Operators of critical infrastructure and manufacturing in the US have received a warning from The FBI and Homeland Security Department about cyber criminals targeting them. The cyber-attacks have been limited to administrative and business networks, but are ongoing. IT security experts commented below.
Edgard Capdevielle, CEO at Nozomi Networks:
“Targeting engineers with phishing messages is pretty straight-forward and, if successful, could be extremely damaging. In tandem, while air-gapping offered a degree of protection, the way our nuclear plants, and any infrastructure for that matter, is maintained today means this practice is defunct. We often see engineers ‘plugging’ in their own devices to perform diagnostic checks. Should that person’s device have been compromised, this action could unleash malware directly into the heart of each component being checked, which then crawls and burrows deeper into the infrastructure. Plant managers need to be able to identify and close down anomalous behavior before damage is done. Advanced monitoring and anomaly detection solutions provide actionable intelligence that enable them to identify intrusions and take immediate steps to ensure uptime and resilience of their critical operational technology (OT) environments.”
Paul Edon, Director at Tripwire:
“With most industrial control systems now connected to the internet, they are vulnerable to targeted cyber attacks and cyber espionage campaigns. However, because the systems were not designed with security in mind, they are largely unequipped to deal with these attacks. For any business that has an industrial control system footprint, whether in manufacturing, transportation or energy, now is the time to evaluate how the environment is being secured. Failure to do so could result in a devastating attack which causes serious damage or even endangers public safety.
The first step is to review one of the available ICS Cyber Security Frameworks i.e. “NIST Guide to Industrial Control Systems (ICS) Security” or “CPNI – Security for Industrial Control Systems Framework”. This will assist organisations to better understand the challenges, requirements and responsibilities with regards to Governance, Business Risk, Managing ICS Life Cycle, Education and Skills, Security Improvements, Vulnerability Management, Third Party Risk, and Response Capability.”
Mike Patterson, CEO at Plixer:
“Cybercriminals and terrorist organizations clearly identify power and energy facilities as high value targets due to the potentially massive disruption that would come from their compromise. Based on this, power and energy organizations must be diligent and lead the world in deployed security systems. Many industrial control systems (ICS) are now connected to IP networks, making them more vulnerable to attack than in the past when they were deployed on proprietary, separate systems and networks. Due to the complexity and massive threat surface of modern networks, software, and systems, complete prevention is simply not possible. In addition to security tools aimed at prevention, these organizations must have incident response processes in place which leverage network traffic analytics (NTA) to monitor every network connection and look for anomalous device behavior. NTA provides the contextual forensic data needed to identify root cause, mitigate the problem and return to normal. Investigations that once took days, weeks or longer can now occur in just minutes.”