Think of a situation where two nations are at war. One country has the capability to attack the other’s industrial infrastructure, like the electrical grid, oil and gas plants, water treatment plants, nuclear plants and so on. What would be the repercussions if plant operations were controlled remotely and maliciously?
Industrial Control System (ICS)
ICS is utilized to control commercial processes such as manufacturing, production and circulation.
Industrial Control Systems (ICS) include various types of control systems such as Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS), Programmable Rational Computer (PLC), Remote Terminal Units (RTU) and Intelligent Electronic Devices (IED).
ICS is ending up being a prime target for cyberattacks.
ICS lacks fundamental security practices. Let’s look at the major vulnerabilities and hazards to ICS/SCADA.
1. Direct exposure over the internet
Prior to the internet, ICS operation was restricted to the plant. With boost in operations, combination with other platforms and for ease of access, some business have actually connected their ICS or part of the ICS setup to the web. Insecure connections may permit backdoor gain access to for destructive celebrations to go into the ICS environment.
External access is typically provided to suppliers for upkeep purposes.
2. Weak segregation
Weak segregation between IT and OT environments is one of the common elements resulting in ICS compromise. Weak access control might enable a maker connected to the IT network to reach a device on the ICS network, and a malware attack on the IT system may allow malware to spread to the OT setup.
3. Default setup
Patches have actually been produced for vulnerabilities within the ICS environment and supplier systems. Not all business can afford downtime for patching, as it leads to reduced production and lost earnings. Some business feel their ICS is firmly isolated or they have no ICS security policy that deals with spots, so they continue in the default configuration.
4. Weakness in ICS procedures
The initial procedures utilized in ICS were not designed with security in mind. The very same procedures are used in the existing ICS setup.
For instance, the MODBUS procedure utilizes cleartext communication, which may permit the assailant to eavesdrop on traffic. The MODBUS procedure does not have proper permission, which might cause unauthorized actions like upgrading the ladder reasoning program or shutting down the PLC.
5. Weakness in ICS applications
Applications related to ICS and HMI are sometimes susceptible to the web or thick client-based attacks like SQL Injection, Command Injection, or Specification adjustment. Absence of file encryption procedure causes credential smelling. Cross-site Scripting attack can lead to Session Hijacking.
6. Absence of security awareness
Due to absence of security awareness, staff members often end up being a victim of social engineering, phishing and spearphishing attacks.
1. Malware threats
Portable kinds of media are often used by the company workers in the workplace and ICS environment.
Employees typically bring their workplace USB flash drive home and connect to their individual laptops.
2. Expert attack
Expert attacks are a considerable danger within organizations.
Organizations frequently disregard to follow the principle of least privilege, permitting an employee to carry out other delicate and unapproved actions. Failure to enact gain access to revocation policies for employees leaving the company likewise deteriorates the business’s ICS security.
3. Rejection of service
Wired and cordless connections are used in ICS. Attacks on these connections may cause interruption of real-time interaction in between ICS elements. In ICS, delays of seconds may have serious unfavorable impacts on the operation.
Another method to perform a DoS attack is to assault the components, such as PLCs.
4. Third-party hazards
With increased outsourcing of system assistance for ICS setups, the infected devices of assistance staff provide a hazard of compromise. Since client companies do not have direct control over third-party service providers’ infrastructure, there is an increased risk of make use of propagation.
5. Technical or physical breakdown
Component-level failure like power, hard disk failure, system crash and cable television damage may cause runtime failure. Runtime errors in software application can also interrupt operations up until the software application or system is reset or fixed.
6. Risks from terrorists and hackers
Crucial infrastructure is an essential target for terrorist groups who wish to trigger worry, damage, and loss of life.
ICS is significantly exposed to the very same cyberthreats as IT.
- Cyberthreats to ICS Systems, Kaspersky
- The Current ICS Danger Landscape, LinkedIn
- Leading 10 Crucial Infrastructure and SCADA/ICS Cybersecurity Vulnerabilities and Dangers, Inspect Point