The bleak Orwellian future of dominance by factories and industrial landscapes has not exactly become reality – at least not in the western hemisphere. However, across the globe manufacturing remains the lifeblood of both first world and developing nations. At the same time what some are calling ‘Industrie 4.0’ or the Smart Factory has become a reality. Leading experts have predicted that the global manufacturing sector will see an increase and acceleration in the connectivity and digital transformation initiatives that have taken root in the industrial sector over the past few years. As an increased reliance on digital systems continues to transform how goods are manufactured, the issue of security surrounding industrial control systems (ICS) will increasingly be highlighted. Cyber security firm, Indegy released a blog report entitled ‘Industrial Cyber Security Predictions for 2018’ in December 2017 – and that report has highlighted some of the issues ICS security professionals must face in a fast-changing industrial landscape.
ICS security under threat
The report covers a wide swathe of threats that face ICS control systems. Threats such as ICS ransomware, a Red Button Cyber Weapon and Industrial Internet of Things (IIoT) risks take center stage in the threat matrix facing this fast-growing industrial sector. These threats will force ICS security professionals to adopt new approaches and embrace innovation in the next 12 months and beyond in order to protect increasingly complex and vulnerable systems.
Ransomware outbreaks such as WannaCry, NotPetya, and most recently, Bad Rabbit, caused widespread disruptions among organizations in all industries, including manufacturing and transportation services. According to the report there is no reason to believe that ransomware will not continue to evolve in 2018. In fact, these attacks were not aimed specifically at industrial control systems network targets – but with the increasing importance and complexity of the networks, this can be expected to change.
Legacy Windows vulnerability – A clear weakness
The threat to industrial control systems is especially clear due to the fact that these environments often use legacy Windows systems that have well known weaknesses in security and may not have been patched regularly. For IT professionals the lesson needs to be learned that these system vulnerabilities need to be addressed by applying regular patches. Even though ransomware has not targeted controllers in the past – it’s only a matter of time. In 2017 researchers at the Georgia Institute of Technology designed a cross-vendor ransomware worm known as LogicLocker which would be capable of targeting PLC’s.
Aside from locking users out of systems, this ransomware was potentially even more dangerous. It contains a ‘logic bomb’ that begins to dangerously operate machinery and threatening permanent damage and human harm if the ransom is not paid in time. Now that this proof of concept is out there, ICS security can expect to see real world attacks in the near future.
Dana Tamir, Vice President of Market Strategy for Indegy explains, “The introduction of IIoT architectures has exposed most PLCs to cyber threats they have never faced before. In the past, industrial control system environments were isolated from the internet by an “air gap”. Although PLCs have always lacked security controls, including encryption and access controls, these risks were contained since only those with direct access to the network could potentially cause problems. Now that IIoT technologies can connect these unprotected environments to the corporate network or the cloud, PLCs are being exposed to external threats.”
The Threat of War
The development of a so called ‘Red Button’ cyber weapon is one that has been recognized by international security experts. It is well known that both the United Sates and North Korea are engaged in an ever-escalating war of words that shows every sign of further escalation, the initiation of real hostilities and even more worrying, a nuclear exchange. North Korea has been building a cyber army in tandem with increasing its nuclear capabilities. This is a country that is entirely capable (and possesses sufficient motivation) to unleash devastating attacks against its enemy’s critical infrastructure. Russia has also invested significantly in cyber warfare capabilities. Its attacks on Ukraine’s infrastructure, including power generation capacity in 2015 were especially worrying. Many experts believe that these actions were a dry run for even more devastating action.