Andrey Kuzmin - Fotolia

Industrial control systems a growing target for cyber attack

Attackers with increasing capabilities have strong financial motivation to go after critical infrastructure and manufacturing firms, says security industry expert

Cyber attacks on critical infrastructure and manufacturing industries can no longer be considered to be fictional or hypothetical, according to Israeli cyber security firm SCADAfence.

The company specialises in cyber security for industrial control systems (ICS), including Scada process control software commonly used in the electrical power, oil, gas, water, transportation, chemical, pharmaceutical and manufacturing industries.

“These attacks are real. We are seeing more and more of them on a daily basis across a broad spectrum of companies and countries,” said Yoni Shohet, co-founder and chief executive of SCADAfence.

“Attackers with increasing capabilities have strong financial motivation to go after companies in these highly-competitive industries,” he told Computer Weekly.

There has been a marked increase in the volume of these attacks in the past 18 months, he said, with the most recent being the attacks on power companies in Ukraine causing the first cyber blackout.  

Shohet also cites a recent attack aimed at stealing intellectual property from manufacturing facilities in the pharmaceutical industry.

It is important that industries that use industrial control systems understand the threats and risks as well as their vulnerabilities, he said. “They need to ensure they can contain threats and ensure there is no unauthorised operations inside their IT environment that can introduce threats or manipulate industrial processes.”

Securing industrial environments

Attackers could potentially affect the quality of products and efficiency of processes by making small adjustments to the control systems over time.

Hacking of industrial plants for extortion is one of the biggest untold stories because such attacks are seldom reported, according to Marina Krotofil, a researcher at Hamburg University of Technology.

Other risks include the theft of sensitive commercial information – including intellectual property – and costly downtime of production systems.

Commonly cited challenges to securing industrial environments include difficulties in updating legacy hardware and software to deal with new and emerging cyber threats by adding capabilities for things such as encryption and authentication.

Suppliers of critical national infrastructure also typically struggle with the fact that there are often prohibitive fines for downtime that would be required to update software for security reasons.

Read more about industrial control systems security

Another challenge is that IP-connected systems and sensors are becoming increasingly common in industrial environments, referred to as the industrial internet of things (IIoT).

This trend is exposing the industrial environment to external networks and, in some cases, the internet itself, increasing the exposure to cyber risks.

Another trend is the increased use of ransomware by cyber criminals against a range of targets, including industrial organisations. In these attacks, targeted organisations are typically infected with malware that locks down IT systems until a ransom is paid.

Although initially misreported as a cyber attack on Israel’s electricity grid, a recent ransomware attack against the Electricity Authority – which regulates the power industry in Israel – is an example of this form of cyber extortion.  

Improve security through increased visibility of networks

Key to addressing all of these challenges, according to Shohet, is increasing visibility of the industrial networks without having any impact on the performance of those networks.

“To improve security, companies need to have complete visibility and a real-time understanding of their IT environments so that they are able to monitor all activity and detect any anomalous, unauthorised or malicious activity immediately and contain it before any damage can be done,” he said.

Increased visibility also enables companies to perform risk assessments to identify and prioritise the necessary security improvements, and to understand the risk of not patching systems against specific threats to avoid downtime.

The “static” and “deterministic” nature of industrial systems, said Shohet, makes it possible to build more accurate and effective monitoring and analysis systems than is possible in a conventional corporate IT department.

Organisations must respond to attacks quickly

In addition to building a capacity to identify vulnerabilities and indicators of compromise through continuous monitoring, organisations need to ensure they have the capacity to respond to attacks quickly and contain them, he said.

Organisations can also put controls around industrial systems to ensure that can send and receive only the instructions that are required for normal operations, and that systems are not allowed to behave in any unintended way.

Restricting all activity not related to the industrial production process is an effective way of reducing the risk of cyber attack, said Shohet.

Read more on Hackers and cybercrime prevention