Industrial Control Systems Are A Soft Target For Cyber Attackers

Despite knowing for some time that improperly protected Internet-connected industrial control systems are vulnerable to attacks that can cause catastrophic harm to businesses and communities ICS systems are still easy targets, if numbers collected by a security vendor are representative.

“Many sites are exposed to the public Internet and trivial to traverse using simple vulnerabilities like plain-text passwords,” says the global ICS risk report released this morning by CyberX. “Lack of even basic protections like automatically-updated anti-virus enables attackers to quietly perform reconnaissance before sabotaging physical processes such as assembly lines, mixing tanks, and blast furnaces.”

The report looked at anonymized data obtained from over 850 production ICS (also known as operational) networks of CyberX customers in a 12 month period starting September 2017.

Among the findings:

– 69 per cent of networks had plain-text passwords traversing the network. A lack of encryption in legacy protocols like SNMP and FTP exposes sensitive credentials — making cyber-reconnaissance and subsequent compromise relatively easy;

– Operational networks are protected because they are air-gapped is a myth: 40 per ent of industrial sites have at least one direct connection to the public internet, making them more easily accessible to adversaries and malware;

– 53 per cent of sites had obsolete Windows systems such as Windows XP. The report admits due to ICS-specific
factors such as narrow maintenance windows, legacy applications, and older hardware some systems can’t be patched. If so, continuous monitoring of those systems may be necessary, as well as better network segmentation;

– 84% of industrial sites had at least one remotely accessible device;

– 57 per cent of sites weren’t running anti-virus protections that update signatures automatically;

– 16 per cent of sites had at least one wireless access point. They need to be monitored and patched;

This is a follow-up to a similar report done a year ago, and CyberX says, there isn’t much difference. Other than fewer sites running old versions of Windows, “the industry may not have changed much over the course of the past year.”

Among the problems, the report notes, is that industrial networks contain a complex mix of specialized non-IT protocols, including proprietary protocols developed for specific families of industrial automation devices. This heterogeneous mix complicates security for OT environments. In addition, many OT protocols were originally designed when robust security features such as authentication were not even a requirement — because it was assumed that simply having connectivity to a device was sufficient authentication.

Still, a number of standard IT protocols are in use. The SMB protocol is widely used across IT and OT networks, the report points out. “Managers should note that vulnerabilities in the decades-old SMB protocol were a key factor in the costly
WannaCry and NotPetya attacks of 2017.”

“Not everything can be protected at once,” the report admits, “and the deeply complicated and critical nature of OT networks mean that by definition systems cannot be easily taken offline in order to install upgrades, patches, or anti-virus.”

What’s the solution: “Ruthless prioritization is required.”

– inventory all ICS assets;

– identify vital assets (those that could cause catastrophic harm, revenue loss, lawsuits, theft of intellectual property) and use technologies such as automated ICS threat modelling to reduce risk;

– discover likely attack paths, then practice — through table-top and other exercises — how to defend against them.

– mitigate and protect by looking at everything from weak password and password policies, closing off unauthorized or unnecessary Internet connections, direct connections between OT and IT networks, open ports, device patching, lack of network segmentation. And get rid of the walls between administrators of OT and IT networks.

IT World Canada:

You Might Also Read:

USB Devices Pose A Significant Threat To Industrial Facilities

« Cybersecurity Vigilance Is Mandatory
Chinese Hackers Target UK Engineering »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

Smarttech247

Smarttech247

Smarttech247 deliver a range of cyber security solutions, including cognitive security services using IBM Watson for Cybersecurity, SIEM, Compliance & Governance, and Penetration Testing.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

Intuity

Intuity

The Intuity suite of services provides companies with a complete awareness of their security status and helps them in an efficient, efficient and sustainable improvement process.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.