Manufacturing & ICS Security
By Shirley O’Sullivan
Cyber-attacks are now an almost everyday occurrence and cybercriminals are becoming increasingly sophisticated. Traditionally, they have targeted retail, healthcare, and finance but now there are no ‘safe’ industries. The ongoing increase in the use of digital systems in businesses (including automation), as well as the emergence of the Internet of Things (IoT) have inadvertently created more opportunities for cyberattacks. In addition, cybercriminals have become smart enough to be able to target industrial control systems (ICS) as well as corporate IT infrastructures. According to research by Frost & Sullivan, the first major ICS cyber-attack took place in 2010 in Iran. The systems responsible for the running of the Natanz nuclear plant were reportedly infected with the STUXNET malicious code. There is an excellent TED Talk video on YouTube that decompiles the kill chain in this attack in more detail. Following on from this were high-profile attacks on a German steel mill and a series of attacks conducted in the Ukraine which ultimately resulted in power blackouts. These are only the ones that have been reported and it is highly likely that these attacks are becoming much more common. The news that Russian cybercriminals managed to penetrate some of the industrial control systems (ICS) of U.S. critical infrastructure and some of its manufacturing sites outline just how dangerous these attacks can be and must surely cause a major rethink by governments into how to best protect these vital systems.
The importance of ICS security has until now, never been a major focus – the primary focus in technology manufacturing was always to obtain efficiency. From a manufacturing perspective, hackers who infiltrate and manage to shut down a process or disrupt a supply can be costly in several ways:
- Production downtime. Attacks on manufacturing processes can cause hundreds of millions of pounds in losses due to production downtime.
- Customer dissatisfaction/ reputational damage. A reduction in levels of customer satisfaction due to missed shipments can be costly since it may encourage customers to switch to alternative providers. Reputational damage due to loss of trust can amount to hundreds of millions.
- Share price. Of course, with most manufacturers listed on the stock exchanges, even the news of a cyber-attack can cause a large slump in share price, potentially impacting the value of the company. The share prices will also drop when associated lost revenue is reported in financial statements/announcements.
- Intellectual Property. A significant cost in terms of cybercrime is lost/compromised Intellectual Property (IP). This is particularly relevant to pharmaceutical and hi-tech companies as it may compromise new products or allow competitors to bring out competing versions earlier than anticipated. The US government has previously indicted several Iranian hackers who were believed to be responsible for the theft of more than $3 billion in IP from universities. ICS or SCADA security devices contain substantial volumes of data including vital details of proprietary recipes and formulas. Competitors and even nation-states can realise huge benefits from getting hold of this information.
- Supply chain details/internal processes: In addition to the IP associated with new products, valuable information can be obtained concerning internal processes, cost-savings, details of supply chains, preferred suppliers, component costs, and external contracts.
So, what are the most potent threats in ICS Security? The top 4 threats are thought to be:
- Network connected devices. These are regarded as being the major threat to ICS. Any device, including USBs, CD/DVDs and plug-in hard drives can be infected with malware and should always be scanned for worms and viruses before network connection occurs.
- External threats. Threats from competitors, criminal organisations, state-sponsored actors, and hacktivists are very serious.
- Internal threats. Primarily threats from current and former employees and suppliers/customers and include malicious emails, loss of portable devices, etc.
- Ransomware and Financially Motivated Attacks. These threats include malware that blocks access to a system until payment of a ransom. This type of threat has increased over the past three years, with estimates that over $1 billion is paid every year to these perpetrators. This is partially due to the integration of ICS with other business systems.
Priority controls to help prevent Cyber-Attacks in Industrial Control Systems:
- Configuration/patch management: This is about ensuring the safe introduction/application of authenticated software patches and updates that ensure the safety of internal control systems. This can be harder with older systems.
- Application Whitelisting (AWL): Using AWL helps to detect and prevent malware being uploaded to the network. The applications permitted must be clearly specified by the operator and the details shared with vendors.
- Managing authorisations: Cybercriminals are most interested in obtaining authorisations from high-level, privileged accounts. Multi-level authentication and restricting privileges to essential staff only will help to improve ICS security.
- Network segmentation: Segmenting networks, creating “logical enclaves”, and restricting host-to-host communications paths can reduce access for cyber criminals.
- Minimise attack surface area: Ensuring that the ICS network and office networks are secured by firewalls restricts access from external sources.
- Remote access management: Implementing operator-controlled and time-limited remote access can help avoid cyber-attacks in instances where vendors with access to the systems have been compromised.
- Audit ICS networks: IP traffic should be monitored to identify malicious code and hacking attempts. Login analysis can help identify stolen logins or improper access. Account/user administration actions can be monitored for any unusual activity.
It is therefore essential that manufacturing organisations implement SCADA security measures to protect their infrastructure and confidential information.
Does Your Organisation Need Top Cyber Security Consultants?
We are a team of experts with extensive knowledge and experience of helping organisations improve business performance. Our highly qualified consultancy team can deliver cyber security capability at all levels of your organisation and are on hand to help ensure your projects deliver solutions that are appropriately aligned to your cyber security risk position, and meet technical, business and ethics due diligence requirements. Schedule a call above to learn more about how we can help.