What Makes ICS/OT Infrastructure Vulnerable?
Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and availability (CIA) tradeoff being one of the leading causes.
Adopting cybersecurity solutions to protect OT infrastructure is a vital obligation since availability is critical in OT infrastructure. It necessitates a thorough knowledge of ICS operations, security standards/frameworks, and recommended security solutions.
OT security in the past was restricted to guarding the infrastructure using well-known techniques like security officers, biometrics, and fences because ICS/OT systems didn’t connect to the internet.
For ease of operation, every ICS/OT infrastructure currently has internet access or is doing so. However, this transformation exposes these systems to dangers that cannot be avoided by relying just on conventional precautions.
OT/ICS Security Trends
OT systems are frequently tricky from a security operations viewpoint, even though they often have a lower attack surface and less functionality than standard IT systems.
Cyber-defenders find it challenging to determine whether these devices are running susceptible software or are misconfigured because they frequently have proprietary interfaces.
As per Kaspersky Labs:
- In the initial half of 2018, malicious software hit almost 40% of the ICS PCs it monitors at least once.
- Sixty-one vulnerabilities in industrial and IIoT/IoT systems were found, but only 29 of them were patched by the systems’ owners in 2017.
- Critical vulnerabilities affected 20% of sensitive ICS devices.
- There were around 40,000 pieces of malware.
We all need to take this as a significant wake-up call. Attacks on these systems can be pretty damaging (look at the 2015 power grid hack in Ukraine, which resulted in a blackout that impacted over 200,000 people).
Will communications networks, electricity grids, or nuclear plants be the next?
As per CyberX’s 2019 Global ICS & IIoT Risk Report:
“The data demonstrates that attackers continue to target industrial control systems as easy prey. Lack of fundamental security measures, such as automatically updating antivirus software, enables attackers to carry out covert surveillance before compromising operational procedures.”
Key findings are:
- 40% of industrial premises have at least one direct Internet connection.
- At least one wireless access point is present at 16% of the sites.
- 57% only have minimal antivirus security.
- One remotely accessible device is present in 84% of cases.
Vulnerabilities In ICS/OT Infrastructure:
Back in 2016, a writer for the State of Security stated the following:
“If these ICS devices were hacked, routine service might stop, confidential information could be lost, and serious harm could result.”
As one example, consider the attack on the Colonial Pipeline.
The Colonial Pipeline Company’s website declared that it had taken several systems offline to “contain the threat” posed by a strong ransomware attack.
Following that choice, all pipeline operations halted temporarily, resulting in gas shortages and panic around the East Coast.
According to Bloomberg, just hours after finding that hackers compromised the networks, Colonial Pipeline paid a $5 million ransom.
Some of the vulnerabilities are:
Firmware upgrades are often disregarded by most L1 to L3 switches and firewalls since they seldom affect the operation directly. This misunderstanding results in very susceptible connections inside ICS systems at several levels.
Application of Erroneous or Cost-Cutting Security Levels: Depending on the ICS/OT architecture, the ISA/IEC 62443 standards explicitly define the required degree of security. Frequently, incorrect selection of security settings or cost-cutting measures results in system exposure or the indirect opening of back doors.
To facilitate network access, operators have employed insecure passwords. The operators are required to use crucial passwords. However, they commit a second error using the same necessary password for all entry points. It makes it more effortless for attackers to get access.
No Inventory Database
Due to the increased number of connected devices, terminals, and automation devices from several manufacturers, it has become challenging to maintain updated inventory databases in ICS/OT infrastructure, which indirectly causes a gap in OT infrastructure. Whether illegal devices are attempting to join or get linked to the infrastructure, this will be exceedingly difficult to locate and disconnect the device from the network.
Test the Restore of a Backup in the Event of an Emergency:
In most ICS/OT infrastructures, system backups are either full system backups or incremental backup solutions.
Any ICS environment would suffer tremendous financial losses if the restoration failed.
To mitigate this risk, always choose the most crucial part of your OT activities and frequently restore it on an external PC to reduce this risk.
Protocols employ authentication data to authenticate connectivity between networked devices. They are an essential layer of defense in a communication system. Bypassing authentication in protocols allows any network-connected computer or device to enter commands to modify or alter ICS-controlled functions. It might result in faulty operations and harm commodities, plant equipment, and people.
Organizations can take the following actions to reduce the danger posed by unverified protocols:
- Identify any unverified protocols in use and, whenever possible, offer authentication alternatives.
- Request device makers to implement authentication features
- Identify the remote entry points and deploy the necessary security resources and procedures.
- Configure firewalls and access restriction lists
User Authentication Weakness
Authentication is how a person identifies himself to a system. Cyberattacks are susceptible to authentication data supplied in the open text, complex passwords, and readily broken passwords. Knowledge-based verification can be highly insecure if password regulations are not often updated.
On the other side, identity-based verification such as biometrics, which fingerprint or iris scans use for authentications, is far more difficult to counterfeit or circumvent.
In today’s interconnected society, cyberattacks are becoming increasingly prevalent in the news. Currently, the majority of ICS access the internet. ICS comprises many devices, computers, actuators, communication channels, and software interconnected to communicate and control industrial processes.
ICS is susceptible to electronic infiltration and viruses from within and beyond the controlling system network. A hacker with knowledge of software, industrial machinery, and networks can utilize electronic means to obtain access to the ICS if no precautions are implemented.