A fresh blog post over Indegy talks about the security of industrial control systems, which are both safe and usually spared from common security threads, but still not bullet-proof.
Written by Michael Rothschild, Director of Marketing at Indegy, the blog post talks about security in ICS or SCADA systems, which although usually safe and secure, still under threat. This has become a growing issue since two recent cryptocurrency mining incidents that took place in critical infrastructure facilities in Europe and Russia.
The first incident involved a water utility provider in Europe, which was hit by cryptocurrency mining malware and downloaded from a malicious advertising website.
The second was a bit more serious as it hit a top-secret Russian nuclear warhead facility where several scientists were using one of the supercomputers to mine Bitcoins.
While a few years ago industrial control networks were considered safe against cyber attacks, the recent rise in both the amount and the severity of cyber threats will eventually spread to ICS.
The blog post outlines three points of security implications for industrial organizations, starting with the fact that industrial control networks are reachable. New connected technologies like the Industrial Internet of Things (IIoT), increase the exposure of ICS networks to cyber attacks and while IT administrators can try to completely isolate the ICS network, there is still a human factor that can compromise the network from inside.
The second point is that industrial control networks are not governed well enough, and given the risk involved, these should be subjected to periodic vulnerability assessments, patching, and similar cybersecurity moves.
The third one is the most worrisome as it states that due to the lack of protective measures, industrial networks are at imminent risk. While it is quite easy to patch a consumer-oriented or even an office system, shutting down an industrial system for patching is a big issue, especially when considering system stability and safety.
The post suggests that hacking the Windows machines is actually more difficult than gaining access to the controllers, which are not typically protected with authentication, encryption, authorization, or other standard security mechanisms, which makes ICS-specific threats, such as Triton malware, both a lot more serious.
The post concludes that critical infrastructure and industrial organizations need better visibility and control of their asset inventory in order to ensure that unwanted software comes on their network. In order to build an effective security strategy, these have to know the manufacturers, models, firmware versions, latest patches and current configuration for each and every asset in the network, including the automation controllers (PLCs, RTUs, or DCS controllers), as well as Windows servers used by operators.
You can check out the full blog post over at Indegy.com.