This blog was written by an independent guest blogger.
By now, most are aware that the Covid-19 pandemic has led to a spike in cyberattacks. This sharp increase in malicious activity related to COVID has taken the typical form of adversaries seeking to benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas.
Much of this is a direct result of the work from home (WFH) phenomenon. With organizations and businesses rapidly deploying systems and networks to support remote staff, criminals can’t help themselves. Increased security vulnerabilities have offered the opportunity to steal data, generate profits, and generally cause havoc. In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.
There are a number of other threats, though, that have also been caused by the pandemic but that are less visible. One of these is the increased vulnerability of industrial control systems.
The most up to date data on the vulnerability of industrial control systems, and how this has been affected by the pandemic, comes courtesy of the ICS Risk & Vulnerability Report, released this week by Claroty.
This research contains an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors.
The findings are striking, and particularly so given how many systems engineers now work from home. Fully 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, which is possible with 49% of the vulnerabilities.
When combined with the fact that recent research has found that 83% of firms are simultaneously struggling to ensure the security of remote working systems, this is highly concerning. In practice, this means that if an organization’s remote working systems are insecure – which seems likely, given the difficulties that many have reported in recent months – then hackers may be granted an increased capability to remotely execute malicious code on industrial systems.
The increased likelihood of this kind of attack should concern all organizations working with industrial control systems, but especially those companies employing centralized systems such as DCS, SCADA, or PLS.
In recent years, these solutions have been used for networking previously discrete industrial systems together. While this has allowed organizations to dramatically increase their efficiency and productivity, it potentially leaves these systems open to laterally-deployed cyberattacks.
This risk is compounded by a similarly worrying trend in international cyber warfare. Though largely ignored due to the ongoing pandemic, in the last few months we’ve seen an increase in the number of state-sponsored cyber attacks that specifically target industrial facilities, and some analysts warn that this type of attack will only be amplified in the coming few years.
For organizations who operate industrial control systems, the consequences of a successful attack can be severe. Not only are there the financial issues to consider, such as production losses or compromised proprietary information, but it may also affect your ability to meet the mandatory regulation for your sector.
Even worse, a hack of this kind, if it manages to affect the operation of machinery, could lead to damage to the environment, human health and safety, and the community. It’s therefore crucial that manufacturers take steps to protect these systems, especially in the context of the pandemic.
How to protect Industrial Control Systems
Protecting industrial control systems against cyber attack is not that dissimilar to protecting enterprise systems. Given the rise in remote working, organizations should focus on intrusion prevention and limiting hackers’ ability for lateral movement if they do gain unauthorized access.
These measures should include:
- Scanning and filtering all electronic communications. Phishing is still the most common form of cyberattack, even for industrial systems.
- Employing refresher security awareness among all personnel.
- Applying a health-check on the network infrastructure (e.g., accurately configuring firewalls) and conducting post-hack recovery processes on machines that have been affected by malicious actors.
- Ensuring that all devices and services with known vulnerabilities are patched.
- Ensuring that backup policies are in-place to support quick access to impacted files.
- Reviewing your cyber-security policies and procedures to ensure they are well-documented, consistent with best practices, and will withstand scrutiny by regulators in the wake of an incident.
These specific measures should be built on top of the ongoing regulatory responsibilities that organizations need to comply with. For manufacturers in the USA, this means abiding by the National Institute of Standards and Technology (NIST) guidelines and recommendations on the protection of industrial control systems. Such guidelines include:
- Restricting logical access to ICS networks and network activity.
- Restricting physical access to ICS networks and devices.
- Restricting unauthorized modification of data.
- Monitoring, detecting, and responding to security events and incidents.
- Maintaining functionality during adverse conditions.
For organizations rushing – and struggling – to get in place systems for remote working, it might seem like now is a bad time to also be improving the security of industrial control systems. In reality, though, threats of this kind are only going to get worse in the coming years, not least because they mimic the spread of Covid-19 itself.
You should recognize, however, that there is no need to reinvent the wheel, and you are not alone. The power of community to fight Covid-19 threats is an important resource. Pay attention and learn from organizations that have already locked down their industrial control systems against intrusion.