Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
September, 20208 SECURING YOUR INDUSTRIAL CONTROL SYSTEMS TODAYIn March 2018, the US-CERT published an alert that a multi-stage campaign against critical infrastructures was being conducted by Russia against targets in the United States. This alert was the result of detailed analysis of the attacks conducted by the Department of Homeland Security and the Federal Bureau of Investigation. The malicious activities are an attempt to compromise the networks of energy sector, government, transportation, energy production, and some critical manufacturing sectors. Typically, parts of these infrastructures include Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems that control the physical processes.These attacks are ongoing, and they are not only against the United States. Any organization with ICS/SCADA networks is at risk for similar attacks. BY RICHARD BUSSIERE, DIRECTOR, PRODUCT MANAGEMENT APAC, TENABLERichard BussiereFor example, the Australian Cyber Security Center reported that for the years 2016/17, there were 7283 cybersecurity incidents impacting major Australian businesses and of these 734 impacted private sector businesses that provided critical infrastructure.The "ownership" of any critical infrastructure, public or private, can cause significant social or economic distress, with massive first, second and third order impacts. As a simple example, consider what are the effects an attack causing an outage of an urban mass transit system would have, even when if just for a few hours:· Customers can't get where they need to get and are delayed;· People seek alternate modes of transport, which rapidly oversubscribes those modes;· Street traffic increases, causing further delays;· Meetings are delayed or cancelled;· Commerce is impacted, sales that otherwise would have taken place, don't take place.Besides these effects, there is the added serious consequence of the loss of public trust in the victim organization. Formerly ICS environments have operated in isolation. This is no longer true as business demands force the real-time extraction of process data from the ICS environment. Unfortunately, these new connections also increase the risk of cyber attacks against these brittle ICS infrastructures. To help understand these new risks, let's look at how attacks against critical infrastructures are orchestrated. Attackers will conduct "open source" research on potential targets by studying publically available information. This research will reveal business partners, data on employees, data on infrastructure and so-on. All of this data is useful at identifying targets and designing attacks. Next, using this information, the attackers may attempt to find weakly defended networks, typically operated by suppliers or contractors that are connected to more strongly defended critical infrastructure targets. Once breached, the partner/contractor network is used as a bridge to attack the critical infrastructure network. This effectively takes advantage of the trust relationship that exists between the subcontractors/partners and the true target of the attack, the critical infrastructure network. Attackers may also use "watering holes" - for example trade and informational websites that relate to Industrial Control, IN MY V EW
< Page 7 | Page 9 >