Industrial control systems (ICS) are the backbone of modern manufacturing and critical infrastructure such as energy production and these systems are attractive targets for cybercriminals. Critical infrastructure and manufacturing capability are often targeted by cyber groups with nation-state support to create strategic geo-political outcomes. Taking control of these systems to inject ransomware or to gain remote control are the criminal’s primary goals. The Colonial Pipeline incident in 2021 is a textbook example of targeting ICS for criminal outcomes. Here's how these attacks are happening and what companies can do to protect themselves:
- ICS systems are designed for reliability and stability, not for security. This makes them vulnerable to cyber attacks, especially those that exploit software vulnerabilities or use social engineering tactics. CSO Online reports that 35% of the 923 CVEs released in the second half of 2022 had no patch or remediation available from the manufacturer.
- Manufacturers of equipment which is managed by ICS controls are typically responsible for providing remote maintenance via VPN or other means. This creates an inherent risk to an organization’s threat surface due to the requirement of allowing 3rd party access to key equipment.
- SCADA is a common protocol for ICS applications and this often requires complex SCADA over IP configurations which can create unintended issues with network segmentation that have security implications.
- Malicious software: Malicious software, such as malware and even hacked legitimate IT tools like RMM are frequently used to “Land and Expand” into a corporate network and then to gain access to ICS infrastructure.
- Phishing: Phishing attacks are still the #1 most common tactic used by cybercriminals to steal login credentials, install malware and gain unauthorized access to ICS systems.
Protecting your company: To protect against these attacks, companies can implement the following security measures:
- Network segmentation and internal firewalls: A critical step to protecting vulnerable ICS infrastructure is to aggressively segment the environment from corporate or external networks. Best Practice firewall implementation and management is key to ensuring segmentation is maintained and traffic is monitored, logged, and Indicators of Compromise (IOCs) are quickly detected.
- Vulnerability Scanning and software updates and patches: Regularly scanning and monitoring ICS-related CVEs, as well as frequently updating and patching software can reduce the risk of exploitation of vulnerabilities. When patches are not available, awareness of known vulnerabilities can at least allow for mitigating controls such as port blocks on the interior firewall and for increased logging and detection. This requires the use of a properly configured SIEM platform.
- Access control: A huge challenge with securing ICS systems is that often the manufacturer is responsible for remote troubleshooting and patch management, requiring 3rd parties to need access to the ICS environment to do this work. Implementing very strict access controls, such as multi-factor authentication, using Least Privileged Access methodologies, can prevent unauthorized access to ICS systems.
- Regular audits of the ICS environment such as frequent penetration tests and account activity to seek out and mitigate network, system, and account level security risks.
- Employee education: Employee education and awareness of cyber threats can help prevent phishing attacks and other social engineering tactics.
- Incident response plan: Having a well-defined incident response plan can help companies quickly respond to and recover from cyber-attacks.
ICS systems are a key target of cyber-attacks, and companies need to take proactive measures to protect themselves. By following best practices, such as network segmentation, software updates, access control, employee education, and incident response planning, companies can reduce the risk of cyber-attacks and maintain the stability and reliability of their ICS systems. Engaging experts at Ballast systems who focus on providing solutions tailored to ICS infrastructure, give the companies layered security solutions to protect highly vulnerable yet business-critical ICS systems.
Modernize, Optimize, Stabilize, and Secure your organization today. Contact us at 813-568-9011, visit our website at https://ballastservices.com, or click on Get In Touch to speak with us today.
