Securing industrial control systems

Issue 4 2021 Industrial (Industry)

In June 2020, Honda was forced to shut down two automotive plants due to a ransomware attack. The company was quick to reassure the public that there had been no leakage of personally identifying data like customer passwords or credit cards. But the damage, both financial and reputational, was already done.

Today’s headlines are littered with news of cyberattacks. So much so that most of us barely notice anymore. But the Honda attack seems to point to a sea change. Instead of targeting IT systems first, then moving on to operational technology (OT) and industrial control systems (ICS), hackers are now hitting OT first.

Why go after OT systems? Hackers are well aware that:

• Connectivity has been increasing across industrial control systems.

• OT systems are less secure than many IT systems.

• OT systems are not secured by most conventional cybersecurity solutions.

Which industries are being increasingly targeted by threat actors, including some at the nation-state level? Essentially, anywhere that vulnerable OT systems are in place, including transportation, oil and gas, manufacturing, energy and utilities.

The increase in connectivity among OT devices and systems helps keep your critical industrial processes up to date and running smoothly. But it also risks exposing all your OT-related devices and facilities. The more interconnected these systems are across manufacturing and critical infrastructure facilities, the greater the potential that cyberattacks could cause major disruption and damage.

Let’s explore what makes OT devices more vulnerable, then examine why protecting them is critical.

Why are OT devices more vulnerable?

OT devices are essentially electronic tools used to manage, monitor and maintain industrial operations, including equipment and other assets as well as processes. This technology developed in parallel to mainstream IT, albeit completely separately since it emerged directly in response to needs within the industrial sector.

OT is used in industry as sensors, actuators, robots and programmable logic controllers. Originally developed by industrial equipment vendors for performance and safety, they were mainly seen as ‘shop floor’ devices without much intelligence. At the time, security was a complete non-issue: these devices couldn’t be hacked because they weren’t online. Within this completely separate realm, there was no need for any security policies or system management.

Today, OT has changed radically. More manufacturers are seeing the benefits of bringing their OT devices online, allowing them greater control over processes, greater sophistication in their analysis and optimisation, and faster alerts when problems arise.

Understanding the origin of OT helps us understand why these devices are inherently more vulnerable:

• A typical industrial network includes devices from multiple manufacturers.

• These devices are created with weak or hardcoded passwords.

• They are operated and managed by manufacturing rather than IT.

• Their software often can’t be updated or patched, or they can’t be offline long enough to update them.

• IT doesn’t have full transparency into the range and type of devices functioning within OT.

This last point is probably the most important. While IT is charged with managing your overall security posture, in most organisations OT devices fall through the cracks, creating a general lack of security consciousness about how to deal with them. Then, when connected to the outside world, they become the weak link in a security chain that ultimately puts your whole organisation at risk.

Once hackers have managed to penetrate your organisation, they can choose to remain on the OT side of things or move laterally to IT and mission-critical business devices. From inside your network, hackers can steal intellectual property and other protected data; covertly monitor internal network traffic, obtaining confidential information and trade secrets; take control of critical manufacturing operations and building infrastructure – or a combination of these.

According to a Deloitte report on cyber risk in manufacturing, an attack can result in “loss of valuable ideas and market advantage to financial and reputational damage – particularly in cases where sensitive customer data is compromised.”

Why is protecting OT more critical now than ever before?

Recognising the vulnerability of OT, hackers have begun changing their modus operandi. Formerly, if they wanted to impact operations they’d target IT first, then move laterally toward OT. Today, this has changed – many hackers are targeting OT first, recognising that OT is usually more vulnerable.

Additionally, new strains of malware, such as EKANS, are being developed to directly target OT and take advantage of its specific vulnerabilities. While ICS malware is still relatively rare in the wild, it will almost certainly increase in the near future with the success of a few recent high-profile attacks – such as Triton/Trisis and Industroyer – targeted at ICS.

But the biggest reason you need to act now to protect your OT devices? Because no one truly knows the scope of the problem. And that’s because most companies that fall victim to OT cyberattacks don’t go public with the news.

When a Norwegian aluminium manufacturer was hit with a massive ransomware attack in 2019, shutting down plants for weeks and costing up to $110 million in production, it bucked the trend: it shared all the details in an effort to help other companies. “You really don’t believe it,” said a senior VP with the company, still reeling from the shock of the attack.

But when security journal CyberScoop called other manufacturers in the US and the EU who’d reportedly been hit by similar attacks, not a single one was willing to comment due to the stigma attached to being breached.

Their silence is dangerous. Not hearing about attacks does not mean they aren’t happening, and your organisation might be next.

A safer, more secure approach

Check Point provides the industry’s most comprehensive cybersecurity solution for ICS systems, keeping OT devices on your network – including industrial controllers, scada servers and sensors – secure and protected, while safeguarding the rest of your assets at the same time.

Check Point’s Quantum IoT Protect enables you to:

• Block attacks before they reach critical OT systems with more effective threat prevention than software methods.

• Minimise risk exposure with auto-generated policies that are simple to implement.

• Isolate vulnerable OT devices from critical IT functions with IT/OT network segmentation.

• Get a grip on your entire network with comprehensive risk analysis.

You can only protect what you can see. With the rise in attacks on OT devices, IT can no longer afford to turn a blind eye. Quantum IoT Protect will help you preserve your reputation, avoid unnecessary downtime, and save you from financial loss due to malware or regulatory fines. With Check Point’s Quantum IoT Protect for Industrial, IT and OT systems work hand in hand to keep your entire organisation running efficiently, effectively and securely.

Find out more about protecting OT and ICS networks from IT attack vectors at this site.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

210 million industrial endpoints secured by 2028
News & Events Information Security Industrial (Industry)
A new study by Juniper Research has found that there will be growth of 107% over the next five years in the number of industrial endpoints featuring cybersecurity protection.

Growing cyber threats to SA’s critical infrastructure
News & Events Information Security Industrial (Industry)
The increasing reliance on digital infrastructure makes critical sectors like utilities more susceptible to cyber threats. This concern has been highlighted by Kaspersky's recent discovery of a new SystemBC variant that has targeted a South African nation's critical infrastructure.

Smart manufacturing redefined
Hikvision South Africa Surveillance Industrial (Industry)
AI and intuitive visualisation technology allows managers to monitor manufacturing sites, production, and operational processes, and to respond in real time in the event of an issue – helping to drive efficiency and productivity.

CHI selects NEC XON as trusted cybersecurity partner
News & Events Information Security Industrial (Industry)
CHI Limited, Nigeria's leading market player in fruit juices and dairy products, has engaged in a strategic cybersecurity partnership with NEC XON, a pan-African ICT systems integrator.

Edge technology can transform manufacturing in South Africa
Axis Communications SA Surveillance Integrated Solutions Industrial (Industry)
Aligning South African manufacturing more closely with this global shift to edge technologies could take manufacturing in the country to a new level, says Axis Communications’ Rudie Opperman.

Edge AI and managing risk in the cloud
Industrial (Industry) Infrastructure
As organisations see greater volumes of data generated from their operations. It is understandable and imperative that this data is leveraged to generate more value and increase insight that help operations and asset integrity managers ‘do more, better’.

Supporting local manufacturing
Industrial (Industry) Infrastructure
Smart Security asked Esenthren Govender, Solutions Executive at Technodyn for insight into how the company supports local manufacturing organisations to optimise their business.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Information Security News & Events Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

The role of AI in industrial plants
Industrial (Industry)
The average modern industrial plant uses less than 27% of the data it generates, but industrial AI can play a major role in identifying patterns and making process predictions through new software platforms that simplify convergence and analysis of OT/IT/ET data.

Addressing the SCADA in the room
Industrial (Industry) Information Security IoT & Automation
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.