security risks to avoid being placed in a situation in which operations itself is held hostage.

Generic attacks prove that physical isolation is outdated

Historically, manufacturers believed that they could defend themselves by physically isolating ICS units. This strategy is impractical and ineffective today, as evidenced by the upward trajectory of attacks.

In fact, many Industrial networks are accessible via the Internet, either directly or indirectly. This opens up the possibility for generic attacks.

Ransomware targets more than consumer data

Some of the most damaging ransomware attacks in 2017 and 2018 targeted ICS and SCADA systems, indicating that instead of mere data, plant operations could become a target. Industrial defenders need to consider IT and OT as potential targets.

ICS-specific malware

Industrial security is now a specialized art, for attackers and defenders both. ICS environments suffer from lack of visibility, which makes defense difficult once hackers break into the network. Triton, Crash Override, and BlackEnergy 2 are examples of specific hacks of ICS systems. Targeted software was developed by some of the most innovative, respected brand names in the industry, such as GE and Siemens.

Industrial Internet of Things (IIoT) Security

Lawmakers are beginning to pass IoT security laws to address growing concerns of an “expanding attack surface.” Thus far, legislation has focused on mandating that manufacturers of IoT devices meet certain requirements. In time, lawmakers will hopefully ensure that reasonable security features are implemented. Until that time, and even when that time comes to pass, businesses should be aware that IoT is a potential security risk with unique requirements.

Industrial Security Recommendations

Hacking activity has accelerated, also driving cybersecurity as a priority. We have learned from the mistakes of others that weaknesses and vulnerabilities can and will be exploited systematically. The best protection is to stay ahead of the curve. This ensures that there will be far easier targets than your business.

General

  • Regular updates to OSes, software and security across the industrial network
  • Restricted network traffic on ports and protocols on edge routers and inside the organization’s Operational Technology (OT) networks
  • Access control for ICS components
  • Dedicated endpoint protection solutions on all ICS servers, workstations and HMIs to secure OT and industrial infrastructure
  • Network traffic monitoring, analysis and detection
  • Dedicated training and support for every individual with network access

IIoT

  • Thoroughly vetted IoT venders to ensure that security features are industrial strength
  • On-premise data logistics software should also protect and monitor the IoT network and isolate external threat entry points as a firewall would
  • API access compartmentalization using keys and tokens
  • Secure network communications using standards
  • Secure inter-application authentication
  • Eliminate multicast or broadcast messaging over the IP network
  • Ensure regular security vulnerability scans on all devices

Questions about your network security?

Call Platte River Networks for a free consultation.