IT-based defenses are routinely defeated
The continuing trend towards the convergence of IT and OT teams, the convergence of IT and OT business processes and technologies and the interconnectedness of IT and OT networks may all have sound business drivers, but too often the result is unexpectedly vulnerable industrial control system security postures. IT-centric firewalls and anti-virus solutions do a fair job of defending against the pervasive threat of viruses and botnets, but have repeatedly proven inadequate to defend against more sophisticated acts of sabotage.
The stock formula for these “more sophisticated” attacks has become widely known and widely practiced: use spear-phishing to pull malware past corporate firewalls, craft your own bits of low-volume, remote-control malware to defeat anti-virus systems, disguise your communications as legitimate traffic to defeat application-layer firewalls, and defeat security update programs by stealing passwords rather than attacking vulnerabilities. New, advanced data-exfiltration prevention technologies are being deployed to address this class of attack on corporate networks, but data-exfiltration-prevention technology does nothing to prevent the cyber-sabotage of industrial networks.
To date, there has not been a well-documented new-style attack on an industrial control system with the intent of cyber-sabotage. That said though, given the easily-available means for such an attack, it remains only a matter of time before some hacktivist couples these well-known attack techniques and technologies with a malicious motive. IT-style defenses designed to prevent the theft of intellectual property do not address this class of cyber-sabotage threat to worker safety, to public safety and to plant reliability. To maintain effective control of the dangerous and very costly physical infrastructure at industrial sites, owners and operators must do more to address modern cyber-sabotage threats.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.