Industrial Control System Attacks: A Very Real Threat

Written by: Francesco Trama | Published on: May 10th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

15601408_s.jpgAccording to a report released this year by the Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT), the number of network security attacks on industrial control systems in the United States rose by 20 percent in 2015. Security attacks on the nation’s critical infrastructure should no longer be considered just a possibility or something that happens only in the movies. The threat is real, and it’s one that needs to be considered very seriously by those controlling these facilities.

The Legacy Problem

One of the main issues with industrial control systems (ICS) is that they run on a legacy infrastructure. While some attackers use more sophisticated means of carrying out intrusions, the majority of incidents last year occurred on networks with an insufficient security architecture. Such attacks enforce the need for asset owners and operators to focus on improving security provisions across their systems.

To date, most ICS owners have taken a passive approach to network monitoring, instead focusing on the up time of a facility. There are essentially two reasons for this: Uptime is where the profits lie, and most facilities don’t want to spend their profits on a network monitoring system. What most fail to realize is that a network attack could bring the entire facility to its knees. It’s a Catch 22 problem that needs addressing.

Another issue is the operating system being used on core systems. Facilities that have moved to a predominantly Windows infrastructure may not be applying patches and other critical updates because the ICS vendor doesn’t support these updates. These machines are left vulnerable and susceptible to attack from external and internal sources, for example, malware introduced by a USB device.

What’s more, conflicts between network teams and operations teams can cause problems. Operations teams want zero downtime, but network admins know downtime is essential to apply any updates. In the meantime, these critical systems delivering critical services and products nationwide are being left wide open.

What’s the Real Risk?

When you consider the importance of an industrial facility and what it does, you start to realize the very real risk to the environment, the economy, and even human life. Attackers who gain internal access to a network could potentially affect the efficiency of processes or the quality of a product by making small adjustments to these systems over a period of time. Without the right security measures or monitoring in place, this could be devastating, depending on the facility and what it does. Another risk is the theft of intellectual property and other sensitive data. This is not just a security risk; it could cause significant public embarrassment to the facility involved if leaked to the press

Reduce Risk And Volume

Of course, the obvious answer to the problem is to implement a robust third-party network monitoring solution. In doing so, you can detect and stop threats before they cause significant damage. However, this raises a unique concern that involves industrial control systems — the specific technical nature and volume of traffic can be overwhelming. In facilities where these systems are in place, threats go undetected for days because the operators don’t understand the alerts or the severity of the threat.

One of the best approaches to this problem comes in the form of addressing the volume factor. If you can reduce the volume of traffic entering the network, you will be better equipped to identify problems as they arise. You might be surprised to learn that next-Gen Advanced-IP Filtering can reduce volume by up to 70%. Instead of dealing with huge floods of network traffic, and the risk of missing a potential threat, you can streamline the data received so that relevant alerts are picked up quickly.

Why Mind Sharing Needs to Happen Now

What’s needed here is total mind sharing and understanding between vendors, asset owners and their network teams. You need to take ownership of this problem and put solutions in place to address factors such as encrypted traffic, extreme traffic volumes, cost of storage, and privacy concerns. You need to plug gaps in security vulnerabilities, training and threat analysis, and place more urgency on, quite literally, keeping the lights on. {{cta(‘b45a2409-bf4e-4161-83a5-deb5755a6465′,’justifyright’)}}