Over the past few years, concerns about IT, Operational Technology (OT) assets and vulnerabilities in industrial control system networks have risen. In a standard industrial environment, thousands of devices exist, creating cybersecurity threats that are difficult to detect and remediate. As hackers increasingly find cracks in OT defenses, Willy Leichter, VP of Marketing at Virsec outlines a strategy specifically to protect essential operations and business-critical, critical infrastructure.
As sophisticated cyberattacks proliferate during the COVID-19 pandemicOpens a new window , industrial control systems (ICS) find themselves both increasingly targeted and increasingly vulnerable. Millions of people and businesses rely on these critical infrastructure sectors, ranging from water treatment facilities, production and manufacturing, oil and gas, utilities, power plants, nuclear sites, transportation and more. But these entities are not equipped with adequate security measures to protect themselves against advanced attacks.Â
IT/OT Convergence Increases ICS Vulnerabilities
As information technology (IT) and operational technologyOpens a new window (OT) converge, vulnerabilities in the industrial sector become more prominent. The connectivity resulting from this convergence brings many conveniences to both operators and customers, but convenience comes at a cost. Connectivity significantly increases security risks because IT components such as servers, switches, and routers are continuously exposed to the Internet of Things (IoT) through OT sensors and connections.
In essence, every electronic thing operators and administrators touch is connected to something else. These computing devices include pipelines, valves, milling machines, conveyor belts and systems on trains, ships, buses and airplanes, and more. Connectivity has degraded the traditional air-gapped or isolated environment, once a mainstay for ICS, and exposure to the Internet increases risk exponentially.
Learn More: CSOs: Ransomware Is the Biggest Threat in 2020, Get Your Security Act Together
Cybersecurity Threats in OT EnvironmentÂ
According to an Industry Today survey, nine out of 10 organizations have experienced an OT intrusion in the last year, an increase of nearly 20 percent from last year. Industry insiders project 2020 is expected to be even higher, given the sudden and vast increase in remote workers due to COVID-19.Â
Examples of previous attacks on operational technology (OT) on ICS include Stuxnet, BlackEnergy, Triton and Industroyer. In each calculated exploit, perpetrators bypassed conventional security defenses to hijack applications and operational processes.
Nation-states are one of the highest-ranking threat actors targeting critical infrastructure. In addition to attacks on OT, nation-states frequently conduct cyberespionage and cyberwarfare. Security Magazine found that in 2019, cyberattacks attributed to foreign governments increased by 42 percent. Â The same core countries have been caught repeatedly breaking into critical infrastructures in the United States and other high target countries around the globe. A few such attacks in 2019 alone include:
- June 2019: Russia is suspected of breaking into and dwelling inside US utilities, a repeated offense from prior years.
- July 2019: China carries out attacks Opens a new window against utility employees across three prominent US utility companies.
- September 2019: China state-sponsored hacking group targets 17 US utility companies.
- October 2019: India discovers malware sponsored by North Korea in a nuclear power plant network.
- November 2019: Iran attacks employee accounts of major ICS manufacturers and operators.
Learn More: Contact Tracing Apps: Where Does the Security Debate Stand?
From IT/OT Convergence to Legacy Apps – Risk Factors
Once an ICS environment is exposed or connected to the Internet, it is constantly at risk for malware infections and malicious activity. And because critical SCADA systems require 100 percent uptime, necessary security processes like patching software or updating signatures are difficult and costly, if not impossible. As a result, many of these organizations or facilities are running on unpatched systems.
Another risk factor for ICS and the SCADA infrastructure is age – many were built decades ago. Many environments run on legacy software, often outdated Windows operating systems. Every year, Microsoft puts more versions of its older software into the end of life (EOL) programs, discontinuing all future security updates. This lack of support puts all users at risk. Microsoft’s latest announcement that it would no longer support Windows 7 prompted the FBI to issue a warning of a heightened risk of attack to legacy Windows 7 systems.Â
Learn More: Best Practices to Fight Phishing & Strengthen Cybersecurity in COVID-19 EraOpens a new window
Firewalls Not Enough to Secure OT EcosystemÂ
Today’s cybercriminals are sophisticated and relentless. They bypass traditional defenses, find weaknesses in melting perimeters, and hit their targets incessantly. Attacks are being perpetrated from the inside. Organizations must assume that their networks have already been compromised and attack precursors are dwelling within them.Â
Attackers leverage techniques that execute at the memory level, hidden from view and frequently undetected. Fileless memory attacks, an attack vector of choice, derail and exploit servers, systems, and applications during runtime. Most organizations do not have visibility into the runtime, leaving them wide open for exploitation. Runtime is an ideal weak point – a notorious blind spot.Â
It’s not enough to look at what is coming in and going out to assess applications pre- and post-execution. A successful security strategy for critical infrastructure enables immediate visibility and access as the applications execute – rather than relying on a series of endpoint solutions and firewalls that only provide partial protection.
To protect critical applications at the deepest levels of process memory, organizations must implement novel security processes, procedures and technologies. The solution then is to secure the applications themselves and defend them from within.Â
Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!