A presentation at last week’s BSides conference by researchers from INSINIA emphasised that industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. The talk reviewed 25 years of industrial control kit, going back to the days of proprietary equipment and X21 connections before discussing proof-of-concept attacks. Andrea Carcano, Co-founder and Chief Product Officer at Nozomi Networks commented below.
Andrea Carcano, Co-founder and Chief Product Officer at Nozomi Networks:
“Cyberattacks on critical infrastructure have increased in recent months with attackers crafting threats specifically to target those systems, including Industroyer/CrashOverride, Triton and WannaCry. We’ve seen the damage that can be done from hacks in the Ukraine where attackers were able to compromise and shutdown systems.
“With each incursion, both successful but also those that are thwarted, the attackers learn what works, what doesn’t, and what can be improved for the next try. The next attack on critical infrastructure systems could be just around the corner and the potential consequences of not investing in industrial cybersecurity technologies could be numerous and severe. Destructive malware is being developed, and tested, and critical infrastructure operators need to be able to identify and mitigate anomalous behaviour before damage is done.
“Despite the benefits of connectivity, wireless devices, including industrial routers, access points and gateways, as well as smartphones and tablets used by engineers and operators for remote access, remain especially vulnerable to cyberattacks. Many of these devices have not been designed with security in mind. For example, in the fall of 2016, thousands of online consumer devices were harnessed by the Mirai malware and used to disrupt and disable popular websites.
“Innovation and implementation of advanced cybersecurity technologies, such as machine learning and artificial intelligence, are an important step toward safe and reliable critical infrastructure. By establishing a baseline of ICS network communications and conducting active monitoring for anomalies, anything that detracts from expected behavioural patterns can be flagged and addressed. In addition, these technologies meet the unique needs of securing industrial networks and processes, integrate with IT security infrastructure to bridge the OT/IT divide and help reduce the cybersecurity skills gap.”