Industrial Control Systems Are A Soft Target For Cyber Attackers

Despite knowing for some time that improperly protected Internet-connected industrial control systems are vulnerable to attacks that can cause catastrophic harm to businesses and communities ICS systems are still easy targets, if numbers collected by a security vendor are representative.

“Many sites are exposed to the public Internet and trivial to traverse using simple vulnerabilities like plain-text passwords,” says the global ICS risk report released this morning by CyberX. “Lack of even basic protections like automatically-updated anti-virus enables attackers to quietly perform reconnaissance before sabotaging physical processes such as assembly lines, mixing tanks, and blast furnaces.”

The report looked at anonymized data obtained from over 850 production ICS (also known as operational) networks of CyberX customers in a 12 month period starting September 2017.

Among the findings:

– 69 per cent of networks had plain-text passwords traversing the network. A lack of encryption in legacy protocols like SNMP and FTP exposes sensitive credentials — making cyber-reconnaissance and subsequent compromise relatively easy;

– Operational networks are protected because they are air-gapped is a myth: 40 per ent of industrial sites have at least one direct connection to the public internet, making them more easily accessible to adversaries and malware;

– 53 per cent of sites had obsolete Windows systems such as Windows XP. The report admits due to ICS-specific
factors such as narrow maintenance windows, legacy applications, and older hardware some systems can’t be patched. If so, continuous monitoring of those systems may be necessary, as well as better network segmentation;

– 84% of industrial sites had at least one remotely accessible device;

– 57 per cent of sites weren’t running anti-virus protections that update signatures automatically;

– 16 per cent of sites had at least one wireless access point. They need to be monitored and patched;

This is a follow-up to a similar report done a year ago, and CyberX says, there isn’t much difference. Other than fewer sites running old versions of Windows, “the industry may not have changed much over the course of the past year.”

Among the problems, the report notes, is that industrial networks contain a complex mix of specialized non-IT protocols, including proprietary protocols developed for specific families of industrial automation devices. This heterogeneous mix complicates security for OT environments. In addition, many OT protocols were originally designed when robust security features such as authentication were not even a requirement — because it was assumed that simply having connectivity to a device was sufficient authentication.

Still, a number of standard IT protocols are in use. The SMB protocol is widely used across IT and OT networks, the report points out. “Managers should note that vulnerabilities in the decades-old SMB protocol were a key factor in the costly
WannaCry and NotPetya attacks of 2017.”

“Not everything can be protected at once,” the report admits, “and the deeply complicated and critical nature of OT networks mean that by definition systems cannot be easily taken offline in order to install upgrades, patches, or anti-virus.”

What’s the solution: “Ruthless prioritization is required.”

– inventory all ICS assets;

– identify vital assets (those that could cause catastrophic harm, revenue loss, lawsuits, theft of intellectual property) and use technologies such as automated ICS threat modelling to reduce risk;

– discover likely attack paths, then practice — through table-top and other exercises — how to defend against them.

– mitigate and protect by looking at everything from weak password and password policies, closing off unauthorized or unnecessary Internet connections, direct connections between OT and IT networks, open ports, device patching, lack of network segmentation. And get rid of the walls between administrators of OT and IT networks.

IT World Canada:

You Might Also Read:

USB Devices Pose A Significant Threat To Industrial Facilities

« Cybersecurity Vigilance Is Mandatory
Chinese Hackers Target UK Engineering »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Trustonic

Trustonic

Trustonic is a leader in the device security market. Our mission is to protect apps, secure devices & enable trust.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.