Around the world, isolated industrial control systems (ICS) in manufacturing and critical infrastructure have been integrating with IT networks. From a business perspective, there are clear benefits to this in terms of gathering remote intelligence and simplified management. However, protecting these older systems against modern threats is a major challenge.
Over the past couple of years, reports of cyberattacks on industrial and critical infrastructure have highlighted the problem. Now, leading authorities like the World Economic Forum expect things to get worse.
Protecting critical infrastructure
Cyberattacks targeted at industry and critical infrastructure are showing growing potential to cause real harm. A new type of malware specifically developed for critical infrastructure has recently been identified. Known as Industroyer, the attack is aimed at electricity substation circuit breakers with industrial communication protocols. It represents a clear and present danger to power stations as well as water and gas utilities.
A few years ago, it was reported that state-backed hackers had accessed the command-and-control system of the Rye Brook dam in New York. More recently, the FBI and Homeland Security issued a joint report on cyberattacks on U.S. nuclear power stations. It stated Kansas-based Wolf Creek Nuclear Operating Corporation had been targeted, although no details of the methods used were released.
Attacks are not confined to the U.S. The Ukraine suffered a major power outage in 2016 following a supervisory control and data acquisition (SCADA) cyberattack. Meanwhile, the National Cyber Security Centre in the UK has also warned of cyberattacks on the country’s energy sector.
Now, manufacturers are adding industrial internet of things devices into the mix to allow them to analyze data from their industrial control systems remotely. Reports put the number of IP-connected devices in existence at around 8.4 billion. This number is expected to reach 20 billion by 2020. By 2025, some 35% of overall IIoT usage will be in manufacturing.
Given that cybersecurity for IIoT devices is still very much in the early development stages, it is vital that manufacturers are alert to the risks and have a clear plan of action for dealing with cyberattacks on their networks and systems. The World Economic Forum has rated cyber-risk as the third most likely risk to cause damage to businesses in 2018.
Network management for ICS
Critical infrastructure and industrial control systems are characterized by proprietary protocols, legacy software, air-gapped networks and robust physical security systems. The industry’s convergence of such closed environments with IT systems makes valuable industrial intelligence vulnerable to outsiders and undesirables.
In response to these risks, U.S. Homeland Security recommended a holistic approach in its ”Improving Industrial Control System Cybersecurity” paper. The document covers all aspects, from keeping abreast of the latest threats to staff training, operations and technology. Certain sections, such as policies, procedures and training, deal with the human aspects of security. Its heart and center, however, is all about application and data security. Among the host of recommendations are risk assessments, systems audits, physical security checks, incident response plans and host hardening. There are also guidelines for securing applications and data, as well as network management.
According to U.S. Homeland Security, a well-planned and implemented security strategy allows network administrators to quickly detect, remedy and repel a cyberattack. To be fair, most industries already take a defense-in-depth approach to their IT security, but the same approach is not always extended to their ICS operations.
U.S. Homeland Security also lists a series of recommended actions to secure access to ICS infrastructure. These include implementing network access control with multifactor authentication, the segregation of corporate and industrial control networks with separate credentials for each, and keeping active directories or other trusted storage private between the two networks. Additionally, it calls for remote access to be operator controlled and with strict time limits. A centrally managed VPN can ensure secure remote access to both types of network.
In summary, defense-in-depth strategies must be implemented to mitigate the possibility of cyberattacks on industrial control systems following the convergence of IIoT and IT infrastructures. Enabling ICS and critical infrastructures to withstand today’s cyberthreats involves a range of security measures including staff training, risk assessments, incident response procedures, and data and network management.
Additionally, a centrally managed enterprise-class VPN is an essential part of building in remote access security. VPNs can secure the IP-connection of every IIoT device so that data traffic is encrypted as it passes between individual devices and the remote central management point over the internet. When combined with remote access controls and certified authentication measures, VPNs form an effective barrier against cybercriminal activity. When used in combination with built-in security features and processes, VPNs provide robust protection for maintaining the privacy and integrity of highly sensitive IIoT data.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.