Securing industrial control systems

Issue 4 2021 Industrial (Industry)

In June 2020, Honda was forced to shut down two automotive plants due to a ransomware attack. The company was quick to reassure the public that there had been no leakage of personally identifying data like customer passwords or credit cards. But the damage, both financial and reputational, was already done.

Today’s headlines are littered with news of cyberattacks. So much so that most of us barely notice anymore. But the Honda attack seems to point to a sea change. Instead of targeting IT systems first, then moving on to operational technology (OT) and industrial control systems (ICS), hackers are now hitting OT first.

Why go after OT systems? Hackers are well aware that:

• Connectivity has been increasing across industrial control systems.

• OT systems are less secure than many IT systems.

• OT systems are not secured by most conventional cybersecurity solutions.

Which industries are being increasingly targeted by threat actors, including some at the nation-state level? Essentially, anywhere that vulnerable OT systems are in place, including transportation, oil and gas, manufacturing, energy and utilities.

The increase in connectivity among OT devices and systems helps keep your critical industrial processes up to date and running smoothly. But it also risks exposing all your OT-related devices and facilities. The more interconnected these systems are across manufacturing and critical infrastructure facilities, the greater the potential that cyberattacks could cause major disruption and damage.

Let’s explore what makes OT devices more vulnerable, then examine why protecting them is critical.

Why are OT devices more vulnerable?

OT devices are essentially electronic tools used to manage, monitor and maintain industrial operations, including equipment and other assets as well as processes. This technology developed in parallel to mainstream IT, albeit completely separately since it emerged directly in response to needs within the industrial sector.

OT is used in industry as sensors, actuators, robots and programmable logic controllers. Originally developed by industrial equipment vendors for performance and safety, they were mainly seen as ‘shop floor’ devices without much intelligence. At the time, security was a complete non-issue: these devices couldn’t be hacked because they weren’t online. Within this completely separate realm, there was no need for any security policies or system management.

Today, OT has changed radically. More manufacturers are seeing the benefits of bringing their OT devices online, allowing them greater control over processes, greater sophistication in their analysis and optimisation, and faster alerts when problems arise.

Understanding the origin of OT helps us understand why these devices are inherently more vulnerable:

• A typical industrial network includes devices from multiple manufacturers.

• These devices are created with weak or hardcoded passwords.

• They are operated and managed by manufacturing rather than IT.

• Their software often can’t be updated or patched, or they can’t be offline long enough to update them.

• IT doesn’t have full transparency into the range and type of devices functioning within OT.

This last point is probably the most important. While IT is charged with managing your overall security posture, in most organisations OT devices fall through the cracks, creating a general lack of security consciousness about how to deal with them. Then, when connected to the outside world, they become the weak link in a security chain that ultimately puts your whole organisation at risk.

Once hackers have managed to penetrate your organisation, they can choose to remain on the OT side of things or move laterally to IT and mission-critical business devices. From inside your network, hackers can steal intellectual property and other protected data; covertly monitor internal network traffic, obtaining confidential information and trade secrets; take control of critical manufacturing operations and building infrastructure – or a combination of these.

According to a Deloitte report on cyber risk in manufacturing, an attack can result in “loss of valuable ideas and market advantage to financial and reputational damage – particularly in cases where sensitive customer data is compromised.”

Why is protecting OT more critical now than ever before?

Recognising the vulnerability of OT, hackers have begun changing their modus operandi. Formerly, if they wanted to impact operations they’d target IT first, then move laterally toward OT. Today, this has changed – many hackers are targeting OT first, recognising that OT is usually more vulnerable.

Additionally, new strains of malware, such as EKANS, are being developed to directly target OT and take advantage of its specific vulnerabilities. While ICS malware is still relatively rare in the wild, it will almost certainly increase in the near future with the success of a few recent high-profile attacks – such as Triton/Trisis and Industroyer – targeted at ICS.

But the biggest reason you need to act now to protect your OT devices? Because no one truly knows the scope of the problem. And that’s because most companies that fall victim to OT cyberattacks don’t go public with the news.

When a Norwegian aluminium manufacturer was hit with a massive ransomware attack in 2019, shutting down plants for weeks and costing up to $110 million in production, it bucked the trend: it shared all the details in an effort to help other companies. “You really don’t believe it,” said a senior VP with the company, still reeling from the shock of the attack.

But when security journal CyberScoop called other manufacturers in the US and the EU who’d reportedly been hit by similar attacks, not a single one was willing to comment due to the stigma attached to being breached.

Their silence is dangerous. Not hearing about attacks does not mean they aren’t happening, and your organisation might be next.

A safer, more secure approach

Check Point provides the industry’s most comprehensive cybersecurity solution for ICS systems, keeping OT devices on your network – including industrial controllers, scada servers and sensors – secure and protected, while safeguarding the rest of your assets at the same time.

Check Point’s Quantum IoT Protect enables you to:

• Block attacks before they reach critical OT systems with more effective threat prevention than software methods.

• Minimise risk exposure with auto-generated policies that are simple to implement.

• Isolate vulnerable OT devices from critical IT functions with IT/OT network segmentation.

• Get a grip on your entire network with comprehensive risk analysis.

You can only protect what you can see. With the rise in attacks on OT devices, IT can no longer afford to turn a blind eye. Quantum IoT Protect will help you preserve your reputation, avoid unnecessary downtime, and save you from financial loss due to malware or regulatory fines. With Check Point’s Quantum IoT Protect for Industrial, IT and OT systems work hand in hand to keep your entire organisation running efficiently, effectively and securely.

Find out more about protecting OT and ICS networks from IT attack vectors at this site.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

AI-powered hardhat detection
Hikvision South Africa Industrial (Industry) CCTV, Surveillance & Remote Monitoring
Hardhats save lives, but only if people wear them. Intelligent, AI-powered hardhat cameras are helping to ensure workers in dangerous locations stay safe at all times.

Cybersecurity for operational technology: Part 3
Cyber Security Industrial (Industry)
According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes.

Security for operational technology: Part 2
Editor's Choice Cyber Security Industrial (Industry)
The recent cyber-attack on Transnet is a wake-up call that South African companies are not immune from cyber threats. The incident impacted logistics on a national scale.

How safe are our factories?
Industrial (Industry) Cyber Security
In this, the first part of a series on cybersecurity for operational technology, Bryan Baxter asks how safe our factories are from cyber threats.

Gijima and Cattron to deliver intelligent solutions
Gijima Specialised Solutions (GSS) Industrial (Industry) News Integrated Solutions
South African ICT provider, Gijima, has entered into a partnership agreement with Cattron, a provider of high-performance, intelligent control solutions, as part of Gijima’s quest to expand its horizons.

Manufacturer adopts touchless biometrics and temperature screening
Asset Management, EAS, RFID Industrial (Industry)
Leading implantable plastics manufacturer adopts touchless biometrics and temperature screening via IXM TITAN with Enhancement Kit for workforce management and to safeguard employee health.

IoT retrofitting made easy with the Gemalto 4G USB device gateway
IT infrastructure Industrial (Industry) Products
The Gemalto DGL61-W USB device gateway offers a simple and powerful solution for retrofitting existing IoT applications while providing seamless evolution to LTE Cat. 1.

Edge computing for manufacturers
Schneider Electric South Africa Industrial (Industry)
In the years since cloud computing, another phenomenon has taken over which promises to overcome the drawbacks of off-site data processing: edge computing.

Industrial fire safety
Technoswitch Fire Detection & Suppression Industrial (Industry)
Industrial settings are high-risk environments in general, but the risk of fire in these locations is always a top concern.

Factory honeypot traps malicious attackers
Industrial (Industry)
Results from six-month investigation conducted by Trend Micro Research can help inform protection strategy for industrial environments.