SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Industrial control systems are increasingly vulnerable to cyberattacks

Fri, 16th Aug 2024

In his recent white paper, Chris Steffen of EMA got out his crystal ball, looked into the future, and saw a dynamic landscape of cybersecurity challenges for Operational Technology (OT) and Industrial Control Systems (ICS). He focused on proactive measures needed to mitigate risks and safeguard critical infrastructure and industrial processes. He saw that cyberattacks targeting OT and ICS are expected to rise in frequency and sophistication, citing evidence from sources like the OT cybersecurity Year in Review by the cybersecurity firm Dragos. They reported that ransomware attacks against industrial organizations increased by 50 percent over last year and that 70% of all ransomware attacks targeted 638 manufacturing entities in 33 unique manufacturing subsectors, demonstrating a clear trend of escalation. Steffen's paper goes on to say: 

"The surge in ransomware incidents, particularly in critical infrastructure, is a stark reminder of the omnipresent threat.  Supply chain vulnerabilities trigger cascading impacts across critical infrastructure and manufacturing businesses compounded by the increasing complexity of the not-very-clearly documented connected OT computing environment.  The SolarWinds and Kaseya incidents are potent examples of the risks posed by supply chain attacks. The increasing interconnectedness of OT with IT systems fueled by initiatives like Industry 4.0 and 5.0 amplifies these risks."  

Steffen identified four major reasons for the increasing trend of industrial networks connecting to the IT network (and to the internet) instead of being completely air-gapped: 

1. Analytics for decision support and governance. Increased digitization has led to increased data, which enterprises can leverage to improve business governance, achieve faster business results, and satisfy compliance requirements.  

2. Industrial automation management from the cloud. Most OT/ICS vendors, such as Rockwell, Siemens, ABB, Honeywell, Schneider, etc., offer great automation solutions by connecting industrial systems to a data aggregator and the aggregator to the cloud. These may include control room and safety solutions, remote monitoring systems, measurement Instrumentation, etc.  

3. Digital twins. Modern digital control systems represent the industrial network graphically, so users can manipulate the display to change control parameters. This is important because the data connection is not merely monodirectional from OT to IT. It is OT-to-IT and back. This opens an additional vector for attack and the spread of an attack.  

4. Enabling affordable maintenance and patch management. As suppliers of industrial systems and industrial control systems try to offer services at lower costs, and as expertise in these systems continues to dwindle, more maintenance service providers are seeking "out-of-band" connections into industrial networks because it is becoming increasingly expensive and less efficient to fly experts to every customer location. Traditionally, such connections were set up using VPNs, which we know today to be at the root of many cyber-attacks. 

For all these reasons, we at ColorTokens agree with Steffen that the traditional OT cybersecurity approach of "security by obscurity" is no longer sufficient. Industrial network owners have to face up to the fact that cybersecurity is not just the domain of the IT guys. Because of the increasing exposure of operational technology to the enterprise IT network, and to the Internet, they must take the crucial steps needed to increase the resiliency of their cyber-physical systems.  

A foundational way to do this is through zero trust microsegmentation.

Microsegmentation stops the spread of a breach within your industrial network. A fundamental concept of zero trust security is to assume a hacker has already penetrated your perimeter defenses. This is a departure from traditional cybersecurity approaches, which aspire to stop every incursion at the perimeter firewall. The problem is that recent history has taught us that, inevitably, a breach will get through. This is because of the tyranny of the law of large numbers: the defender must be right every time in perimeter defense, while the adversary only needs to be right once. To address this challenge, the ColorTokens solution controls traffic in the east-west plane, between devices, and in the north-south plane, between devices and the upper layers of the enterprise architecture. Only authorized traffic is permitted.   

It does this using a gatekeeper appliance inserted adjacent to the switches on (or between) levels 2 through 5. No software agents need to be installed on any devices. The gatekeeper uses a /32 subnet strategy to become the default gateway for all north-south and east-west traffic, including for those devices in levels 0 and 1. Valid traffic is permitted, while illicit traffic is stopped.  

ColorTokens' solution offers a strategy that postures the industrial network for resilience by preventing the lateral spread of a breach after an initial compromise. Microsegmentation prevents a breach from becoming a crisis in your cyber-physical systems–a crisis that could impact quality, revenue, or even the health and well-being of your employees.  

It's time to get to the left of the boom 

A proactive approach is best. In his paper, Steffen describes how a breach-ready microsegmentation strategy can contain lateral propagation of a breach and significantly increase the breakout time. But there's a catch. Your systems must be configured to be breach-ready by design before an attack, as opposed to using reactive breach prevention strategies. He outlines several benefits of implementing an integrated microsegmentation solution that covers the industrial control systems: 

• Reduced attack surface: A segmented network reduces the potential impact of a breach. Even if attackers gain access to a device, their ability to move laterally and compromise additional critical systems is reduced. 

• Improved threat detection and response: Microsegmentation simplifies network traffic analysis, allowing security teams to detect suspicious activity and locate threats quickly. 

• Enhanced operational resilience: Microsegmentation helps ensure business continuity and protects critical infrastructure from cyber-attacks. 

• Simplified security management: A single pane of glass that streamlines security policy creation and enforcement for both IT and OT environments 

So that's the teaser for the new EMA white paper. If you'd like to read the full report, download it here: Protecting Industry 4.0 with Microsegmentation. If you manage industrial control systems, we think you shouldn't miss this one, and we would welcome the opportunity to speak with you about how we can help you make your industrial network resilient and breach-ready. You can reach out to us here.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X