Jack O'Sullivan
March 22 2021
Stuxnet was the first in a wave of sophisticated, targeted attacks on ICS, focusing solely on hampering the nuclear enrichment capabilities of Iran. This was quickly followed by others such as Havex and Industroyer. Whatever the motivation of these attacks, it showed the world that an ICS attack was not only possible but was now a prized target.
This worry continues to grow, but is action being taken? We take a look at the stats.
Is concern translating into action?
Data breaches are big news and with every news report comes increasing awareness of the threat. When it comes to ICS the consequences of an attack can be far more serious than just the loss of data, there’s a physical impact and lives are potentially at risk. Organisations running critical systems should be expecting an attack and therefore be treating ICS security as critical.
- 53% of industrial facilities have experienced a breach (Honeywell, 2017)
- 69% of organisations consider the threat to ICS systems to be high or severe/critical (Sans, 2017)
- Three in four companies (74%) expect an ICS cybersecurity attack to happen to them (Kaspersky Lab, 2017)
It’s encouraging to see that companies are taking the threat seriously, but the question remains, is that concern turning into security action? Taking action to prevent potential attack is key and whilst measures may have been adopted the statistics show that these may have been poorly implemented, or not be robust enough to deal with the threat posed.
- Over half (54%) of the sampled organisations have experienced at least one security incident on their industrial control systems in the last 12 months (Kaspersky Lab, 2017)
The increasing issue of connectivity
We live in an increasingly connected world and ICS is no different. What used to be isolated, air-gapped systems are now connected to various devices and networks. The Industrial Internet of Things (IIoT) continues to gather pace and whilst these have brought many benefits, it has also left systems vulnerable to attack.
- Organisations allowing third party access were 63% more likely to experience a cybersecurity breach, compared to 37% of those who did not (Kaspersky Lab, 2017)
So, how has this happened?
The growth of ICS is a major factor. Over the years more devices have been added to networks and more third party connections have been introduced. Systems have become more complex and this can be hard to keep track of, especially when you consider personnel changes, changes in third party suppliers or even companies merging.
Having an up-to-date network map is key and understanding the connections of each device is a must. You may be surprised what devices are connected to your system and what’s connected to the wider world.
- 44% of sites have at least one unauthorised or unknown device (CyberX, 2017)
The vulnerability of these connected devices is also a major concern and the growing Industrial Internet of Things (IIoT) continues to worry many industry professionals. Just like home or office devices, security has been called into question and anything that is connected to an ICS environment needs be as secure as possible.
- Researchers have found 147 security flaws in 34 SCADA mobile apps and 59% of tested apps had insecure authorisation mechanisms.
- Devices that cannot protect themselves and the increasing presence of connected devices, many insecure by design, in and around ICS environments, were the biggest overall concern (44% of respondents). (Sans, 2017)
Out of date operating systems
The WannaCry attack of 2017 showed that ransomware can have a critical effect on operations. Whilst it wasn’t a targeted ICS attack, many organisations were locked out of their systems and many had to shut down manufacturing processes for fear of safety. The way in? Unpatched and outdated Windows operating systems.
ICS operating systems may appear to be running fine but they need to be patched to ensure that latest threats cannot get through. If this isn’t possible then they need to be isolated and secured.
- More than 3 out of 4 industrial sites have obsolete windows systems like Window XP and Windows 2000 (CyberX, 2017)
Improving ICS security
As you can see, concerns about the safety of ICS are growing and the consequences of an attack on these key systems need to be taken extremely seriously. Whilst the threat is increasing, it appears that many organisations are failing to take the necessary precautions to protect their systems.
Whatever the obstacles, now is the time to start taking action. That’s why we’ve created our ICS Security Guide, to help organisations overcome the barriers that are stopping them and to give practical steps you can take to improve your ICS security posture.